Journal of Physics: Conference

Series

PAPER • OPEN ACCESS You may also like

- Quantitative Sørensen–Dice Indexed
A Survey of Cloud Computing Access Control Damgård–Jurik Cryptosystem For Secured
Data Access Control In Cloud
Technology P Calistabebe and D Akila

- Security label and attribute-based access

control in service-oriented environments
To cite this article: Minghao Wang 2019 J. Phys.: Conf. Ser. 1187 032019 Jingyi Cao, Liang Yin, Menglin Li et al.

- RETRACTED: Research on Decentralized

Access Control in Big Data Environment
Nianzu Liu, Weichen Ma, Danjie Shen et
al.
View the article online for updates and enhancements.

This content was downloaded from IP address 182.253.54.136 on 22/04/2024 at 21:04

ISPECE IOP Publishing
IOP Conf. Series: Journal of Physics: Conf. Series 1187 (2019) 032019 doi:10.1088/1742-6596/1187/3/032019

A Survey of Cloud Computing Access Control Technology

Minghao WANG
Dalian vocational & technical college
116035
Abstract. Cloud computing access control technology originated in the 1970s. The initial goal
of this technology is to meet the requirements of the primary server for data access rights,
identify the identity of the visitor through relevant procedures, and then set access rights based
on the authentication result. And it also committed to protect important data and prevent the
main server from being illegally invaded. With the development of technology, cloud
computing access control technology has been widely used in computer systems, which has
played a good role. This article will briefly discuss cloud computing access control technology
research and present personal insights.

1. Introduction
With the rapid development of network platforms, cloud computing technology is widely used in
computer management systems. At the same time, it also brings various cloud security issues. In order
to solve cloud security problems and protect cloud resources, cloud computing access needs to be set
up the control technology. This article will briefly introduce the basic concepts of cloud computing,
discuss cloud computing security management issues, analyze cloud computing access control
technologies in traditional mode, and discuss about the access control technologies in cloud
environments.

2. Basic Concepts of Cloud Computing

The term cloud computing originated from English Cloud Computing and belongs to a new network
service management model. From a development perspective, as early as the 1960s, American
computer scientist McCarthy (John) proposed the assumption that computing power would be
provided to all users like hydropower resources. This idea became the beginning of cloud computing
[1] . Moreover, McCarthy (John) is a pioneer in the field of artificial intelligence. He designed the
table processing language in 1958 and proposed the concept of processing characteristics of tree
structure (for calculation). These studies are the development of cloud computing technology. It laid
the foundation of theoretical foundation and technical research. Later, scholars in different fields of
research said that the scale of cloud computing is very large, there is no clear boundary, the location is
extremely vague, and it has dynamic stretching characteristics. Amazon, a cloud computing
technology business giant, once defined cloud computing as EC2, the "elastic computing cloud" in
grid computing mode. In addition, in the 21st century network era, the business community is mostly
accustomed to using cloud patterns to represent the network, which is one of the important reasons
why contemporary network computing technology is called "cloud computing technology." It should
be noted that the interpretation of cloud computing in different fields is different. The National
Institute of Technology (NIST) said that cloud computing technology is a paid service model that
meets different needs. This mode mainly provides users with convenient and available professional
networks. The access activity can meet the network information needs of the user, and allows the user

Content from this work may be used under the terms of the Creative Commons Attribution 3.0 licence. Any further distribution
of this work must maintain attribution to the author(s) and the title of the work, journal citation and DOI.
Published under licence by IOP Publishing Ltd 1
ISPECE IOP Publishing
IOP Conf. Series: Journal of Physics: Conf. Series 1187 (2019) 032019 doi:10.1088/1742-6596/1187/3/032019

