CN117938535A - Cloud service security cloud control system and method based on big data - Google Patents

Cloud service security cloud control system and method based on big data Download PDF

Info

Publication number
CN117938535A
CN117938535A CN202410159646.8A CN202410159646A CN117938535A CN 117938535 A CN117938535 A CN 117938535A CN 202410159646 A CN202410159646 A CN 202410159646A CN 117938535 A CN117938535 A CN 117938535A
Authority
CN
China
Prior art keywords
user
data
service
module
cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410159646.8A
Other languages
Chinese (zh)
Inventor
李光辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Chaohui Intelligent Technology Co ltd
Original Assignee
Guangzhou Chaohui Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Chaohui Intelligent Technology Co ltd filed Critical Guangzhou Chaohui Intelligent Technology Co ltd
Priority to CN202410159646.8A priority Critical patent/CN117938535A/en
Publication of CN117938535A publication Critical patent/CN117938535A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of cloud service, and discloses a cloud service security cloud control system and method based on big data, wherein the system comprises the following steps: the user registration login module is used for registering the user identity and logging in; the permission acquisition module is used for determining the permission of the user based on the user login account; the service authority distribution module is used for providing cloud service of a corresponding grade; the service request module is used for carrying out data query, data uploading, data storage and other service request operations; the identity verification module is used for verifying the identity of the user initiating the cloud service request; the request judging module is used for determining whether the service request input by the user exceeds a preset range; and the service management module is used for providing corresponding service based on the user service request when the user input service request does not exceed the user authority and the user authentication is passed, and encrypting and uploading the data to be uploaded by the user.

Description

Cloud service security cloud control system and method based on big data
Technical Field
The invention belongs to the technical field of cloud service, and particularly relates to a cloud service security cloud control system and method based on big data.
Background
In a cloud computing platform, a cloud controller (CLC) is responsible for managing the entire system, corresponding to the central nerve of the system, which is the visible portal for the user and the component making global decisions. It is the primary portal for all users and administrators to enter the cloud platform, and all clients communicate only with CLC through APIs (ApplicationProgramInterface ) based on SOAP (SimpleObjectAccessProtocol, simple object access protocol). The CLC is responsible for passing the requests to the correct components, collecting them and sending the responses from these components to the client. And processes service level agreements and maintains system and user related metadata. The cloud controller is made up of a set of services that handle user requests, authenticate and maintain the system, user metadata (virtual machine images and SSH keys peering), and can manage and monitor the operation of virtual machine instances. These services are configured and managed by an enterprise service bus through which operations such as service distribution can be performed.
With the development of cloud computing, more and more users choose to cloud their own business. Public clouds and private clouds bloom throughout, cloud computing is mature increasingly, business clouding of users is more and more convenient, and construction cost is lower and lower.
However, the safety of the existing cloud service cannot be guaranteed, the communication is easy to attack, and the safety of data cannot be guaranteed.
Disclosure of Invention
Aiming at the problems existing in the prior art, the invention provides a cloud service security cloud control system and method based on big data.
The invention is realized in such a way, a cloud service security cloud control method based on big data firstly carries out user registration login processing, and relates to the optimization of encryption storage and authentication processes of user identity information by adopting a machine learning and deep learning algorithm; secondly, executing a permission acquisition step, wherein the permission acquisition step comprises the steps of analyzing access data flow of a user login account by using big data analysis and pattern recognition technology, and automatically adjusting and optimizing permission setting based on a user behavior pattern; then, service authority allocation is carried out, the service authority is dynamically adjusted by adopting a self-adaptive learning system according to the behavior and the demand of a user, and a recommendation algorithm is applied to provide personalized service options; then, processing the service request, understanding and processing the user service request by using a natural language processing technology, and predicting the user service requirement by using a time sequence analysis prediction model; next, identity verification is realized, and the accuracy of the identity verification is enhanced and abnormal login attempts are identified by combining biological feature analysis and an abnormal detection algorithm; then, request judgment is carried out, whether the user request accords with the authority range is automatically judged by utilizing a decision tree algorithm, and the potential risk of each request is evaluated through a risk evaluation model; and finally, performing service management, applying an advanced data encryption algorithm and a hash function to protect data security, and dynamically distributing cloud resources by using an optimization algorithm to improve service efficiency.
Further, the method comprises the following steps:
the user registration login processing relates to the encryption storage of user identity information;
Obtaining permission, including analyzing access data flow of a user login account and determining operation permission of the user to a database;
service authority allocation, namely providing cloud services of corresponding grades according to user authorities;
Service request processing, including data query, uploading, storing and other operations;
identity verification, which relates to identity verification of a user initiating a cloud service request, comprising multi-stage encryption and hash processing;
request judgment, namely judging whether a user request exceeds the authority range of the user request;
service management, processing data uploaded by users, including encryption uploading.
