Research on some theories and key technologies of mixed cloud service security

Research on some theories and key technologies of mixed cloud service security (ph. D. thesis)

Wuhan University Zhu Zhiqiang

On the basis of analyzing the security requirements of cloud authentication and authorization management under the hybrid cloud architecture, this paper studies the cloud identity management and authentication, authorization management model, cloud infrastructure security and so on, in order to improve the security of mixed cloud service. The specific research contents include:

1. The need for user authentication for resource access across the cloud in a hybrid cloud architecture starting from establishing the trust relationship between private cloud based on PKI system, a cloud-oriented user authentication mechanism for hybrid cloud is designed, and the efficiency and security are analyzed, which combines PKI system and bilinear pair-signing system. It satisfies the requirement of the integrity and authenticity protection of the user attribute token in the cross cloud authentication, and realizes the unified user authentication under the hybrid cloud framework.

2. Integrated attribute access control and role-based access control advantages, on the basis of studying the distribution relationship, ownership relationship, inclusion relationship and synthesis relationship of the authorization policy elements in the cross cloud Collaborative application, this paper analyzes the time-state, security level and the trusted environment constraint relation of the permission composition structure, and puts forward a hybrid cloud authorization management model based on the policy synthesis. , the basic relationship and authorization rules of HCAMMPC (Hybrid Cloud Authorization Management model based on Policy) are designed, The strategy synthesis method of the model is given and the relevant conclusions of the model are proved.

3. In view of the existing chain-type metric structure in the cloud computing environment infrastructure based on trusted technology is too simple to carry the problem of measuring demand, a secure extensible Star trust metric structure is proposed, which can meet the large scale demand and provide the basic technology guarantee for the trusted measurement of cloud computing environment. ; In view of the lack of effective validation of the cloud infrastructure construction process, this paper presents a non-interactive remote proof scheme based on TPM constraint, which can provide trusted credentials of cloud platform infrastructure for cloud platform users and establish a credible remote proof mechanism between cloud platform providers and cloud platform users.

Keywords: cloud computing hybrid and so secure trusted computing identity authentication Authorization management

Temp_12071100137600.zip