【摘要】：云計(jì)算技術(shù)的迅速發(fā)展使得在其基礎(chǔ)上發(fā)展出來(lái)的云存儲(chǔ)服務(wù)也逐漸應(yīng)用于各行各業(yè)。云存儲(chǔ)在互聯(lián)網(wǎng)下實(shí)現(xiàn)了協(xié)同工作和信息共享,同時(shí),用戶(hù)和資源的數(shù)量也是巨大的且在動(dòng)態(tài)變化。因此,構(gòu)建一個(gè)能夠適應(yīng)云存儲(chǔ)環(huán)境的訪(fǎng)問(wèn)控制策略是非常有必要的。以往的訪(fǎng)問(wèn)控制模型都是針對(duì)靜態(tài)環(huán)境設(shè)計(jì)的,但在云存儲(chǔ)環(huán)境下,網(wǎng)絡(luò)環(huán)境相較而言規(guī)模更大并處于動(dòng)態(tài)變化中,這些訪(fǎng)問(wèn)控制模型很難適應(yīng)這樣的環(huán)境�；诮巧脑L(fǎng)問(wèn)控制模型在當(dāng)系統(tǒng)用戶(hù)的數(shù)目變得異常龐大的時(shí)候,用戶(hù)角色的分配和管理會(huì)變得十分復(fù)雜而且繁瑣,而基于屬性的訪(fǎng)問(wèn)控制建立在分布式的環(huán)境下,可以很好地彌補(bǔ)這個(gè)不足。因此,本文將兩種訪(fǎng)問(wèn)控制進(jìn)行了有效的結(jié)合,即根據(jù)用戶(hù)、資源以及環(huán)境的屬性來(lái)自動(dòng)為用戶(hù)分配角色,從而避免了手工分配的復(fù)雜工作,并且根據(jù)這個(gè)模型設(shè)計(jì)并實(shí)現(xiàn)了一個(gè)權(quán)限管理系統(tǒng)。本文的主要工作如下： 首先,本文介紹了云存儲(chǔ)技術(shù)和訪(fǎng)問(wèn)控制技術(shù)的相關(guān)知識(shí),在對(duì)各種訪(fǎng)問(wèn)控制模型以及云存儲(chǔ)特點(diǎn)進(jìn)行分析的基礎(chǔ)上,通過(guò)與傳統(tǒng)的訪(fǎng)問(wèn)控制模型的比較,得出基于屬性訪(fǎng)問(wèn)控制和基于角色訪(fǎng)問(wèn)控制的優(yōu)勢(shì)以及二者的不足之處。 其次,本文使用了一種將基于角色訪(fǎng)問(wèn)控制和基于屬性訪(fǎng)問(wèn)控制相結(jié)合的模型,詳細(xì)描述了該模型的結(jié)構(gòu)以及模塊的設(shè)計(jì),并根據(jù)所要實(shí)現(xiàn)的系統(tǒng)需求,對(duì)所設(shè)計(jì)的模型進(jìn)行了簡(jiǎn)化。 最后,根據(jù)系統(tǒng)的需求,在所設(shè)計(jì)的訪(fǎng)問(wèn)控制模型的基礎(chǔ)上,設(shè)計(jì)了一種與之相適應(yīng)的策略方案,并根據(jù)該策略方案,設(shè)計(jì)并最終實(shí)現(xiàn)了一個(gè)適用于云存儲(chǔ)服務(wù)的權(quán)限管理系統(tǒng)。
[Abstract]:With the rapid development of cloud computing technology, cloud storage services based on cloud computing technology are gradually applied to various industries. Cloud storage realizes cooperative work and information sharing under the Internet. At the same time, the number of users and resources is huge and dynamic. Therefore, it is necessary to construct an access control strategy that can adapt to cloud storage environment. Previous access control models were designed for static environment, but in cloud storage environment, the network environment is larger and is in dynamic change, these access control models are difficult to adapt to such an environment. When the number of users in the system becomes very large, the assignment and management of user roles become very complicated and cumbersome, while the attribute-based access control is established in a distributed environment. This deficiency can be made up well. Therefore, this paper combines the two kinds of access control effectively, that is, according to the attribute of user, resource and environment to assign the role automatically to the user, thus avoiding the complicated work of manual assignment. According to this model, a privilege management system is designed and implemented. The main work of this paper is as follows: firstly, this paper introduces the related knowledge of cloud storage technology and access control technology, based on the analysis of various access control models and the characteristics of cloud storage. By comparing with the traditional access control model, the advantages and disadvantages of attribute based access control and role based access control are obtained. Secondly, this paper uses a model which combines role-based access control and attribute-based access control, describes the structure of the model and the design of the module in detail, and according to the system requirements, The designed model is simplified. Finally, according to the requirements of the system and on the basis of the designed access control model, a suitable policy scheme is designed, and according to the policy scheme, Finally, a privilege management system for cloud storage service is designed and implemented.
【學(xué)位授予單位】：華北電力大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.07

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 王瑰琦;;淺談云存儲(chǔ)技術(shù)的應(yīng)用[J];電子制作;2013年06期

2 沈昌祥;張煥國(guó);馮登國(guó);曹珍富;黃繼武;;信息安全綜述[J];中國(guó)科學(xué)(E輯:信息科學(xué));2007年02期

3 丁仲,左春;用于RBAC權(quán)限管理的面向?qū)ο罂蚣躘J];計(jì)算機(jī)工程與應(yīng)用;2005年17期

4 顏學(xué)雄;馬恒太;王清賢;李鵬飛;;基于屬性樹(shù)的Web服務(wù)訪(fǎng)問(wèn)控制模型[J];計(jì)算機(jī)工程與應(yīng)用;2008年06期

5 梁彬 ,孫玉芳 ,石文昌 ,孫波;一種改進(jìn)的以基于角色的訪(fǎng)問(wèn)控制實(shí)施BLP模型及其變種的方法[J];計(jì)算機(jī)學(xué)報(bào);2004年05期

6 郭瑋,茅兵,謝立;強(qiáng)制訪(fǎng)問(wèn)控制MAC的設(shè)計(jì)及實(shí)現(xiàn)[J];計(jì)算機(jī)應(yīng)用與軟件;2004年03期

7 封富君;李俊山;;新型網(wǎng)絡(luò)環(huán)境下的訪(fǎng)問(wèn)控制技術(shù)[J];軟件學(xué)報(bào);2007年04期

8 張海娟;付爭(zhēng)方;羅琴;吳茜;;強(qiáng)制訪(fǎng)問(wèn)控制模型研究與實(shí)現(xiàn)[J];計(jì)算機(jī)工程與設(shè)計(jì);2008年03期

9 徐迪威;;云計(jì)算關(guān)鍵技術(shù)探究[J];現(xiàn)代計(jì)算機(jī)(專(zhuān)業(yè)版);2010年07期

10 徐國(guó)蘭;;云存儲(chǔ)在數(shù)字圖書(shū)館應(yīng)用中的安全與防范研究[J];現(xiàn)代情報(bào);2012年04期

相關(guān)博士學(xué)位論文 前2條

1 石莎;移動(dòng)互聯(lián)網(wǎng)絡(luò)安全認(rèn)證及安全應(yīng)用中若干關(guān)鍵技術(shù)研究[D];北京郵電大學(xué);2012年

2 徐楊;空間數(shù)據(jù)訪(fǎng)問(wèn)控制關(guān)鍵技術(shù)研究[D];解放軍信息工程大學(xué);2012年

，

本文編號(hào)：2257116