to enter the computing resource sharing pool through the cloud service interaction (in general, the
internal resources of the computing resource sharing pool mainly include the network, the storage, the
software, the server, and other services). IBM, the IT business giant, believes that cloud computing
technology is a modern consumer delivery model. In the process of consumption and delivery, cloud
computing technology integrates computer technology, information technology and various business
services. Users can choose the procurement mode according to their specific needs, access network
resources, consumer subjects are not only people, but also equipment or programs. Consumer goods
mainly include computing resources, servers, storage capabilities, business services and other
resources.
From the analysis of service structure, cloud computing has three layers of service subsystems. The
first layer is SPI mode. Its English name is Infrastructure as a Service, Iaa S. This mode is mainly used
to provide infrastructure services like host, storage, network and Various hardware services; the second
layer is Paa S, the English full name is Platform as a Service, that is, service platform, such as identity
authentication, service bus, workflow, access control, data mining, etc.; the third layer is Saa S, the full
name of English Software as a Service, namely software services, such as communication services,
mail delivery and content management [2].
From the perspective of technical support system, cloud computing has a key technology, namely
intelligent scheduling technology, which not only can rationally adjust resource dynamics,
comprehensively monitor data, migrate business dynamics, but also has the function of scheduling
large-scale data. Quickly match cloud resources and reduce or increase CPU computing units, cloud
servers, and storage space as needed.
On the other hand, cloud computing technology has seven characteristics: First, the scale is large.
Cloud computing technology can scientifically dispatch cloud resources, integrate massive cloud
resources, and eventually form a large-scale cloud resource pool, thereby continuously strengthening
cloud service capabilities, computing power, and storage capabilities. In addition, cloud services can
provide users with service resources, computing power and storage performance that traditional
computers cannot provide to meet the needs of different users. Second, it needs to be virtualized. In
the information age, users can use the Internet to obtain all valuable cloud resources and use the
corresponding terminals to obtain the required services without locating the specific location of the
hardware architecture and cloud technology. Moreover, cloud technology is specific, but not tangible.
Therefore, it is not limited by geographical location, and it can provide various services to users
through virtualization technology. Third, the reliability is good. The services provided by cloud
computing technology are more reliable than traditional technology service models. In short, cloud
computing technology combines a variety of valuable data and copy fault tolerance technologies with
homogeneous compatibility technologies to back up valuable data and ensure the completeness,
continuity and reliability of stored data. Fourth, it should be multifunctional. Compared with other
features, the versatility of cloud computing technology is not specific to a specific application, but is
reflected in the application of a variety of different service structures, and to ensure that a variety of
applications can be effectively run with the support of the cloud platform. Fifth, the service is flexible.
Cloud computing technology and traditional computer technology services have a significant
difference - cloud computing technology can provide a good flexible service, which is scalable and
fast, meets the user's growth needs, and automatically expands or reduces the size of cloud resources,
it can continuously improve the utilization of cloud resources. Sixth, the convenience is strong.
Seventh, the effectiveness is high. The 21st century cloud computing technology belongs to a
modern network business service model with high centralized management functions, which can
greatly reduce data management costs, improve cloud resource utilization, improve computer
technology operation mode, and assist users to smoothly enter services. The webpage, which saves a
lot of time, experience and cost, shows that cloud computing technology has good effectiveness.

3. Cloud Computing Security Management Issues

From a narrow point of view, the cloud computing security management problem mainly comes from

2
ISPECE IOP Publishing
IOP Conf. Series: Journal of Physics: Conf. Series 1187 (2019) 032019 doi:10.1088/1742-6596/1187/3/032019

the intrusion of network viruses. There are five main features, namely, concealment, contagious,
destructive, stimulating and unpredictable [3]. Among them, concealment means that the presence,
infection and destruction of computer data are not easy to be found; infectivity means that most
network viruses can self-replicate under the corresponding conditions, and the infection speed is very
fast, if it cannot be cleared in a short time. The virus will affect the entire network system; destructive
means that once a virus program is attached to the currently running program, the running program
will be infected, thereby affecting the entire network system, destroying the contents of the disk file,
and illegally deleting the data. Deliberately tampering with files, occupying a large amount of storage
space, resulting in disk formatting and data loss; the essential nature of stimulating is conditional
control. Under normal circumstances, the types of viruses are different, and the excitation conditions
controlled by the outside are also different, but as long as the computer network system environment
can meet the conditions of virus transmission, and the virus program will be further activated,
resulting in a paralysis of the computer network system; the unpredictability mainly means that the
virus spreads much faster than the anti-virus software, in short, There is currently no anti-virus
software that can clear the site. Network virus. From the operation of the virus, computer network
viruses can be divided into three parts: virus boot program, virus infection program and virus disease
program. Among all viruses, Trojan virus is the most common virus file at present. It is different from
the general network virus. This virus does not copy and multiply itself, and does not interfere with
other files, but it will provide open hackers for Trojans. The host's portal, thus arbitrarily destroying
and stealing computer files, passwords, stock accounts, bank accounts, etc., and even remotely
controlling the host being hosted, the Trojan virus is seriously jeopardizing the safe operation of
modern networks. In this regard, it is necessary to set up a perfect protection system and security
password by means of cloud computing technology, to avoid network erosion by viruses, to do
network security monitoring work, thereby continuously improving computer performance, reducing
power configuration, speeding up computer startup speed and running speed, and comprehensively
doing good computer network maintenance work.

