云计算环境下的新型访问控制理论与关键技术研究

项目名称： 云计算环境下的新型访问控制理论与关键技术研究

项目编号： No.61272084

项目类型： 面上项目

立项/批准年度： 2013

项目学科： 自动化技术、计算机技术

项目作者： 杨庚

作者单位： 南京邮电大学

项目金额： 80万元

中文摘要： 意义：基于云计算的应用在逐步延伸，安全问题已引起人们的高度关注，特别是云计算环境的大规模、分布式、虚拟化等特征，使安全显得尤为重要。访问控制作为安全认证和控制的手段，如基于角色的访问控制方法，已经在网络信息系统中得到了广泛应用。但面对云计算环境下的大用户访问数、细粒度的访问控制策略和高安全性等要求，研究新型访问控制方法就显得十分必要，既有理论研究意义，又有实际应用价值。 内容：本项目研究云计算环境下访问控制理论与关键技术，包括：1）研究云计算环境下访问控制的数学理论与模型，研究模型中的要素及其特征，以及相互间的关系；2）研究云计算环境下访问控制模型的策略构建方法，以及策略构建方法的验证。研究访问控制模型间的等价理论，实现与传统基于角色访问控制的兼容性；3）研究云计算环境下具有隐私保护的安全访问控制方法，实现对访问者与访问内容的隐私保护，研究上述访问控制的实现算法与性能分析。

中文关键词： 云计算安全；;信息安全；访问控制；分布式系统；隐私保护

英文摘要： With increasing of cloud computing application, much more attention has been payed to security issue. Particularly, because of the characteristics of cloud computing, such as, large-scale, distributed, and virtualized, security plays an important role in cloud computing. As a means of authentication and control, the access control mechanism, such as RBAC (Role-based Access Control), has been widely applied in network information systems. Because of the large number of user, the fine-grained access control policy and the high security requirement, it is necessary to find out a novel access control mechanism for cloud computing. The objective of this research proposal is to investigate theory and key techniques of access control in cloud computing, including: (1) to establish the mathematical theories and models of access control in cloud computing, to define the key elements in the model and their characteristics, as well as their relationship. (2) to design constructing and validating methods of control policy in the access control model, to set up equivalence between the proposed model and the traditional RBAC, in order to extend compatibility of the proposed model with the traditional RBAC. (3) to propose privacy-preserving access control method in cloud computing in order to protect data about user and access

英文关键词： cloud computing security；information security；access control；distributed system；privacy protection