CN115664800A - Big data safety protection system based on cloud computing - Google Patents
Big data safety protection system based on cloud computing Download PDFInfo
- Publication number
- CN115664800A CN115664800A CN202211309812.5A CN202211309812A CN115664800A CN 115664800 A CN115664800 A CN 115664800A CN 202211309812 A CN202211309812 A CN 202211309812A CN 115664800 A CN115664800 A CN 115664800A
- Authority
- CN
- China
- Prior art keywords
- user
- cloud
- node
- client
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 19
- 238000011156 evaluation Methods 0.000 claims abstract description 5
- 238000004364 calculation method Methods 0.000 claims description 37
- 238000004891 communication Methods 0.000 claims description 24
- 238000011217 control strategy Methods 0.000 claims description 7
- 238000013475 authorization Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 4
- 230000000694 effects Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of data security management, in particular to a cloud computing-based big data security protection system and an application method thereof, aiming at solving the technical problem that the access control of different information can be realized when user nodes with different identities are on cloud platforms with different security levels, particularly when a mixed cloud is designed in the prior art, and specifically through a user front-end client, the user front-end client is a user client and a user node bearing the client; the resource access control system on the cloud is used for controlling the access of the resources on the cloud and the users and transmitting the scheduling of system node authentication; and the on-cloud resource library is data on the cloud and comprises an on-cloud application and an on-cloud database, when a user requests to access resources on the cloud, the client sends an access request, and the access request is subjected to user node evaluation through the accessed system module.
Description
Technical Field
The invention relates to the technical field of data security management, in particular to a cloud computing-based big data security protection system and an application method thereof.
Background
In the 5G era of the internet, not only the popularization of the internet technology, but also the operation of derivative technologies, but also the well-known cloud technology is more embodied in the hybrid cloud, and no matter the public cloud or the private cloud platform pay more attention to security factors such as user identity authentication, and the access control is also based on the coarse-grained management of the user identity; in addition, because the elastic application and platform of cloud computing are open, the security of the whole environment cannot be guaranteed when a user accesses the cloud. In order to solve the problem, the problem that access control on different information can be performed on user nodes with different identities on cloud platforms with different security levels, especially when a hybrid cloud is designed, needs to be solved.
Disclosure of Invention
The invention aims to solve the technical problem in the prior art that access control on different information can be realized on different security levels of cloud platforms for user nodes with different identities, particularly when a hybrid cloud is designed, and provides a cloud computing-based big data security protection system and an application method thereof.
In order to solve the technical problems, the technical scheme of the invention is as follows:
a big data security protection system based on cloud computing comprises the following components in a mixed mode of the cloud computing:
the system comprises a user front-end client, a client and a user node, wherein the user front-end client is a client of a user and a user node for bearing the client;
the resource access control system on the cloud is used for controlling the access of the resources on the cloud and the user and transmitting the scheduling of system node authentication;
and the resource library on the cloud is data on the cloud, and comprises an application on the cloud and a database on the cloud.
Specifically, when a user requests to access resources on the cloud, the client sends an access request, and the access request is evaluated by the user node through the accessed system module.
Specifically, the user node evaluation comprises a credibility grade corresponding to the node, the credibility grade is verified based on the identity information of the user, a credibility verification calculation result is stored according to a preset and assignable credibility grade, and the credibility grade is used as a reference value so that the user can obtain the authentication of the access authority;
after the authentication is completed, the user can be authorized to access the corresponding resources on the cloud.
Specifically, the system for controlling access to resources on the cloud further includes:
the access control strategy module is used for determining the user authority according to the node credibility level of the application user, the user credibility level, the user group and the credibility level when the user applies for the authority;
after the authority is distributed, when the user accesses the resources on the cloud, the access control strategy module can avoid the serious strategy library to judge whether the user has the operation authority or not, and provides an authorization result or a result of refusing the operation according to whether the user has the operation authority or not.
Specifically, the resource access control system on the cloud further includes a communication module, which is used for message transmission and communicating with the client of the user node.
Specifically, the method further comprises the following steps: and the authority distribution control module is responsible for the distribution activity of the authority.
Specifically, after a user node enters a trusted level calculation process, a client of the user collects information of the node where the user node is located, and sends the node information to a trusted level calculation module;
the credibility level of one node is determined by the system and the application program of the node together;
after all the relevant data are collected, the management system obtains a comprehensive user node credible grade value.
