Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Security strategy decomposition and verification system in cloud storage environment

A security strategy and cloud storage technology, applied in transmission systems, electrical components, etc., can solve problems such as single point failure, network congestion, and heavy server load, and achieve the effects of reducing communication overhead, avoiding excessive load, and ensuring convenience

Inactive Publication Date: 2011-08-17
HUAZHONG UNIV OF SCI & TECH
View PDF2 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Although the current cloud storage technology is relatively mature and has been widely used, it is still far from meeting the actual needs of users in terms of security performance.
In the cloud storage environment, the resources uploaded by the data owner may be distributed and deployed on different clouds (servers). When access is frequent and access control decisions are relatively complex, it is very likely that a single server will be overloaded, causing a single point of failure, and may even cause network congestion, trigger performance bottlenecks, and many other problems
At the same time, if the access control policy is simply deployed repeatedly on all server nodes that control resource access without decomposing, any addition, deletion, and modification of the access control policy configuration will cause all copies of the access control policy to be updated synchronously. thereby affecting the performance of the system
[0006] Furthermore, the data access service in the cloud storage environment may be completed by the dynamic combination and cooperation of multiple vertical services. These vertical services may come from different service providers, they belong to different security domains, and have different data formats, storage Access methods and security policies, each service provider needs to process sensitive information in their respective access control policies, so that these sensitive information cannot be shared between services
However, since the policy itself is a combination of all sensitive information of the service providers participating in the dynamic composite service, it is not possible to assign a complete access control policy information to each service participating in the collaboration
[0007] To sum up, the deployment of access control policies in the cloud storage environment will face two major challenges: (1) Improving performance, that is, how to reduce unnecessary computing and network overhead, and improve the efficiency of access control policy implementation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security strategy decomposition and verification system in cloud storage environment
  • Security strategy decomposition and verification system in cloud storage environment
  • Security strategy decomposition and verification system in cloud storage environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] Below in conjunction with accompanying drawing and example the present invention is described in further detail.

[0026] like figure 1 As shown, the functions of the system of the present invention can be divided into: policy decomposition and verification, policy evaluation and background management, the system includes a database 100, a policy decomposition and verification module 200, a policy evaluation module 300, a resource and access control policy adjustment module 400, Sensitive information filtering lexicon management module 500 and audit module 600 .

[0027] The database 100 is used to store the global access control policy for implementing access control by the system, the decomposed policy based on resource distribution characteristics, and the encrypted information on the relationship between policies obtained based on the sensitive information filtering lexicon, and store evaluation information to guide and optimize the strategy decomposition process a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a security strategy decomposition and verification system in a cloud storage environment. The system comprises a database, a strategy decomposition and verification module, a strategy evaluation module, a resource and access control strategy adjusting module, a sensitive information filtering word stock management module and an auditing module, wherein the strategy decomposition and verification module comprises a resource strategy decomposition and verification module and a coordination strategy decomposition and verification module; the coordination strategy decomposition and verification module comprises a coordination strategy decomposition and verification module and a coordination strategy decomposition and optimization module; and the resource and access control strategy adjusting module comprises a resource adjusting module and an access control strategy adjusting module. The system performs decomposition and verification on a security strategy in the cloud storage environment, so that the strategy and resources controlled by the strategy can be stored at a cloud terminal at the same time, and simultaneously, the system ensures that sensitive information in an access control strategy of a service party participating in coordination is not leaked. The system has the characteristics of high security, high execution efficiency and high expansibility.

Description

technical field [0001] The invention belongs to the technical field of computer security, and in particular relates to a security policy decomposition and verification system in a cloud storage environment. It mainly designs and implements the decomposition and verification of the security policy in the cloud storage environment from the perspective of the framework. Background technique [0002] With the development of communication, computer and information technology, in relevant departments such as party and government agencies, enterprises and institutions, finance, national defense and military industry, the amount of information retention and exchange has reached an unprecedented order of magnitude, and the storage system continues to expand. How to achieve PB-level capacity expansion, how to control energy consumption and operation and maintenance costs, how to ensure data security and system availability, and how to simplify daily management work have become urgent ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/08H04L29/06
Inventor 李瑞轩马晓普辜希武李开董勐王伟李玉华文坤梅聂莉
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com