CN106446716A - Cloud storage safety management device - Google Patents
Cloud storage safety management device Download PDFInfo
- Publication number
- CN106446716A CN106446716A CN201610897883.XA CN201610897883A CN106446716A CN 106446716 A CN106446716 A CN 106446716A CN 201610897883 A CN201610897883 A CN 201610897883A CN 106446716 A CN106446716 A CN 106446716A
- Authority
- CN
- China
- Prior art keywords
- cloud storage
- access request
- management module
- user
- role
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cloud storage safety management device. The cloud storage safety management device comprises a character verification module for receiving a user access request, judging character information carried in the user access request, sending the user access request to a system management module if the character information is a system administrator character, sending the user access request to a safety management module if the character information is a safety administrator character and sending the user access request to an audit management module if the character information is an audit administrator character, the system management module for receiving the user access request and managing a user in a cloud storage system, the safety management module for receiving the user access request and managing an access permission in the cloud storage system, the audit management module for receiving the user access request and auditing and checking a user operation behavior in the cloud storage system and a resource access module. The cloud storage safety management device ensures the data safety of the cloud storage system.
Description
Technical field
The present invention relates to cloud storage technical field, more particularly to a kind of cloud storage security control apparatus.
Background technology
At present, cloud computing is gradually approved by industry, and cloud storage system is gradually risen in social production and sphere of life
Arrive more and more important effect.In cloud storage system, efficient, the safety of data access is to weigh a cloud storage system vigorousness
Key criterion with stability.Cloud storage system often has that access control degree is on the weak side, over-concentration of power, leads
Cause to ensure the data safety of cloud storage system well.
Therefore, how to ensure that the data safety in cloud storage system is problem demanding prompt solution.
Content of the invention
It is an object of the invention to provide a kind of cloud storage security control apparatus, to realize ensureing the data peace of cloud storage system
Entirely.
For solving above-mentioned technical problem, the present invention provides a kind of cloud storage security control apparatus, and the device includes:
Role's authentication module, for receive user access request, to the Role Information for being carried in the user access request
Judged, if the Role Information is system manager role, the user access request to be sent to system management module,
If the Role Information is safety officer role, the user access request to be sent to safety management module, if the angle
Color information is audit administrator role, and the user access request is sent to audit management module,
The system management module, for receiving the user access request, enters line pipe to the user in cloud storage system
Reason;
Access rights in cloud storage system, for receiving the user access request, are entered by the safety management module
Line pipe is managed;
The audit management module, for receiving the user access request, to the user operation row in cloud storage system
For being audited and being checked;
Data in cloud stocking system, for executing the user access request, are conducted interviews by resource access module.
Preferably, the resource access module is additionally operable to read the data in cloud stocking system.
Preferably, the system management module is used for receiving the user access request, to the user in cloud storage system
Carry out newly-built, modification or delete.
Preferably, the access rights are the authority of the tax power operation for specified user.
Preferably, the audit management module is additionally operable to audit the syslog event in cloud storage system and examined
Look into.
Preferably, the Role Information includes system manager role, safety officer role or audit administrator angle
Color.
Preferably, described device also includes:
Data memory module, for storing the data of cloud stocking system.
A kind of cloud storage security control apparatus provided by the present invention, role's authentication module is to being carried in user access request
Role Information judged, if the Role Information is to send to being system manager role, by the user access request
System management module, if the Role Information is safety officer role, the user access request to be sent to safety management mould
Block, if the Role Information is audit administrator role, the user access request to be sent to audit management module;System pipes
Reason module receives the user access request, and the user in cloud storage system is managed;Safety management module receives described
Access rights in cloud storage system are managed by user access request;Audit management module receives user's access please
Ask, the user operation behavior in cloud storage system is audited and is checked;Resource access module executes user's access please
Ask, the data in cloud stocking system are conducted interviews.It can be seen that, the device by system management module, safety management module and is examined
Meter management module, realizes system administration, safety management and the audit management function of cloud storage system, it is achieved that cloud storage system respectively
System system administration, safety management and the separation of the three powers of audit management function, improve the motility of cloud storage system access control
And safety, it is ensured that the data safety of cloud storage system.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
Accompanying drawing to be used needed for technology description is had to be briefly described, it should be apparent that, drawings in the following description are only this
Inventive embodiment, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 is a kind of structural representation of cloud storage security control apparatus provided by the present invention.
