云存储环境下访问控制机制研究

发布时间：2018-06-03 17:58

本文选题：云存储 + 多层级访问控制　；参考：《国防科学技术大学》2016年硕士论文

【摘要】：随着云计算产业的快速发展,云存储服务也获得了广泛应用,大量数据在云端的聚集,导致云存储安全问题日渐严峻。近年来,各种云端数据泄露引起的社会热点问题层出不穷,云存储的安全已经敲响了警钟。目前通行的云存储安全保障办法是对数据实施加密存储,其关键在于安全密钥算法的选择和访问控制技术的支持。若采用较为严密的保密策略,确实能够带来数据的相对安全。但当数据发生变化,或访问权限更新时,高强度加密算法会直接影响云存储的高效性和便捷性,同时给云存储中心带来更多负担。如果用户层次分布,云文件的跨层级分享将成倍增加系统开销,不利于企业对数据的高效利用,降低了云存储的特有优势。访问控制技术在信息安全的实战中有着重要的地位,但传统的访问控制策略无法满足云计算环境下企业的特定需求。本文提出了一种适用于多层级访问的云存储访问控制机制,该机制充分利用单向函数仅可以单向推导的特点,结合访问控制机制设计的理念,使高安全等级的用户通过单向函数能够较快捷的推导出低安全等级用户的密钥,而反义则不然。当发生跨层级访问时,该机制将大大节省密钥传递的通信开销及云端的运算开销,实现企业用户对云存储文件的多层级访问需求下的高效访问控制。本文在开源云平台openstack上对多层级访问控制机制进行测试,通过在虚拟机上单点部署swift all in one平台,结合国家超级计算天津中心系统部云平台组提供的thcloud_sdk.py进行二次开发,完成对访问控制机制的模拟。所设计的云存储访问控制系统在发生权限撤销时,用户可以根据发布参数,自行推导新密钥,云端也采用代理重加密技术,根据相关参数更新云存储空间的密文数据,群组用户无需重新分发密钥,简单快捷的实现文件访问权限的变更。最后,本文从多角度分析云存储环境下的安全策略问题,对未来云应用进行了展望。
[Abstract]:With the rapid development of cloud computing industry, cloud storage services have also been widely used, a large number of data gathered in the cloud, resulting in cloud storage security problems become increasingly serious. In recent years, various social hot issues caused by cloud data leakage have emerged in endlessly. The security of cloud storage has sounded the alarm bell. The current security method of cloud storage is to encrypt the data. The key lies in the selection of security key algorithm and the support of access control technology. If we adopt a more strict secrecy strategy, we can really bring about the relative security of the data. However, when the data changes or the access rights are updated, the high intensity encryption algorithm will directly affect the efficiency and convenience of cloud storage, and at the same time bring more burden to the cloud storage center. If the user level is distributed the cross-level sharing of cloud files will multiply the system overhead which is not conducive to the efficient use of data by enterprises and reduces the unique advantages of cloud storage. Access control technology plays an important role in the field of information security, but the traditional access control strategy can not meet the specific needs of enterprises in cloud computing environment. This paper presents an access control mechanism for multi-level access in cloud storage. The mechanism makes full use of the unidirectional function can only be derived unidirectional, combined with the concept of access control mechanism design. The user with high security level can derive the key of low security level quickly by one-way function, but the antisense is not. When cross-level access occurs, this mechanism will greatly reduce the communication overhead of key transfer and the overhead of cloud computing, and realize the efficient access control of enterprise users under the requirement of multi-level access to cloud storage files. In this paper, the multi-level access control mechanism is tested on the open source cloud platform openstack. By deploying the swift all in one platform on the virtual machine, and combining with the thcloud_sdk.py provided by the cloud platform group of the National Supercomputing Center system Department in Tianjin, the paper redevelops it. Complete the simulation of access control mechanism. When the access control system of cloud storage is revoked, the user can deduce the new key according to the published parameters. The cloud also adopts proxy reencryption technology to update the ciphertext data of cloud storage space according to the relevant parameters. Group users do not need to redistribute keys, easy and fast file access rights change. Finally, this paper analyzes the security policy in cloud storage environment from many angles, and prospects the cloud application in the future.
【学位授予单位】：国防科学技术大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP333;TP309

【参考文献】