Cloud storage fine grit access control method and data uploading and data accessing method

Abstract

The invention provides a cloud storage fine grit access control method. The method is compatible to access control of a Hadoop assembly in a Plugin way and access control is performed through a central authorization server. Requests intercepted and sent to the central authorization server from the Plugins are accessed to a strategy engine by accessing a binding layer. Authority strategies are encrypted/decrypted through a strategy encryption/decryption layer, finally, through an engine background, storage and reading of the authority strategies are finished, and the storage form is authority encryption ciphers. The decrypted authority strategies are analyzed by the strategy engine, and authorities which can be identified by each Plugin are obtained through the analysis and returned to thecorresponding Plugins. Verification of the authorities is finished by the Plugins and whether user requests of this time are permitted is judged through the Plugins. According to the invention, by introducing autonomous access control, access control authorization of data by a data uploader is achieved; and by introducing a method based on attribute-based encryption, self-description of an accesscontrol structure is performed through attribute labels of data.

Description

technical field [0001] The invention relates to the technical field of cloud storage, in particular to an access control method for cloud storage. Background technique [0002] In recent years, with the rapid development of cloud computing and big data technology, it has brought tremendous changes to society. With the acceleration of network bandwidth and the advent of the mobile Internet era, end users are becoming more and more accustomed to uploading data to the cloud to prevent data loss; due to the high cost of self-built clusters, small and medium-sized enterprises are also increasingly using enterprise clouds (such as Alibaba Cloud, Tencent Cloud); even large enterprises will choose to migrate data to the cloud due to the lack of experience in big data storage and the good service of enterprise cloud. However, after the data is handed over to a "third party" for management, it will bring about data privacy and security issues. Hadoop and its related components are o...

AI Technical Summary

Problems solved by technology

[0007] The purpose of the present invention is to overcome the deficiencies in the prior art, provide a fine-grained access control method for cloud storage, solve the difficulties in authorization management of the mandatory access control model, and realize the access control of data uploaders to data by introducing autonomous access control Authorization; In addition, in view of the defects of the traditional RBAC model, the method based on attribute-based encryption is introduced to realize the self-description of the access control structure through the attribute label of the data, and to meet the fine-grained access control requirements

Images