Specific embodiment
The core of the present invention is to provide a kind of cloud storage security control apparatus, to realize ensureing the data peace of cloud storage system
Entirely.
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Accompanying drawing, is clearly and completely described to the technical scheme in the embodiment of the present invention, it is clear that described embodiment is only
The a part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment for being obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Refer to the structural representation that Fig. 1, Fig. 1 are a kind of cloud storage security control apparatus provided by the present invention, the dress
Put including:
Role's authentication module 101, for receive user access request, enters to the Role Information for being carried in user access request
Row judges, if Role Information is system manager role, user access request to be sent to system management module, if Role Information
For safety officer role, user access request is sent to safety management module, if Role Information is audit administrator role,
User access request is sent to audit management module,
System management module 102, for receive user access request, is managed to the user in cloud storage system;
Access rights in cloud storage system, for receive user access request, are entered line pipe by safety management module 103
Reason;
Audit management module 104, for receive user access request, is carried out to the user operation behavior in cloud storage system
Audit and inspection;
Data in cloud stocking system, for executing user access request, are conducted interviews by resource access module 105.
It can be seen that, the device realizes cloud storage respectively by system management module, safety management module and audit management module
The system administration of system, safety management and audit management function, it is achieved that cloud storage system system administration, safety management and audit
The separation of the three powers of management function, improves motility and the safety of cloud storage system access control, it is ensured that cloud storage system
Data safety.
Based on said apparatus, further, resource access module is additionally operable to read the data in cloud stocking system.
Wherein, system management module be used for receive user access request, the user in cloud storage system is carried out newly-built, repair
Change or delete.
Wherein, access rights are the authority of the tax power operation for specified user.
Further, audit management module is additionally operable to audit the syslog event in cloud storage system and examined
Look into.
Wherein, Role Information includes system manager role, safety officer role or audit administrator role.Role
Authentication module is all connected with system management module, safety management module and audit management module.
Wherein, user access request is sent out after being managed to the user in cloud storage system by system management module
Deliver to resource access module.User is visited after being managed to the access rights in cloud storage system by safety management module
Ask that request is sent to resource access module.Audit management module to the user operation behavior in cloud storage system carry out audit and
After inspection, user access request is sent to resource access module.
Wherein, resource access module obtains use from system management module, safety management module or audit management module
Family access request, executes user access request, the data in cloud stocking system is conducted interviews.Resource access module and system pipes
Reason module, safety management module are all connected with audit management module.
Further, described device also includes:Data memory module, for storing the data of cloud stocking system.
System management module receive user access request, is managed this process just i.e. to the user in cloud storage system
It is the process for carrying out having secure access to checking to user access request.Safety management module receive user access request, to cloud storage
It is the process for carrying out having secure access to checking to user access request that access rights in system be managed this process to be.Examine
Meter management module receive user access request, is audited to the user operation behavior in cloud storage system and is checked this process
As user access request is carried out having secure access to the process of checking.
This device is applied in cloud storage system, by system management module, safety management module and audit management module,
Realize system administration, safety management and the audit management function of cloud storage system respectively, improve cloud storage system access control
Motility and safety, it is ensured that the data safety of cloud storage system.Based on the thought of separation of the three powers, by cloud storage system
System management module, safety management module and design management module are set in system, it is achieved that cloud storage system system administration, safety
Management and the separation of the three powers of audit management function, it is ensured that the data safety of cloud storage system.Overcome cloud storage system access
The problem that control mode is coarse, authority distribution is not reasonable, improves safety and the motility of cloud storage system access control.
Detailed, role's authentication module is carried out the operation such as verifying to the Role Information for being carried in user access request;Resource
Access modules are executed to the specific resource of cloud storage system, data access request;Data memory module is mainly to cloud storage system
Data stored;System management module is mainly managed to the user in system, such as user newly-built, change, delete
Except etc., carry out the global administration of user in cloud storage system;Safety management module is substantially carried out cloud storage system access rights
Management, such as the tax power operation of specific user;Audit management module is substantially carried out user operation behavior in cloud storage system, is
The audit of system log event etc., inspection work;Wherein, system management module, safety management module, audit management module are with composition
The safe access control part of cloud storage system.
