本文選題：云計算 + 訪問控制�。� 參考：《山東師范大學》2014年碩士論文

【摘要】：在當今信息技術產(chǎn)業(yè)中，云計算因其服務可計量、按需付費、對客戶端設備要求低等諸多便利特點而備受企業(yè)以及個人的青睞。隨著各大公司在云計算方面的投入加大和人們關注程度的提高，使得云計算成為了一種新興的商業(yè)模式，學術界和產(chǎn)業(yè)界也將其視為研究和應用的熱點問題。與此同時，云計算在發(fā)展過程中所帶來的安全問題也逐漸顯露出來，雖然未來發(fā)展具有非常好的前景，但是云安全問題如果不能夠很好的解決，必將成為其長期穩(wěn)步發(fā)展的一大障礙。現(xiàn)如今，人們在云安全方面關注的重點是云服務商能否為合法用戶提供安全可靠的服務和用戶信息不被泄露等方面，但如何保證用戶在訪問云服務商的軟件和硬件資源的時候，用戶行為不會對云計算服務商帶來不必要的安全風險也成為了當前云計算環(huán)境下迫在眉睫的需求。同時，在可信的云服務商之間如何實現(xiàn)跨安全域的資源信息共享也是應該考慮的問題。 訪問控制技術在信息安全體系中有舉足輕重的作用，但傳統(tǒng)的訪問控制技術已經(jīng)遠遠不能夠滿足當前動態(tài)和復雜多變的云計算環(huán)境，本文針對云計算的特點，結合傳統(tǒng)的訪問控制技術和信任管理技術，提出了一種適合云計算環(huán)境下的動態(tài)域內(nèi)的訪問控制策略，又針對云安全域間資源共享的訪問控制的需要，提出了一種解決不同云安全域之間的角色沖突的訪問控制方法。 本文主要的研究內(nèi)容是云計算環(huán)境下的訪問控制技術，主要工作包括： 1.針對云計算環(huán)境的動態(tài)性和開放性的特點，在傳統(tǒng)的基于信任的訪問控制模型的基礎上，引入認證、信任閾值的概念，采用二級驗證策略，將信任值按等級劃分，實現(xiàn)信任值的實時更新，從而根據(jù)用戶動態(tài)的信任值實現(xiàn)對用戶的動態(tài)授權。 2.將信任等級制的概念引入傳統(tǒng)的基于信任的訪問控制模型中，使訪問控制模型更加靈活，將用戶的信任值分級管理，根據(jù)用戶信任值所處的信任等級來對用戶進行授權，從而使用戶得到不同級別的服務。 3.針對傳統(tǒng)的訪問控制模型中授權條件不清晰的缺點，將信任閾值融入訪問控制模型中，，只有用戶的信任值達到信任閾值，才能達到用戶可信的標準，從而授予用戶相應的權限，在一定程度上降低了惡意攻擊的可能，提高系統(tǒng)的安全性。 4.在跨域的資源共享訪問過程中，針對傳統(tǒng)的基于角色的訪問控制模型中存在的角色沖突問題，給出了一種角色沖突解決算法，能夠有效避免因為錯誤的映射帶來的過高或過低的權限授予，解決了用戶因為具有過高的權限而給系統(tǒng)帶來安全威脅，或者因為用戶權限過低而無法滿足自身的請求之類的問題。
[Abstract]:In today's information technology industry, cloud computing is favored by enterprises as well as individuals because of its metrological services, on-demand payment, low requirements for client equipment and so on. With the increase of companies' investment in cloud computing and the improvement of people's attention, cloud computing has become a new business model, which is also regarded as a hot issue in research and application in academia and industry. At the same time, the security problems brought by cloud computing in the process of development are gradually revealed. Although the future development has a very good prospect, but if the cloud security problems can not be solved very well, Will become its long-term steady development of a major obstacle. Nowadays, the focus of people's attention on cloud security is whether cloud service providers can provide safe and reliable services to legitimate users and whether user information will not be leaked. However, how to ensure that users can access the software and hardware resources of cloud service providers, User behavior does not bring unnecessary security risks to cloud computing service providers and becomes an urgent need in the current cloud computing environment. At the same time, how to realize resource information sharing across secure domains among trusted cloud service providers should be considered. Access control technology plays an important role in the information security system, but the traditional access control technology can not meet the current dynamic and complex cloud computing environment. Combined with traditional access control technology and trust management technology, this paper proposes an access control strategy in dynamic domain suitable for cloud computing environment, and aims at the need of resource sharing access control among cloud security domains. This paper presents an access control method to solve the role conflict between different cloud security domains. The main research content of this paper is access control technology in cloud computing environment. The main work includes: 1. In view of the dynamic and open characteristics of cloud computing environment, based on the traditional trust-based access control model, the concepts of authentication and trust threshold are introduced, and the second-level verification strategy is adopted to divide the trust value into different levels. The trust value is updated in real time, and the dynamic authorization is realized according to the user's dynamic trust value. 2. The concept of trust hierarchy is introduced into the traditional access control model based on trust, which makes the access control model more flexible. The trust value of the user is managed in a hierarchical manner, and the user is authorized according to the trust level in which the user trust value is located. So that users get different levels of service. 3. Because the authorization condition is not clear in the traditional access control model, the trust threshold is integrated into the access control model. Only when the trust value of the user reaches the trust threshold, can the user trust standard be reached, and the corresponding authority can be granted to the user. To some extent, it reduces the possibility of malicious attack and improves the security of the system. 4. In the process of cross-domain resource sharing access, a role conflict resolution algorithm is proposed to solve the role conflict problem in the traditional role-based access control model. It can effectively avoid too high or too low permission grant because of the wrong mapping, which solves the security threat to the system caused by the user having too high permission. Or because the user rights are too low to meet their own request or the like.
【學位授予單位】：山東師范大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前10條

1 董曉霞;呂廷杰;;云計算研究綜述及未來發(fā)展[J];北京郵電大學學報(社會科學版);2010年05期

2 張云勇;陳清金;潘松柏;魏進武;;云計算安全關鍵技術分析[J];電信科學;2010年09期

3 房秉毅;張云勇;程瑩;徐雷;;云計算國內(nèi)外發(fā)展現(xiàn)狀分析[J];電信科學;2010年S1期

4 王玉橋;常朝穩(wěn);劉晨;付曉青;;基于可信度的訪問控制模型的設計與分析[J];計算機安全;2009年09期

5 李鳳華;王巍;馬建峰;梁曉艷;;基于行為的訪問控制模型及其行為管理[J];電子學報;2008年10期

6 王小明;付紅;張立臣;;基于屬性的訪問控制研究進展[J];電子學報;2010年07期

7 余侃;;云計算時代的數(shù)據(jù)中心建設與發(fā)展[J];信息通信;2011年06期

8 陳穎;楊壽保;郭磊濤;申凱;;網(wǎng)格環(huán)境下的一種動態(tài)跨域訪問控制策略[J];計算機研究與發(fā)展;2006年11期

9 何永忠;李曉峰;馮登國;;RBAC實施中國墻策略及其變種的研究[J];計算機研究與發(fā)展;2007年04期

10 張大朋;蔡克;張敏;徐震;;云計算數(shù)據(jù)安全支撐平臺架構研究[J];計算機研究與發(fā)展;2011年S3期

本文編號：1893251