计算机科学 ›› 2014, Vol. 41 ›› Issue (10): 144-148.doi: 10.11896/j.issn.1002-137X.2014.10.033

• 网络与通信 • 上一篇    下一篇

基于信任的云计算身份管理模型设计与实现

李丙戌,吴礼发,周振吉,李华波   

  1. 解放军理工大学指挥信息系统学院 南京210007;解放军理工大学指挥信息系统学院 南京210007;解放军理工大学指挥信息系统学院 南京210007;解放军理工大学指挥信息系统学院 南京210007
  • 出版日期:2018-11-14 发布日期:2018-11-14
  • 基金资助:
    本文受江苏省自然科学基金项目(BK20131069)资助

Design and Implementation of Trust-based Identity Management Model for Cloud Computing

LI Bing-xu,WU Li-fa,ZHOU Zhen-ji and LI Hua-bo   

  • Online:2018-11-14 Published:2018-11-14

摘要: 随着云计算的发展,身份管理问题已经引起业界高度关注。基于群签名的身份认证机制保证了云服务提供者不能通过外包的数据回溯用户的身份信息,并广泛应用于云计算环境的身份管理中,但它无法阻止恶意用户对云服务的非法访问。针对此不足,改进了现有的身份管理模型,将信任管理与群签名机制相结合,设计了基于信任的身份管理模型。本模型首先计算用户信任度并将其作为群签名分组的依据,再利用群签名机制实现用户认证,在应用中既能保证用户隐私,又能帮助云计算提供者保护资源。实验结果表明,本模型能有效识别恶意用户,帮助云服务提供者阻止恶意用户对资源的访问。

关键词: 信任管理,群签名,身份管理,云计算

Abstract: With the development of cloud computing,identity management issues of cloud computing have attracted great attention.Being widely used in cloud identity management,the identity authentication mechanism based on group signature guarantees that the cloud service provider cannot backtrack users’ identity information through outsourcing data,but it cannot prevent a malicious user from accessing cloud services.To solve the problem,the paper designed an identity management model by integrating trust management with group signature mechanism.The model calculates the user’s trustworthiness firstly,and then divides the users into groups according to the trustworthiness.At last,using the group signature mechanism,our model implements the authentication,which not only ensures user privacy in cloud but also helps the cloud providers to protect cloud services.Experiments show that the model can identify the malicious users effectively,and help the cloud service providers to prevent a malicious user from getting access to cloud services.

Key words: Trust management,Group signature,Identity management,Cloud computing

[1] CSA.Cloud computing Architectural Framework[EB/OL].Https://wiki.cloudsecurityalliance.org/guidance/index.php/Cloud_Computing_Architectural_Framework,2011-01-11
[2] 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83
[3] Olden E.Architecting a Cloud-Scale Identity Fabric[J].IEEE Computer,2011,44(3):52-59
[4] Bertino E,Paci F,Ferrini R.Privacy-preserving Digital Identity Management for Cloud Computing[J].IEEE Date Engineering,Bulletin,2009,32(1):21-27
[5] Chow S S M,He Y J,Hui L C K,et al.SPICE-Simple Privacy-Preserving Identity-Management for Cloud Environment[C]∥Applied Cryptography and Network Security.Springer Berlin Heidelberg,2012:526-543
[6] Angin P,Bhargava B,Ranchal R,et al.An entity-centric ap-proach for privacy and identity management in cloud computing[C]∥2010 29th IEEE Symposium on Reliable Distributed Systems.IEEE,2010:177-183
[7] Govinda K,Sathiyamoorthy E.Identity anonymization and se-cure data storage using group signature in private cloud[J].Procedia Technology,2012,4:495-499
[8] Tian L,Lin C,Ni Y.Evaluation of user behavior trust in cloud computing[C]∥2010 International Conference on Computer Application and System Modeling (ICCASM).IEEE,2010,7:V7-567-V7-572
[9] Xiong J,Yao Z,Ma J,et al.PRAM:privacy preserving access management scheme in cloud services[C]∥Proceedings of the 2013 International Workshop on Security in Cloud Computing.ACM,2013:41-46
[10] Blaze M,Feigenbaum J,Lacy J.Decentralized trust management[C]∥1996 IEEE Symposium on Security and Privacy. IEEE,1996:164-173
[11] 李永军,代亚非.对等网络信任机制研究[J].计算机学报,2010,33(3):390-405
[12] Kamvar S D,Schlosser M T,Garcia-Molina H.The eigentrust algorithm for reputation management in p2p networks[C]∥Proceedings of the 12th international conference on World Wide Web.ACM,2003:640-651
[13] Li Xiong,Liu Ling.PeerTrust:A Trust Mechanism for an Open Peer-to-Peer Information System[J].IEEE Transactions on Knowledge Data Engineering,2004,16(7):843-857
[14] Zhou Run-fang,Huang Kai.PowerTrust:A Robust and Scalable Reputation System for Trusted Peer-to-Peer Computing[J].IEEE Transactions on Parllel and Distributed Systems,2007,18(4):460-473
[15] 程小刚,王箭,杜吉祥.群签名综述[J].计算机应用研究,2013,30
[16] Ateniese G,Camenisch J,Joye M,et al.A practical and provably secure coalition-resistant group signature scheme[C]∥Advances in Cryptology—CRYPTO 2000.Springer Berlin Heidelberg,2000:255-270
[17] 陈泽文,王继林,黄继武,等.ACJT群签名方案中成员撤销的高效实现[J].软件学报,2005,16(1):151-157
[18] Calheiros R N,Rajiv R,Anton B,et al.CloudSim a Toolkit for Modeling and Simulation of Cloud Computing Environments and Evaluation of Resource Provisioning Algorithms[J].Software-Practice and Experience,2011,41(1):23-50

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!