Based on this device, specific workflow is as follows:
(1) for the cloud storage system service request for obtaining, role's authentication module is initially entered, the role of user is carried out
Judge, recognize which is belonging to any of system manager, safety officer or audit administrator;
(2) then, according to different roles, secure access is carried out in the disparate modules for entering safe access control part and test
Card work;Secure access checking work is specially:System manager role corresponds to and enters system management module, safety officer angle
Color is corresponded to and enters safety management module, and audit administrator role corresponds to and enters audit management module;
(3) and then, according to the judged result of safe access control part respective modules, enter resource access module carry out right
The accessing operation of concrete data.
Wherein, resource access module calls data memory module, and the data from required for wherein obtain simultaneously complete data
Transmission, interaction.Three power of system administration, safety management and the audit management function of cloud storage system can be realized based on the present invention
Discrete, it is ensured that the data safety of cloud storage system.
To sum up, a kind of cloud storage security control apparatus provided by the present invention, role's authentication module is to user access request
Middle carried Role Information is judged, if Role Information is system manager role, user access request to be sent to system
Management module, if Role Information is safety officer role, user access request to be sent to safety management module, if role's letter
Cease for audit administrator role, user access request is sent to audit management module;System management module receive user is accessed
Request, is managed to the user in cloud storage system;Safety management module receive user access request, in cloud storage system
Access rights be managed;Audit management module receive user access request, to the user operation behavior in cloud storage system
Audited and checked;Resource access module executes user access request, and the data in cloud stocking system are conducted interviews.Can
See, the device is by system management module, safety management module and audit management module, the system for realizing cloud storage system respectively
Management, safety management and audit management function, it is achieved that cloud storage system system administration, safety management and audit management function
Separation of the three powers, improves motility and the safety of cloud storage system access control, it is ensured that the data safety of cloud storage system.
Above a kind of cloud storage security control apparatus provided by the present invention are described in detail.Used herein
Specific case is set forth to the principle of the present invention and embodiment, and the explanation of above example is only intended to help and understands this
The method and its core concept of invention.It should be pointed out that for those skilled in the art, without departing from this
On the premise of bright principle, some improvement can also being carried out to the present invention and being modified, these improve and modification also falls into present invention power
In the protection domain that profit is required.
Claims (7)
1. a kind of cloud storage security control apparatus, it is characterised in that include:
Role's authentication module, for receive user access request, is carried out to the Role Information for being carried in the user access request
Judge, if the Role Information is system manager role, the user access request to be sent to system management module, if institute
Role Information is stated for safety officer role, the user access request is sent to safety management module, if role letter
Cease for audit administrator role, the user access request sent to audit management module,
The system management module, for receiving the user access request, is managed to the user in cloud storage system;
Access rights in cloud storage system, for receiving the user access request, are entered line pipe by the safety management module
Reason;
The audit management module, for receiving the user access request, enters to the user operation behavior in cloud storage system
Row audit and inspection;
Data in cloud stocking system, for executing the user access request, are conducted interviews by resource access module.
2. device as claimed in claim 1, it is characterised in that the resource access module is additionally operable to read in cloud stocking system
Data.
3. device as claimed in claim 2, it is characterised in that the system management module be used for receiving the user accesses please
Asking, newly-built, modification is carried out to the user in cloud storage system or is deleted.
4. device as claimed in claim 3, it is characterised in that the access rights are the tax power operation for specified user
Authority.
5. device as claimed in claim 4, it is characterised in that the audit management module is additionally operable to in cloud storage system
Syslog event is audited and is checked.
6. device as claimed in claim 5, it is characterised in that the Role Information includes system manager role, bursting tube
Reason person role or audit administrator role.