The invention provides a cloud service security data processing method based on big data, which comprises the following steps:
SQL lexical and grammatical analysis is used for extracting parameter information when a user accesses a database;
extracting user information from the access data stream;
encryption processing of the data original text comprises random generation and encryption operation of a symmetric encryption key;
encrypting and hashing the identification picture provided by the user to generate a hash value;
asymmetric encryption processing is carried out on the data original text and the identification picture to generate a new ciphertext;
the ciphertext is sent to a server and decrypted in the server;
comparing the data original text with the hash value of the identification picture, and confirming the identity of the user and the integrity of the data;
And (3) encrypting the data to be uploaded by the user by using an attribute encryption method, wherein the encryption processing comprises the steps of constructing an access control strategy and uploading an encrypted ciphertext.
The invention provides a cloud service security cloud control system based on big data, which comprises the following components:
The user registration login module is used for registering the user identity and logging in; encrypting and storing the identity information according to a preset master key;
the permission acquisition module is connected with the user registration login module and is used for determining the permission of the user based on the user login account;
The service authority allocation module is connected with the authority acquisition module and is used for providing cloud services of corresponding grades based on user authorities;
The service request module is connected with the service authority allocation module and is used for carrying out data query, data uploading, data storage and other service request operations by a user;
the identity verification module is connected with the service request module and used for verifying the identity of the user initiating the cloud service request;
the request judging module is connected with the identity verification module and is used for determining whether a service request input by a user exceeds a preset range or not based on the user permission level;
And the service management module is connected with the request judging module and is used for providing corresponding service based on the user service request when the service request input by the user does not exceed the user authority and the user verification is passed, and encrypting and uploading the data to be uploaded by the user.
Further, the permission obtaining module determines the permission of the user based on the user login account includes:
S1: acquiring an access data stream of a received user access database based on a user login account;
s2: analyzing the access data stream to acquire user access information;
s3: and determining the operation authority of the user on the database based on the user access information.
Further, in the step S2, the analyzing the access data stream, and obtaining the user access information includes:
SQL lexical analysis and SQL syntax analysis are carried out on the access data stream, and database parameter information related to the user accessing the database is obtained; and extracting user information from the access data stream.
Further, the user access information includes the database parameter information and the user information.
Further, the identity verification module is configured to verify a user identity initiating a cloud service request, and specifically includes:
(1) The user provides the identification picture, encrypts and hashes the picture to obtain a hash value;
(2) Randomly generating a secret key, encrypting a file original text to form a ciphertext;
(3) Carrying out hash and symmetric encryption on the ciphertext to obtain a hash value;
(4) Performing asymmetric encryption on the hash value and the ciphertext obtained in the steps (1) - (3) to obtain a new ciphertext;
(5) The new ciphertext is sent to a system server through network data;
(6) The server decrypts the new ciphertext to obtain a data original text and an identification picture;
(7) Respectively hashing the data original text and the identification picture to obtain a data original Wen Haxi value and an identification picture hash value;
(8) Comparing the data source Wen Haxi in the step (7) with the hash value in the step (3), and if the data source Wen Haxi is consistent with the hash value, not falsifying the data source; comparing the hash value of the identification picture in the step (7) with the hash value in the step (1), and if the hash values are consistent, confirming that the identity of the user terminal sending the information is correct.
Further, in the step (2), the user terminal randomly generates a key through an SM4 algorithm, and encrypts the data original text to be transmitted by using the key through the SM4 algorithm.
Further, the service management module, the encrypting and uploading the data to be uploaded by the user includes:
(1) Inputting data m to be uploaded by a user, a system public parameter PP, operating encryptions (PP, m) at a data processing end, selecting a symmetric encryption key k, and symmetrically encrypting confidential information m to obtain E K (m);
(2) Constructing an access control strategy gamma= (M, p), wherein M is an lxd matrix, and p is a unijective function; performing attribute encryption on the symmetric encryption key k, randomly selecting s epsilon z p, and recording vectors Then/>Calculate c=k·e (g, g) αs;
(3) For all the attributes involved in the access control policy, obtain its corresponding trapdoor public key GTDM, and calculate I A represents all the properties involved in the access control strategy, and finally obtains ciphertext CT and uploads the ciphertext CT to the cloud server, wherein
The invention further provides a cloud service security cloud control method based on big data for implementing the cloud service security cloud control system based on big data, which comprises the following steps:
S31: a user registration login module is utilized to register user identity and log in; encrypting and storing the identity information according to a preset master key; determining the authority of the user based on the user login account by utilizing an authority acquisition module; providing cloud services of corresponding grades based on user rights by utilizing a service rights distribution module;
The service request module is connected with the service authority allocation module and is used for carrying out data query, data uploading, data storage and other service request operations by a user;
s32: the identity verification module is connected with the service request module and used for verifying the identity of a user initiating the cloud service request; determining whether a service request input by a user exceeds a preset range or not based on the user permission level by using a request judging module;
s33: and when the service request input by the user does not exceed the user authority and the user verification is passed, the service management module is used for providing corresponding service based on the user service request and encrypting and uploading the data to be uploaded by the user.