Specifically, a final trusted level value of the user node is obtained through calculation, and a calculation result of the time is stored and used as a corresponding management factor of subsequent authorization;
the calculation is performed through a preset formula, and the preset formula is a calculation method for obtaining a corresponding credibility level by using the credibility information of the node.
Specifically, the formula of the calculation method of the confidence level is as follows:
node confidence rating value = λ C (sys) + (1- λ) E8 iC (app)
The lambda is used as the weight of the credibility level of the system and is customized by a system administrator;
wherein, 1-in is the weight of the credibility level of the application software;
δ i represents the trust weight of each application software system in all application software systems, and E δ i =1;
the function C represents the comparison between the user platform and the standard platform.
An application method of the cloud computing-based big data security protection system is characterized by comprising the following steps:
step one, a user client is started to collect current node information;
after the information is collected, the user client sends the collected relevant information to a communication module;
step three, the communication module receives the user node information and uses the user node information as a cache;
step four, the communication module requests the trusted information standard information of the standard database node, the request passes through the step five, otherwise, the request is proposed again, and the program is exited when the request times exceed the preset times;
step five, the communication module receives the trusted information of the standard node and uses the trusted information as a cache;
step six, the communication module requests to inquire a strategy library, obtains a weight value of a credible level of a calculation node realizing the agreement, and requests to pass through a skip step seven, otherwise, requests are provided again, and the program exits when the request times exceed the preset times;
step seven, the communication module receives the weighted value, sends the data to the node credibility level calculation module, and calculates the credibility level according to a corresponding calculation formula;
and step eight, storing the calculated result.
The invention has the following beneficial effects:
according to the technical scheme, the access control on different information can be realized on the cloud platforms with different safety levels for the user nodes with different identities, particularly when a hybrid cloud is designed.
Drawings
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
FIG. 1 is a schematic diagram of the system topology of the present invention;
FIG. 2 is a block diagram of the system of the present invention;
FIG. 3 is an overall workflow diagram of the present invention;
fig. 4 is a flow chart of node trust level confirmation according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without any creative effort belong to the protection scope of the present invention; for convenience of description, in the present application, the left side is a "first end", the right side is a "second end", the upper side is a "first end", and the lower side is a "second end" in the current view, so that the description is for the purpose of clearly expressing the technical solution, and should not be construed as an improper limitation to the technical solution of the present application.
The invention aims to solve the technical problem in the prior art that access control on different information can be realized on different security levels of cloud platforms for user nodes with different identities, particularly when a hybrid cloud is designed, and provides a cloud computing-based big data security protection system and an application method thereof.
Referring to fig. 1, 2, 3, and 4, a cloud computing-based big data security protection system in a hybrid mode of cloud computing includes:
the system comprises a user front-end client, a client and a user node, wherein the user front-end client is a client of a user and a user node for bearing the client;
the resource access control system on the cloud is used for controlling the access of the resources on the cloud and the user and transmitting the scheduling of system node authentication;
and the on-cloud resource library is data on the cloud and comprises on-cloud applications and on-cloud databases.
Specifically, when a user requests to access resources on the cloud, the client sends an access request, and the access request is evaluated by the accessed system module.
Specifically, the user node evaluation comprises a credibility grade corresponding to the node, the credibility grade is verified based on the identity information of the user, a credibility verification calculation result is stored according to a preset and assignable credibility grade, and the credibility grade is used as a reference value so that the user can obtain the authentication of the access authority;
after the authentication is completed, the user can be authorized to access the corresponding resources on the cloud.
Specifically, the system for controlling access to resources on the cloud further includes:
the access control strategy module is used for determining the user authority according to the node credibility level of the application user, the user credibility level, the user group and the credibility level when the user applies for the authority;
after the authority is distributed, when the user accesses the resources on the cloud, the access control strategy module can avoid the serious strategy library to judge whether the user has the operation authority or not, and provides an authorization result or a result of refusing the operation according to whether the user has the operation authority or not.
Specifically, the resource access control system on the cloud further includes a communication module, which is used for message transmission and communicating with the client of the user node.
Specifically, the method further comprises the following steps: and the authority distribution control module is responsible for the distribution activity of the authority.
Specifically, after a user node enters a trusted level calculation process, a client of the user collects information of the node where the user node is located, and sends the node information to a trusted level calculation module;
the credibility level of one node is determined by the system and the application program of the node;
after all the related data are collected, the management system obtains a comprehensive user node credibility grade value.