7. the device as described in any one in claim 1 to 6, it is characterised in that described device also includes:
Data memory module, for storing the data of cloud stocking system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610897883.XA CN106446716A (en) | 2016-10-14 | 2016-10-14 | Cloud storage safety management device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610897883.XA CN106446716A (en) | 2016-10-14 | 2016-10-14 | Cloud storage safety management device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106446716A true CN106446716A (en) | 2017-02-22 |
Family
ID=58173679
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610897883.XA Pending CN106446716A (en) | 2016-10-14 | 2016-10-14 | Cloud storage safety management device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106446716A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108169132A (en) * | 2017-12-28 | 2018-06-15 | 中山大学 | The spectrum data processing method and system of a kind of micro spectrometer |
| CN109711147A (en) * | 2019-01-02 | 2019-05-03 | 浪潮商用机器有限公司 | Separation of the three powers management method, device, system and the storage medium of operating system |
| CN111783042A (en) * | 2020-06-30 | 2020-10-16 | 北京金山云网络技术有限公司 | Database access control method and device, database main system and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102156833A (en) * | 2011-04-12 | 2011-08-17 | 华中科技大学 | Role-based access control model constructing system |
| CN103281306A (en) * | 2013-05-03 | 2013-09-04 | 四川省电力公司信息通信公司 | Virtualized infrastructure platform for cloud data centers |
| CN103685463A (en) * | 2013-11-08 | 2014-03-26 | 浪潮(北京)电子信息产业有限公司 | Access control method and system in cloud computing system |
| CN105187365A (en) * | 2015-06-04 | 2015-12-23 | 北京邮电大学 | Method and device for access control based on roles and data items |
| CN105743887A (en) * | 2016-01-26 | 2016-07-06 | 中标软件有限公司 | Access control device of cloud computing platform |
-
2016
- 2016-10-14 CN CN201610897883.XA patent/CN106446716A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102156833A (en) * | 2011-04-12 | 2011-08-17 | 华中科技大学 | Role-based access control model constructing system |
| CN103281306A (en) * | 2013-05-03 | 2013-09-04 | 四川省电力公司信息通信公司 | Virtualized infrastructure platform for cloud data centers |
| CN103685463A (en) * | 2013-11-08 | 2014-03-26 | 浪潮(北京)电子信息产业有限公司 | Access control method and system in cloud computing system |
| CN105187365A (en) * | 2015-06-04 | 2015-12-23 | 北京邮电大学 | Method and device for access control based on roles and data items |
| CN105743887A (en) * | 2016-01-26 | 2016-07-06 | 中标软件有限公司 | Access control device of cloud computing platform |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108169132A (en) * | 2017-12-28 | 2018-06-15 | 中山大学 | The spectrum data processing method and system of a kind of micro spectrometer |
| CN109711147A (en) * | 2019-01-02 | 2019-05-03 | 浪潮商用机器有限公司 | Separation of the three powers management method, device, system and the storage medium of operating system |
| CN109711147B (en) * | 2019-01-02 | 2020-06-02 | 浪潮商用机器有限公司 | Method, device and system for managing three rights separately of operating system and storage medium |
| CN111783042A (en) * | 2020-06-30 | 2020-10-16 | 北京金山云网络技术有限公司 | Database access control method and device, database main system and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110298188B (en) | Control method and system for dynamic access authority | |
| CN106446638A (en) | Cloud computing operation system security access method and device | |
| US10169762B2 (en) | Risk analysis device, risk analysis method and program storage medium | |
| CN103581187B (en) | Method and system for controlling access rights | |
| CN112818328A (en) | Multi-system authority management method, device, equipment and storage medium | |
| CN104301301B (en) | A kind of Data Migration encryption method based between cloud storage system | |
| CN111416811A (en) | Unauthorized vulnerability detection method, system, equipment and storage medium | |
| WO2014004412A1 (en) | Identity risk score generation and implementation | |
| CN110213215A (en) | A kind of resource access method, device, terminal and storage medium | |
| CN109766708B (en) | Data resource access method, system, computer system and storage medium | |
| CN105045625A (en) | Method for root authority management and control in Android platform | |
| CN105827645B (en) | Method, equipment and system for access control | |
| CN106446716A (en) | Cloud storage safety management device | |
| CN113612766B (en) | Data management device, method, computer equipment and storage medium | |
| CN104484594A (en) | Linux system privilege distribution method based on capability mechanism | |
| CN106372496A (en) | Method and system for improving payment terminal application security | |
| CN103970540B (en) | Key Functions secure calling method and device | |
| US9230128B2 (en) | Assignment of security contexts to define access permissions for file system objects | |
| CN110110528A (en) | Safety risk estimating method, device and the equipment of information system | |
| CN111131303A (en) | Request data verification system and method | |
| CN103065104A (en) | Mobile storage equipment and monitoring system formed by same | |
| CN106487770A (en) | Method for authenticating and authentication device | |
| CN105183799A (en) | Authority management method and client | |
| DE102022132069A1 (en) | SERVER SUPPORTING SECURITY ACCESS OF A USER'S TERMINAL AND CONTROL METHOD THEREOF | |
| CN111131273A (en) | Internet access control system for network engineering |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170222 |