Another object of the present invention is to provide a computer device, where the computer device includes a memory and a processor, where the memory stores a computer program, and the computer program when executed by the processor causes the processor to execute the steps of the cloud service security cloud control method based on big data.
Another object of the present invention is to provide a computer readable storage medium storing a computer program, which when executed by a processor, causes the processor to execute the steps of the cloud service security cloud control method based on big data.
In combination with the technical scheme and the technical problems to be solved, the technical scheme to be protected has the following advantages and positive effects:
Firstly, the invention not only carries out identity verification on the user, but also carries out secondary identity verification based on the request sent by the user, thereby improving the safety of cloud service; meanwhile, the identity information of the user and all uploading information are encrypted, transmitted and uploaded, so that the cloud security is improved; the invention can also carry out authority allocation and service providing determination based on the user identity, and effectively carries out hierarchical management of the user.
Secondly, the invention effectively solves the technical problems that the safety of the existing cloud service cannot be ensured, the communication is easy to attack, and the safety of data cannot be ensured, not only performs identity verification on a user, but also performs secondary identity verification based on a request sent by the user, thereby improving the safety of the cloud service; meanwhile, the identity information of the user and all uploading information are encrypted, transmitted and uploaded, so that the cloud security is improved.
Thirdly, aiming at the cloud service security cloud control system based on big data, the remarkable technical progress is mainly achieved in the following aspects:
1) Enhanced security: through multi-level encryption and hash processing, the system effectively improves the security of data. The strict authentication of the user identity and the encryption process of the data significantly reduce the risk of data leakage and unauthorized access.
2) Accurate authority control: the system can accurately allocate the rights based on user role and behavior analysis, and ensures that each user can only access the resources in the corresponding rights range. This dynamic rights allocation mechanism increases the flexibility and security of the system.
3) And (3) improving data processing efficiency: the system significantly improves the efficiency of data processing through automated data processing flows, including data collection, analysis, storage and management. The user can quickly acquire the required service, and the user experience is improved.
4) System scalability and adaptability: the system design allows for easy extension of new functions and services to accommodate changing business needs and technological advances. Meanwhile, the system can adapt to organizations of different scales and types, from small enterprises to large enterprises or educational institutions.
5) Highly integrated user experience: the system integrates a plurality of functions such as user identity management, authority allocation, data encryption, security monitoring and the like, and provides a seamless, safe and efficient operation platform for users.
6) The operation and maintenance cost is reduced: automated and integrated system management reduces reliance on specialized technicians, reduces operation and maintenance costs, and simplifies routine maintenance work.
The technical progress of the invention improves the overall performance and reliability of the system together, so that the system becomes an efficient, safe and easy-to-manage cloud service solution.
Drawings
Fig. 1 is a structural diagram of a cloud service security cloud control system based on big data, which is provided by an embodiment of the invention;
FIG. 2 is a flowchart of a method for determining a user's rights based on a user login account by a rights acquisition module provided by an embodiment of the present invention;
Fig. 3 is a flowchart of a cloud service security cloud control method based on big data provided by an embodiment of the invention.
Detailed Description
The present invention will be described in further detail with reference to the following examples in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Example 1: security cloud control system of enterprise-level cloud data center
1) User registration and login: the enterprise staff registers the identity through the enterprise internal network, and the system stores staff information in an encrypted mode.
2) Rights acquisition: after the employee logs in, the system automatically allocates the database operation authority according to the position and the work requirement.
3) Service rights allocation: different levels of staff obtain different cloud service access rights, and data analysts obtain advanced data query rights.
4) Service request processing: an employee may request services such as data analysis, report generation, etc. within the scope of the authority.
5) Identity verification and request judgment: the system verifies the user identity and the authority of each service request, and ensures the data security.
