云计算下可信虚拟群体内访问控制研究

针对缺乏适合基于云计算的生产型重要信息系统内部隔离机制的问题，对云计算模式下现有的访问控制技术进行了比较，提出了基于两级密钥管理的访问控制方案。第一级构造了一个基于单项散列函数的访问控制多项式实现了子群体间信息流的隔离，即实现了生产型重要信息系统内部门间的信息隔离；在第一级密钥管理的基础上，提出了子群体间层次密钥管理，实现不同部门间信息流的访问控制。然后对该方案的安全性和复杂度进行了分析。最后，通过实例和仿真实验对基于两级密钥管理的访问控制方案进行了验证。

On access to trusted virtual group under cloud computing

There is no appropriate internal isolation mechanism for important production information system based on cloud computing. Here the main access control technologies were compared thoroughly and then two-layer key management scheme was put forward. In terms of the first layer, access control polynomial based on one-way hash function was constructed to achieve the separation of information flow between subgroups, that is, the information isolation within any department of a company was accomplished. Based on the first layer, a hierarchical key management was presented for different subgroups so as to realize the access control between different departments of a company. Then the security and complexity were analyzed. Finally, through the example and simulation experiment, the access control model based on two-layer key management scheme was verified.