Security strategy decomposition and verification system in cloud storage environment

Abstract

The invention provides a security strategy decomposition and verification system in a cloud storage environment. The system comprises a database, a strategy decomposition and verification module, a strategy evaluation module, a resource and access control strategy adjusting module, a sensitive information filtering word stock management module and an auditing module, wherein the strategy decomposition and verification module comprises a resource strategy decomposition and verification module and a coordination strategy decomposition and verification module; the coordination strategy decomposition and verification module comprises a coordination strategy decomposition and verification module and a coordination strategy decomposition and optimization module; and the resource and access control strategy adjusting module comprises a resource adjusting module and an access control strategy adjusting module. The system performs decomposition and verification on a security strategy in the cloud storage environment, so that the strategy and resources controlled by the strategy can be stored at a cloud terminal at the same time, and simultaneously, the system ensures that sensitive information in an access control strategy of a service party participating in coordination is not leaked. The system has the characteristics of high security, high execution efficiency and high expansibility.

Description

technical field [0001] The invention belongs to the technical field of computer security, and in particular relates to a security policy decomposition and verification system in a cloud storage environment. It mainly designs and implements the decomposition and verification of the security policy in the cloud storage environment from the perspective of the framework. Background technique [0002] With the development of communication, computer and information technology, in relevant departments such as party and government agencies, enterprises and institutions, finance, national defense and military industry, the amount of information retention and exchange has reached an unprecedented order of magnitude, and the storage system continues to expand. How to achieve PB-level capacity expansion, how to control energy consumption and operation and maintenance costs, how to ensure data security and system availability, and how to simplify daily management work have become urgent ...

AI Technical Summary

Problems solved by technology

[0005] Although the current cloud storage technology is relatively mature and has been widely used, it is still far from meeting the actual needs of users in terms of security performance.

In the cloud storage environment, the resources uploaded by the data owner may be distributed and deployed on different clouds (servers). When access is frequent and access control decisions are relatively complex, it is very likely that a single server will be overloaded, causing a single point of failure, and may even cause network congestion, trigger performance bottlenecks, and many other problems

At the same time, if the access control policy is simply deployed repeatedly on all server nodes that control resource access without decomposing, any addition, deletion, and modification of the access control policy configuration will cause all copies of the access control policy to be updated synchronously. thereby affecting the performance of the system

[0006] Furthermore, the data access service in the cloud storage enviro

Images