云计算环境下的访问控制技术研究

发布时间：2018-05-15 17:30

本文选题：云计算 + 访问控制　；参考：《山东师范大学》2014年硕士论文

【摘要】：在当今信息技术产业中，云计算因其服务可计量、按需付费、对客户端设备要求低等诸多便利特点而备受企业以及个人的青睐。随着各大公司在云计算方面的投入加大和人们关注程度的提高，使得云计算成为了一种新兴的商业模式，学术界和产业界也将其视为研究和应用的热点问题。与此同时，云计算在发展过程中所带来的安全问题也逐渐显露出来，虽然未来发展具有非常好的前景，但是云安全问题如果不能够很好的解决，必将成为其长期稳步发展的一大障碍。现如今，人们在云安全方面关注的重点是云服务商能否为合法用户提供安全可靠的服务和用户信息不被泄露等方面，但如何保证用户在访问云服务商的软件和硬件资源的时候，用户行为不会对云计算服务商带来不必要的安全风险也成为了当前云计算环境下迫在眉睫的需求。同时，在可信的云服务商之间如何实现跨安全域的资源信息共享也是应该考虑的问题。访问控制技术在信息安全体系中有举足轻重的作用，但传统的访问控制技术已经远远不能够满足当前动态和复杂多变的云计算环境，本文针对云计算的特点，结合传统的访问控制技术和信任管理技术，提出了一种适合云计算环境下的动态域内的访问控制策略，又针对云安全域间资源共享的访问控制的需要，提出了一种解决不同云安全域之间的角色冲突的访问控制方法。本文主要的研究内容是云计算环境下的访问控制技术，主要工作包括： 1.针对云计算环境的动态性和开放性的特点，在传统的基于信任的访问控制模型的基础上，引入认证、信任阈值的概念，采用二级验证策略，将信任值按等级划分，实现信任值的实时更新，从而根据用户动态的信任值实现对用户的动态授权。 2.将信任等级制的概念引入传统的基于信任的访问控制模型中，使访问控制模型更加灵活，将用户的信任值分级管理，根据用户信任值所处的信任等级来对用户进行授权，从而使用户得到不同级别的服务。 3.针对传统的访问控制模型中授权条件不清晰的缺点，将信任阈值融入访问控制模型中，，只有用户的信任值达到信任阈值，才能达到用户可信的标准，从而授予用户相应的权限，在一定程度上降低了恶意攻击的可能，提高系统的安全性。 4.在跨域的资源共享访问过程中，针对传统的基于角色的访问控制模型中存在的角色冲突问题，给出了一种角色冲突解决算法，能够有效避免因为错误的映射带来的过高或过低的权限授予，解决了用户因为具有过高的权限而给系统带来安全威胁，或者因为用户权限过低而无法满足自身的请求之类的问题。
[Abstract]:In today's information technology industry, cloud computing is favored by enterprises as well as individuals because of its metrological services, on-demand payment, low requirements for client equipment and so on. With the increase of companies' investment in cloud computing and the improvement of people's attention, cloud computing has become a new business model, which is also regarded as a hot issue in research and application in academia and industry. At the same time, the security problems brought by cloud computing in the process of development are gradually revealed. Although the future development has a very good prospect, but if the cloud security problems can not be solved very well, Will become its long-term steady development of a major obstacle. Nowadays, the focus of people's attention on cloud security is whether cloud service providers can provide safe and reliable services to legitimate users and whether user information will not be leaked. However, how to ensure that users can access the software and hardware resources of cloud service providers, User behavior does not bring unnecessary security risks to cloud computing service providers and becomes an urgent need in the current cloud computing environment. At the same time, how to realize resource information sharing across secure domains among trusted cloud service providers should be considered. Access control technology plays an important role in the information security system, but the traditional access control technology can not meet the current dynamic and complex cloud computing environment. Combined with traditional access control technology and trust management technology, this paper proposes an access control strategy in dynamic domain suitable for cloud computing environment, and aims at the need of resource sharing access control among cloud security domains. This paper presents an access control method to solve the role conflict between different cloud security domains. The main research content of this paper is access control technology in cloud computing environment. The main work includes: 1. In view of the dynamic and open characteristics of cloud computing environment, based on the traditional trust-based access control model, the concepts of authentication and trust threshold are introduced, and the second-level verification strategy is adopted to divide the trust value into different levels. The trust value is updated in real time, and the dynamic authorization is realized according to the user's dynamic trust value. 2. The concept of trust hierarchy is introduced into the traditional access control model based on trust, which makes the access control model more flexible. The trust value of the user is managed in a hierarchical manner, and the user is authorized according to the trust level in which the user trust value is located. So that users get different levels of service. 3. Because the authorization condition is not clear in the traditional access control model, the trust threshold is integrated into the access control model. Only when the trust value of the user reaches the trust threshold, can the user trust standard be reached, and the corresponding authority can be granted to the user. To some extent, it reduces the possibility of malicious attack and improves the security of the system. 4. In the process of cross-domain resource sharing access, a role conflict resolution algorithm is proposed to solve the role conflict problem in the traditional role-based access control model. It can effectively avoid too high or too low permission grant because of the wrong mapping, which solves the security threat to the system caused by the user having too high permission. Or because the user rights are too low to meet their own request or the like.
【学位授予单位】：山东师范大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】