Specifically, a final trusted level value of the user node is obtained through calculation, and a calculation result of the time is stored and used as a corresponding management factor of subsequent authorization;
the calculation is performed through a preset formula, and the preset formula is a calculation method for obtaining a corresponding credibility level by using the credibility information of the node.
Specifically, the formula of the calculation method of the confidence level is as follows:
node confidence rating value = λ C (sys) + (1- λ) E8 iC (app)
The lambda is used as the weight of the credibility level of the system and is customized by a system administrator;
wherein, 1-in is the weight of the credibility level of the application software;
δ i represents the credibility weight of each application software system in all application software systems, and E δ i =1;
the function C represents the comparison between the user platform and the standard platform.
Specifically, an application method of the cloud computing-based big data security protection system includes the following steps:
step one, a user client is started to collect current node information;
after the information is collected, the user client sends the collected relevant information to a communication module;
step three, the communication module receives the user node information and uses the user node information as a cache;
step four, the communication module requests the trusted information standard information of the standard database node, the request passes through the step five, otherwise, the request is proposed again, and the program is exited when the request times exceed the preset times;
step five, the communication module receives the trusted information of the standard node and uses the trusted information as a cache;
step six, the communication module requests to inquire a strategy library, obtains a weight value of a credible level of a calculation node realizing the agreement, and requests to pass through a skip step seven, otherwise, requests are provided again, and the program exits when the request times exceed the preset times;
step seven, the communication module receives the weight value, sends the data to the node credibility level calculation module, and calculates the credibility level according to the corresponding calculation formula;
and step eight, storing the calculated result.
In addition, it should be noted that: the access control strategy module mainly comprises a strategy server for strategy management, a credible grade server for credible grade management and a standard database. The policy server mainly stores each policy therein, and as a core policy server of the whole system, the policy of the policy server changes with the change of the real policy configuration file, so that the security requirement of the server is high. The credible grade server is responsible for completing credible grade evaluation of all user nodes, and the node credible grade calculation module is a part of the server and comprises a credible grade management module for credible grade management and the like. And finally, the standard database stores standard values of all credible grades, and the standard database can be used for verification when node result comparison is required.
The specific working steps and principle are as follows: and Sl, when the access control management system on the cloud is started, loading preset configuration files, and determining the static data such as the current state of the system through the configuration files.
And S2, before the user node enters the node trusted information collection, the system checks the current strategy configuration file in advance, verifies the current strategy and determines the collection content and the process of the user node information.
And S3, sending corresponding information to the client after determining the collection content and process of the user node information.
S4, at the moment, the user enters a node information credibility level calculation process, and at the moment, standard node credibility information is requested from a standard database.
And S5, the standard database sends the standard value of the corresponding type according to the type of the node system in the application.
And S6, the communication module sends the integrated data to the node credibility level calculation module for calculation.
And S7, notifying the communication module after the calculation result of the credibility level is generated.
S8, the communication module sends the calculation result to the strategy server and provides a query request, and the strategy server
The server will query its policy.
And S9, the strategy server inquires the strategy distribution file and compares the time of the strategy file to obtain the latest strategy.
And S10, the strategy server sends the strategy according to the received credibility level.
In order to ensure the security of the database, a special storage process is operated for each entity in the database, so that the database is accessed when the system needs to access the database. When the data is stored through a special storage process, only the stored data type and the stored sequence are consistent with the data checked by the process and can be smoothly stored, and the method better protects the safety and stability of the database. Since the whole application service is stored in the cloud, a special field needs to be provided to store a corresponding field to be used, and system expansion can be completed easily.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. This need not be, nor should it be exhaustive of all embodiments. And obvious variations or modifications derived therefrom are intended to be within the scope of the invention.
Claims (10)
1. A big data security protection system based on cloud computing is characterized by comprising the following components in a cloud computing mixed mode:
the system comprises a user front-end client, a client and a user node, wherein the user front-end client is a client of a user and a user node for bearing the client;
the resource access control system on the cloud is used for controlling the access of the resources on the cloud and the users and transmitting the scheduling of system node authentication;
and the on-cloud resource library is data on the cloud and comprises on-cloud applications and on-cloud databases.
2. The cloud-computing-based big data security protection system as claimed in claim 1, wherein when a user requests access to a resource on the cloud, the client sends an access request, and the access request is evaluated by the accessed system module at the time.