4. Cloud Computing Access Control Technology in Traditional Mode

From a macro perspective, there are three kinds of cloud computing access control technologies in the
traditional mode. The first one is Discretionary Access Control, which enables the subject to directly
manage the object, and assists the owner to select the access control requirements. Secondly,
Discretionary Access Control (Discretionary Access Control) has two implementation modes, namely
access control matrix and access control list. The former belongs to a mature and complete control
scheme. The scheme mainly represents the access control strategy through matrix form. Use rows to
represent the subject and columns to represent the object. Table 1 is the list of access control matrices:
Table 1 Access Control Matrix List

It can be seen from Table 1 that the object resources in the access control matrix are controlled by
the subject and are realized by the subject.
An access control list is a permission table in computer storage that is used to express access rights
to individual files and folders. Moreover, the access control list has the right to access the object, and
can specify the specific steps and processes of the subject operation object.
The second type is the Mandatory Access Control Technology System (MAC). The full name of the
English is Mandatory Access Control. This system is mainly used to access user control requirements
and set security fixed policies and management rights for computers. In addition, the core of the
Access Control Technology System (MAC) is to protect the computer information system, avoid data

3
ISPECE IOP Publishing
IOP Conf. Series: Journal of Physics: Conf. Series 1187 (2019) 032019 doi:10.1088/1742-6596/1187/3/032019

leakage, and set the access basis for resources. Moreover, the Mandatory Access Control Technology
System (MAC) sets up security control and "up-write" and "read-down" execution to ensure that the
subject and the object can be safely executed and operated [4].
The third is Role-Based Access Control, which enables organic separation of access subjects and
objects, and builds a Role-Based Access Control model to perform authorized operations through
mapping, strengthen access rights management.

5. Access Control Technology in Cloud Environment

5.1 T-ABAC Model Concept

The basis of the T-ABAC model (Trust and Attribute-Based Access Control) is the ABAC model.
Under the support of the cloud environment, the T-ABAC model mainly uses the ABAC model
method to implement dynamic access control and fine-grained access control. From the microscopic
point of view, the T-ABAC model has many attributes, including subject attributes, object attributes,
trust attributes, action attributes and environment attributes. These attributes can be combined to meet
the fine-grained access requirements in the cloud environment. [5].

5.2 T-ABAC Model Combination

The T-ABAC model combination is divided into three modules, namely user authentication module,
access judgment module and trust evaluation module. The user authentication module is mainly used
to process cloud user identity authentication management services. In the authentication process, cloud
users are used. You must log in to the cloud computing environment to access cloud resources. The
cloud platform will play the role of authentication technology. The user identity is legal or not, and
illegal users are prohibited from accessing resources. The access judgment module is mainly used to
process access requests of cloud users, and provides and restricts access according to the content of the
request. The trust evaluation module is an adjustment to the trust attribute and can enhance the
management of the attribute access mechanism. In addition, the T-ABAC model belongs to the
quintuple, which are S, O, E, A, and T, respectively, where S is the abbreviation of subiect (subject), O
is the object (object), and E is the environment (environment), A On behalf of action, T is the
abbreviation of trust, these five combinations play their respective roles.

5.3 User Behavior Evidence Collection Technology

User behavior evidence collection technology is mainly for cloud user login, access request and access
content records. This technology can regulate user behavior, strengthen access rights management,
prohibit illegal users from accessing confidential information, and maintain the security of computer
systems and data resources.

6. Conclusion
In summary, the new network service management model of cloud computing originated in the 1960s.
With the development of technology, the technology is widely used in various fields to effectively
enhance cloud service capabilities, computing power and storage capabilities. To comprehensively
improve the access control technology in the cloud environment, it is necessary to construct a good
T-ABAC model, refine the combination module, and continuously optimize the user behavior
evidence collection technology.

References
[1]Wang Shulan. Research on attribute-based access control technology in cloud computing [D].
Shenzhen University, 2016 (06:1).
[2] Liu Zhengnan. Research on access control model based on user behavior evaluation in cloud
environment [D]. Northwest A&F University, 2016(05:2).
[3] Feng Lixiao. Research on attribute-based access control method in cloud computing environment

4
ISPECE IOP Publishing
IOP Conf. Series: Journal of Physics: Conf. Series 1187 (2019) 032019 doi:10.1088/1742-6596/1187/3/032019

[D]. Inner Mongolia University of Science and Technology, 2014 (06:3).

[4] Deng Xiaohong. Research on IMS-based cloud computing service access control technology [D].
Northeastern University, 2017 (05:4).
[5] Li Wenxue. Research on access control evaluation technology of cloud computing platform [D].
Harbin Institute of Technology, 2013 (06:5).