本文選題：云存儲 + 多層級訪問控制��； 參考：《國防科學技術大學》2016年碩士論文

【摘要】：隨著云計算產業(yè)的快速發(fā)展,云存儲服務也獲得了廣泛應用,大量數(shù)據在云端的聚集,導致云存儲安全問題日漸嚴峻。近年來,各種云端數(shù)據泄露引起的社會熱點問題層出不窮,云存儲的安全已經敲響了警鐘。目前通行的云存儲安全保障辦法是對數(shù)據實施加密存儲,其關鍵在于安全密鑰算法的選擇和訪問控制技術的支持。若采用較為嚴密的保密策略,確實能夠帶來數(shù)據的相對安全。但當數(shù)據發(fā)生變化,或訪問權限更新時,高強度加密算法會直接影響云存儲的高效性和便捷性,同時給云存儲中心帶來更多負擔。如果用戶層次分布,云文件的跨層級分享將成倍增加系統(tǒng)開銷,不利于企業(yè)對數(shù)據的高效利用,降低了云存儲的特有優(yōu)勢。訪問控制技術在信息安全的實戰(zhàn)中有著重要的地位,但傳統(tǒng)的訪問控制策略無法滿足云計算環(huán)境下企業(yè)的特定需求。本文提出了一種適用于多層級訪問的云存儲訪問控制機制,該機制充分利用單向函數(shù)僅可以單向推導的特點,結合訪問控制機制設計的理念,使高安全等級的用戶通過單向函數(shù)能夠較快捷的推導出低安全等級用戶的密鑰,而反義則不然。當發(fā)生跨層級訪問時,該機制將大大節(jié)省密鑰傳遞的通信開銷及云端的運算開銷,實現(xiàn)企業(yè)用戶對云存儲文件的多層級訪問需求下的高效訪問控制。本文在開源云平臺openstack上對多層級訪問控制機制進行測試,通過在虛擬機上單點部署swift all in one平臺,結合國家超級計算天津中心系統(tǒng)部云平臺組提供的thcloud_sdk.py進行二次開發(fā),完成對訪問控制機制的模擬。所設計的云存儲訪問控制系統(tǒng)在發(fā)生權限撤銷時,用戶可以根據發(fā)布參數(shù),自行推導新密鑰,云端也采用代理重加密技術,根據相關參數(shù)更新云存儲空間的密文數(shù)據,群組用戶無需重新分發(fā)密鑰,簡單快捷的實現(xiàn)文件訪問權限的變更。最后,本文從多角度分析云存儲環(huán)境下的安全策略問題,對未來云應用進行了展望。
[Abstract]:With the rapid development of cloud computing industry, cloud storage services have also been widely used, a large number of data gathered in the cloud, resulting in cloud storage security problems become increasingly serious. In recent years, various social hot issues caused by cloud data leakage have emerged in endlessly. The security of cloud storage has sounded the alarm bell. The current security method of cloud storage is to encrypt the data. The key lies in the selection of security key algorithm and the support of access control technology. If we adopt a more strict secrecy strategy, we can really bring about the relative security of the data. However, when the data changes or the access rights are updated, the high intensity encryption algorithm will directly affect the efficiency and convenience of cloud storage, and at the same time bring more burden to the cloud storage center. If the user level is distributed the cross-level sharing of cloud files will multiply the system overhead which is not conducive to the efficient use of data by enterprises and reduces the unique advantages of cloud storage. Access control technology plays an important role in the field of information security, but the traditional access control strategy can not meet the specific needs of enterprises in cloud computing environment. This paper presents an access control mechanism for multi-level access in cloud storage. The mechanism makes full use of the unidirectional function can only be derived unidirectional, combined with the concept of access control mechanism design. The user with high security level can derive the key of low security level quickly by one-way function, but the antisense is not. When cross-level access occurs, this mechanism will greatly reduce the communication overhead of key transfer and the overhead of cloud computing, and realize the efficient access control of enterprise users under the requirement of multi-level access to cloud storage files. In this paper, the multi-level access control mechanism is tested on the open source cloud platform openstack. By deploying the swift all in one platform on the virtual machine, and combining with the thcloud_sdk.py provided by the cloud platform group of the National Supercomputing Center system Department in Tianjin, the paper redevelops it. Complete the simulation of access control mechanism. When the access control system of cloud storage is revoked, the user can deduce the new key according to the published parameters. The cloud also adopts proxy reencryption technology to update the ciphertext data of cloud storage space according to the relevant parameters. Group users do not need to redistribute keys, easy and fast file access rights change. Finally, this paper analyzes the security policy in cloud storage environment from many angles, and prospects the cloud application in the future.
【學位授予單位】：國防科學技術大學
【學位級別】：碩士
【學位授予年份】：2016
【分類號】：TP333;TP309

【參考文獻】

相關期刊論文 前5條

1 霍亮;羅軍;王鑫龍;;云存儲環(huán)境下基于密鑰的多級安全訪問控制機制研究[J];網絡安全技術與應用;2015年11期

2 王于丁;楊家海;徐聰;凌曉;楊洋;;云計算訪問控制技術研究綜述[J];軟件學報;2015年05期

3 馮朝勝;秦志光;袁丁;卿昱;;云計算環(huán)境下訪問控制關鍵技術[J];電子學報;2015年02期

4 李暉;孫文海;李鳳華;王博洋;;公共云存儲服務數(shù)據安全及隱私保護技術綜述[J];計算機研究與發(fā)展;2014年07期

5 李鳳華;蘇斢;史國振;馬建峰;;訪問控制模型研究進展及發(fā)展趨勢[J];電子學報;2012年04期

相關碩士學位論文 前1條

1 王巖;基于多授權密文策略屬性加密的云存儲安全系統(tǒng)研究[D];國防科學技術大學;2013年

，

本文編號：1973681