3. The cloud computing-based big data security protection system as claimed in claim 2, wherein the user node evaluation includes a trust level corresponding to the node, the trust level is verified based on the identity information of the user, and the trust verification calculation result is stored according to a preset and assignable trust level, and the trust level is used as a reference value, so that the user obtains the authentication of the access right;
after the authentication is completed, the user can be authorized to access the corresponding resources on the cloud.
4. The cloud computing-based big data security protection system as claimed in claim 3, wherein the resource access control system on the cloud further comprises:
the access control strategy module is used for determining the user authority according to the node credibility level of the application user, the user credibility level, the user group and the credibility level when the user applies for the authority;
after the authority is distributed, when the user accesses the resources on the cloud, the access control strategy module can avoid the serious strategy library to judge whether the user has the operation authority or not, and provides an authorization result or a result of refusing the operation according to whether the user has the operation authority or not.
5. The cloud-computing-based big data security protection system as claimed in claim 4, wherein the resource access control system on the cloud further comprises a communication module for message passing and communicating with the client of the user node.
6. The cloud computing-based big data security protection system according to claim 5, further comprising: and the authority distribution control module is responsible for the distribution activity of the authority.
7. The cloud-computing-based big data security protection system as claimed in claim 6, wherein after a user node enters a trusted level computing process, a client of the user collects information of the node where the user node is located, and sends the node information to the trusted level computing module;
the credibility level of one node is determined by the system and the application program of the node together;
after all the related data are collected, the management system obtains a comprehensive user node credibility grade value.
8. The cloud computing-based big data security protection system according to claim 7, wherein a trust level value of a final user node is obtained through calculation, and a calculation result of this time is stored and used as a corresponding management factor of subsequent authorization;
the calculation is performed through a preset formula, and the preset formula is a calculation method for obtaining a corresponding credibility level by using the credibility information of the node.
9. The cloud computing-based big data security protection system as claimed in claim 1, wherein the formula of the calculation method of the trust level is:
node confidence rating value = λ C (sys) + (1- λ) E8 iC (app)
The lambda is used as the weight of the credibility level of the system and is customized by a system administrator;
wherein, 1-in is the weight of the credibility level of the application software;
δ i represents the credibility weight of each application software system in all application software systems, and E δ i =1;
the function C represents the comparison between the user platform and the standard platform.
10. An application method of the cloud computing-based big data security protection system according to claims 1-9, comprising the following steps:
step one, a user client is started to collect current node information;
step two, after the information collection is finished, the user client sends the collected related information to the communication module;
step three, the communication module receives the user node information and uses the user node information as a cache;
step four, the communication module requests the trusted information standard information of the standard database node, the request goes through the step five, otherwise, the request is proposed again, and the program exits when the request times exceed the preset times;
step five, the communication module receives the trusted information of the standard node and uses the trusted information as a cache;
step six, the communication module requests to inquire a strategy library, obtains a weight value of a trust level of a calculation node realizing the agreement, and requests to pass through a skip step seven, otherwise, requests are proposed again, and the program exits when the request times exceed the preset times;
step seven, the communication module receives the weight value, sends the data to the node credibility level calculation module, and calculates the credibility level according to the corresponding calculation formula;
and step eight, storing the calculated result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211309812.5A CN115664800A (en) | 2022-10-25 | 2022-10-25 | Big data safety protection system based on cloud computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211309812.5A CN115664800A (en) | 2022-10-25 | 2022-10-25 | Big data safety protection system based on cloud computing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115664800A true CN115664800A (en) | 2023-01-31 |
Family
ID=84990949
