Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Distributed Access Control Method for Cloud Computing

An access control and distributed technology, applied in the field of cloud computing security, can solve problems such as attacks and data leakage, and achieve the effect of reducing the burden and avoiding denial of service attacks.

Inactive Publication Date: 2016-09-21
SOUTHEAST UNIV
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005]The second issue is data leakage
[0006] The third issue is the authorization and access control of data files
When multiple cloud servers consult the authorization server at the same time, it will bring a distributed denial of service (DDOS) attack to the authorization server

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Distributed Access Control Method for Cloud Computing
  • A Distributed Access Control Method for Cloud Computing
  • A Distributed Access Control Method for Cloud Computing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] In this embodiment, the stage of role creation and deletion is completed. The purpose of this phase is to: create and delete files and their associated roles. Including but not limited to the following steps (expressed in a table):

[0055]

[0056] The role creation and deletion stages are as follows image 3 shown.

[0057] The steps in Embodiment 1 are described as follows:

[0058] (1) Step 100: Issuer (S represents the collection of all issuers) put ,in ( represents the set of all filenames) is the filename, is the operation type (note that means a file creation operation, file delete operation) to the authorization server AS, and is a 3-bit integer that represents the allowed roles of the file. The definitions are shown in the table below.

[0059]

[0060] (2) Step 102: When receiving , the authorization server AS passes it to the cloud server CS.

[0061] (3) Step 104: When receiving When, the cloud server CS according to the oper...

Embodiment 2

[0064] This embodiment defines the role assignment phase. The purpose of this stage is to realize the assignment of roles to data users. Including but not limited to the following steps (expressed in a table):

[0065]

[0066] The role assignment stages are as follows Figure 4 shown.

[0067] The steps and flow chart in embodiment two are described as follows:

[0068] (1) Step 108: Authorization server AS creates a elliptic curve , then create your own private key (in denotes the residual class ring modulo n), and the corresponding public key . After the creation is successful, the authorization server AS passes the and elliptic curves The parameters of the parameter are sent to the cloud server CS to realize the initialization of the cloud server CS, and then the cloud server CS returns a success value to the authorization server AS.

[0069] (2) Step 110: When the issuer In order to access the file and wish to assign a character When allocating ...

Embodiment 3

[0073] This embodiment defines the access control phase. The purpose of this stage is: to realize the access control to the files on the cloud server CS. Including but not limited to the following steps (expressed in a table):

[0074]

[0075] The stage flow of this embodiment is as follows Figure 5 shown.

[0076] The steps of the stage flow chart in embodiment three are described as follows:

[0077] (1) Step 116: Be a data user want to access the file When , it will form the corresponding notation of the important characteristic parameters Send to the cloud server CS.

[0078] (2) Step 118: The cloud server CS receives the token The pairing function is used for verification to ensure that the role of the data user DU is assigned by the authorization server AS, and then the cloud server CS sends a challenge value to the data user DU.

[0079] (3) Step 120: When the data user DU receives the challenge value, use the hash function to calculate a signature , ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a distributed access control method of cloud computing and belongs to the cloud computing security technical field. The distributed access control method comprises the following steps that: (1) role creation and deletion: the creation and deletion of a file and a role related to the file can be realized through the communication among the three entities of a cloud server (CS), an authorization server (AS) and an issuer; 2) role assignment: the role is assigned to a data user through the communication among the four entities of the issuer, the data user (DU), the cloud server (CS) and the authorization server (AS); and access control: access control on a file on the cloud server (CS) can be realized through the communication between the cloud server (CS) and the data user (DU). According to the distributed access control method of the invention, an access control process is separated from an authorization process, and therefore, the burden of the authorization server (AS) can be decreased, and the attack of distributed denial of service (DDOS) of the authorization server can be avoided.

Description

technical field [0001] The invention relates to a distributed access control method for cloud computing, belonging to the technical field of cloud computing security. Background technique [0002] Nowadays, cloud computing is becoming more and more popular, and data in cloud computing is outsourced to the cloud. Its advantages are obvious: reducing the storage management burden of data owners, universal data access with independent geographic locations, and avoiding capital expenditures such as hardware, software, and personnel maintenance. [0003] However, outsourcing data raises new security concerns listed below. [0004] The first problem is data integrity and data loss. There are a wide range of internal and external threats to data integrity. Examples of data loss include cloud service providers (CSPs) reclaiming storage through discarded data that is not or rarely accessed due to financial reasons, or even concealing data loss events in order to maintain reputatio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/08H04L9/32G06F21/56
Inventor 万长胜周琳
Owner SOUTHEAST UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com