6) And (3) service management: and sensitive data uploaded by staff is automatically encrypted before uploading, so that safe storage in the cloud is ensured.
Example 2: cloud service security cloud control system of online education platform
1) User registration and login: teachers and students register and log in on the platform, and the system encrypts identity information of the teachers and the students.
2) Rights acquisition: based on the user's role (teacher or student), the system automatically allocates rights to access and manipulate the online course content.
3) Service rights allocation: the teacher obtains the course uploading and managing authority, and the student obtains the course access and homework submitting authority.
4) Service request processing: and the user performs course browsing, data downloading, job submitting and other operations according to the self authority.
5) Identity verification and request judgment: when a teacher uploads courses or students submit homework, the system performs identity verification and authority check.
6) And (3) service management: the teaching materials and student homework uploaded to the platform are automatically encrypted in the uploading process, so that the data transmission safety is ensured.
The two embodiments represent the application of the cloud service security cloud control system in the enterprise and education fields, and show the specific implementation and operation flow of the system under different application backgrounds.
As shown in fig. 1, an embodiment of the present invention provides a cloud service security cloud control system based on big data, where the system includes:
The user registration login module is used for registering the user identity and logging in; encrypting and storing the identity information according to a preset master key;
the permission acquisition module is connected with the user registration login module and is used for determining the permission of the user based on the user login account;
The service authority allocation module is connected with the authority acquisition module and is used for providing cloud services of corresponding grades based on user authorities;
The service request module is connected with the service authority allocation module and is used for carrying out data query, data uploading, data storage and other service request operations by a user;
the identity verification module is connected with the service request module and used for verifying the identity of the user initiating the cloud service request;
the request judging module is connected with the identity verification module and is used for determining whether a service request input by a user exceeds a preset range or not based on the user permission level;
And the service management module is connected with the request judging module and is used for providing corresponding service based on the user service request when the service request input by the user does not exceed the user authority and the user verification is passed, and encrypting and uploading the data to be uploaded by the user.
As shown in fig. 2, the permission obtaining module determines the permission of the user based on the user login account includes:
S1: acquiring an access data stream of a received user access database based on a user login account;
s2: analyzing the access data stream to acquire user access information;
s3: and determining the operation authority of the user on the database based on the user access information.
In the step S2, the analyzing the access data stream, and obtaining the user access information includes:
SQL lexical analysis and SQL syntax analysis are carried out on the access data stream, and database parameter information related to the user accessing the database is obtained; and extracting user information from the access data stream.
The user access information includes the database parameter information and the user information.
The identity verification module is used for verifying the identity of a user initiating a cloud service request, and specifically comprises the following steps:
(1) The user provides the identification picture, encrypts and hashes the picture to obtain a hash value;
(2) Randomly generating a secret key, encrypting a file original text to form a ciphertext;
(3) Carrying out hash and symmetric encryption on the ciphertext to obtain a hash value;
(4) Performing asymmetric encryption on the hash value and the ciphertext obtained in the steps (1) - (3) to obtain a new ciphertext;
(5) The new ciphertext is sent to a system server through network data;
(6) The server decrypts the new ciphertext to obtain a data original text and an identification picture;
(7) Respectively hashing the data original text and the identification picture to obtain a data original Wen Haxi value and an identification picture hash value;
(8) Comparing the data source Wen Haxi in the step (7) with the hash value in the step (3), and if the data source Wen Haxi is consistent with the hash value, not falsifying the data source; comparing the hash value of the identification picture in the step (7) with the hash value in the step (1), and if the hash values are consistent, confirming that the identity of the user terminal sending the information is correct.
In the step (2), the user terminal randomly generates a key through an SM4 algorithm, and the key is used for carrying out SM4 algorithm encryption on the data text to be transmitted.