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211309812.5A Pending CN115664800A (en) | 2022-10-25 | 2022-10-25 | Big data safety protection system based on cloud computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115664800A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116305220A (en) * | 2023-05-18 | 2023-06-23 | 天云融创数据科技(北京)有限公司 | Big data-based resource data processing method and system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106127368A (en) * | 2016-06-14 | 2016-11-16 | 成都镜杰科技有限责任公司 | Date storage method for ERP System |
| US20160344736A1 (en) * | 2015-05-19 | 2016-11-24 | Microsoft Technology Licensing, Llc. | Secured access control to cloud-based applications |
| CN106997440A (en) * | 2017-04-10 | 2017-08-01 | 中经汇通电子商务有限公司 | A kind of role access control method |
| CN111953679A (en) * | 2020-08-11 | 2020-11-17 | 中国人民解放军战略支援部队信息工程大学 | Intranet user behavior measurement method and network access control method based on zero trust |
| CN112118102A (en) * | 2020-10-21 | 2020-12-22 | 国网天津市电力公司 | Dedicated zero trust network system of electric power |
| CN112565189A (en) * | 2020-11-04 | 2021-03-26 | 国网安徽省电力有限公司信息通信分公司 | Access control system based on cloud computing data security |
| CN113395271A (en) * | 2021-06-07 | 2021-09-14 | 武汉卓尔信息科技有限公司 | Data security access method in cloud computing platform and cloud computing platform |
| CN114629719A (en) * | 2022-04-08 | 2022-06-14 | 中国移动通信集团陕西有限公司 | Resource access control method and resource access control system |
-
2022
- 2022-10-25 CN CN202211309812.5A patent/CN115664800A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160344736A1 (en) * | 2015-05-19 | 2016-11-24 | Microsoft Technology Licensing, Llc. | Secured access control to cloud-based applications |
| CN106127368A (en) * | 2016-06-14 | 2016-11-16 | 成都镜杰科技有限责任公司 | Date storage method for ERP System |
| CN106997440A (en) * | 2017-04-10 | 2017-08-01 | 中经汇通电子商务有限公司 | A kind of role access control method |
| CN111953679A (en) * | 2020-08-11 | 2020-11-17 | 中国人民解放军战略支援部队信息工程大学 | Intranet user behavior measurement method and network access control method based on zero trust |
| CN112118102A (en) * | 2020-10-21 | 2020-12-22 | 国网天津市电力公司 | Dedicated zero trust network system of electric power |
| CN112565189A (en) * | 2020-11-04 | 2021-03-26 | 国网安徽省电力有限公司信息通信分公司 | Access control system based on cloud computing data security |
| CN113395271A (en) * | 2021-06-07 | 2021-09-14 | 武汉卓尔信息科技有限公司 | Data security access method in cloud computing platform and cloud computing platform |
| CN114629719A (en) * | 2022-04-08 | 2022-06-14 | 中国移动通信集团陕西有限公司 | Resource access control method and resource access control system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116305220A (en) * | 2023-05-18 | 2023-06-23 | 天云融创数据科技(北京)有限公司 | Big data-based resource data processing method and system |
| CN116305220B (en) * | 2023-05-18 | 2023-08-08 | 天云融创数据科技(北京)有限公司 | Big data-based resource data processing method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10055561B2 (en) | Identity risk score generation and implementation | |
| CN110941844B (en) | Authentication method, system, electronic equipment and readable storage medium | |
| CN108494703A (en) | A kind of access frequency control method, device and storage medium | |
| EP3547634B1 (en) | Method and apparatus for determining access permission, and terminal | |
| CN109918924A (en) | The control method and system of dynamic access permission | |
| CN116708037B (en) | Cloud platform access right control method and system | |
| CN105872094A (en) | Service robot cloud platform interface system based on SOA and working method thereof | |
| CN114465807A (en) | Zero-trust API gateway dynamic trust evaluation and access control method and system based on machine learning | |
| WO2011162750A1 (en) | Authorization control | |
| CN104735091A (en) | Linux system-based user access control method and device | |
| CN101562558A (en) | Method, system and device for terminal grade classification | |
| CN115664800A (en) | Big data safety protection system based on cloud computing | |
| CN112651001A (en) | Access request authentication method, device, equipment and readable storage medium | |
| CN116418568A (en) | Data security access control method, system and storage medium based on dynamic trust evaluation | |
| CN101594386B (en) | Method and device for constructing reliable virtual organization based on distributed strategy verification | |
| CN118041667A (en) | Block chain-based attribute access control system and method for Internet of things in edge computing environment | |
| Faiella et al. | Collaborative attribute retrieval in environment with faulty attribute managers | |
| Zhang et al. | Access control and trust management for emerging multidomain environments | |
| CN112116348B (en) | Access control method for node resources | |
| CN102238037B (en) | Cooperative target strategy detailing method | |
| US20220255970A1 (en) | Deploying And Maintaining A Trust Store To Dynamically Manage Web Browser Extensions On End User Computing Devices | |
| CN111367617A (en) | Computing resource trusted management linkage system and method | |
| CN112104653B (en) | Trusted computing management method and device for charging system and storage medium | |
| CN115277252B (en) | Data authorization method based on multi-signature mechanism | |
| CN117318914B (en) | Block chain service platform based on terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20230131 |
|
| RJ01 | Rejection of invention patent application after publication |