The service management module, the data that the user needs to upload are encrypted and uploaded, including:
(1) Inputting data m to be uploaded by a user, a system public parameter PP, operating encryptions (PP, m) at a data processing end, selecting a symmetric encryption key k, and symmetrically encrypting confidential information m to obtain E K (m);
(2) Constructing an access control strategy gamma= (M, p), wherein M is an lxd matrix, and p is a unijective function; performing attribute encryption on the symmetric encryption key k, randomly selecting s epsilon z p, and recording vectors Then/>Calculate c=k·e (g, g) αs;
(3) For all the attributes involved in the access control policy, obtain its corresponding trapdoor public key GTDM, and calculate I A represents all the properties involved in the access control strategy, and finally obtains ciphertext CT and uploads the ciphertext CT to the cloud server, wherein
As shown in fig. 3, an embodiment of the present invention provides a cloud service security cloud control method based on big data for implementing the cloud service security cloud control system based on big data, where the method includes:
S31: a user registration login module is utilized to register user identity and log in; encrypting and storing the identity information according to a preset master key; determining the authority of the user based on the user login account by utilizing an authority acquisition module; providing cloud services of corresponding grades based on user rights by utilizing a service rights distribution module;
The service request module is connected with the service authority allocation module and is used for carrying out data query, data uploading, data storage and other service request operations by a user;
s32: the identity verification module is connected with the service request module and used for verifying the identity of a user initiating the cloud service request; determining whether a service request input by a user exceeds a preset range or not based on the user permission level by using a request judging module;
s33: and when the service request input by the user does not exceed the user authority and the user verification is passed, the service management module is used for providing corresponding service based on the user service request and encrypting and uploading the data to be uploaded by the user.
In order to realize the intellectualization of the technical scheme by combining artificial intelligence, a series of mathematical algorithms and models can be adopted. The following is a specific implementation method for intelligentizing the technical scheme:
User registration login processing:
algorithm application: machine learning algorithms (e.g., decision trees, random forests) are used to analyze user behavior, predict and guard against potential security threats.
Model optimization: and optimizing the user authentication process by using the neural network model, and improving the authentication accuracy.
Rights acquisition:
data analysis: big data analysis techniques, such as cluster analysis, are applied to understand the user behavior patterns and automatically adjust and optimize the rights settings.
Pattern recognition: the operation habit of the user is automatically identified by using a pattern identification technology, so that the authority is dynamically adjusted.
Service rights allocation:
self-adaptive learning: the service authority is automatically adjusted according to the behavior and the requirements of the user through the self-adaptive learning system.
Recommendation system: personalized service options are provided by recommendation algorithms (e.g., collaborative filtering) based on past cloud service usage by the user.
Service request processing:
Natural language processing: and the NLP technology is applied to understand and process the service request of the user, so that the processing efficiency and accuracy are improved.
Predictive analysis: and predicting the service demand of the user by using a prediction model such as time sequence analysis and the like, and preparing required resources in advance.
And (3) identity authentication:
biological feature analysis: and the method is combined with deep learning and is used for enhancing the accuracy of verification of biological characteristics (such as facial recognition and fingerprint recognition).
Abnormality detection: an anomaly detection algorithm (e.g., a support vector machine) is used to identify anomalous login attempts.
Request judgment:
Decision tree algorithm: and automatically judging whether the user request accords with the authority range or not by utilizing a decision tree algorithm.
Risk assessment model: and developing a risk assessment model to assess the potential risk of each request, and realizing intelligent security control.
And (3) service management:
Data encryption algorithm: advanced encryption algorithms (e.g., AES, RSA) are applied and hash functions (e.g., SHA-256) are applied to secure the data.
Cloud resource optimization: cloud resources are dynamically allocated by using an optimization algorithm (such as a genetic algorithm), so that service efficiency is improved.
By the method, the cloud service security cloud control system is more intelligent, and the security, efficiency and user experience of the system are improved.
The embodiment of the invention provides a computer device, which comprises a memory and a processor, wherein the memory stores a computer program, and when the computer program is executed by the processor, the processor executes the steps of the cloud service security cloud control method based on big data.
The embodiment of the invention provides a computer readable storage medium, which stores a computer program, wherein the computer program, when being executed by a processor, enables the processor to execute the steps of the cloud service security cloud control method based on big data.
It should be noted that the embodiments of the present invention can be realized in hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or special purpose design hardware. Those of ordinary skill in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such as provided on a carrier medium such as a magnetic disk, CD or DVD-ROM, a programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The device of the present invention and its modules may be implemented by hardware circuitry, such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, etc., or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., as well as software executed by various types of processors, or by a combination of the above hardware circuitry and software, such as firmware.
Cloud service security cloud control system based on big data works in detail:
A user registration login module: the registration and login requests of the user are processed. When a user registers, identity information is collected and stored in an encrypted manner by using a preset master key. In the login process, the user information is also encrypted and verified by using the secret key.
The permission acquisition module is used for: the permission level of the user is determined. Based on the user's login account information, the system obtains user information and database parameter information by analyzing the user's access data stream (including lexical and grammatical analysis of SQL statements). This information is used to determine the user's operational rights to the database.
Service authority allocation module: and providing cloud services of corresponding grades according to the user rights. According to the user rights, the system automatically allocates and limits the cloud service scope that the user can access and operate.
Service request module: various cloud service requests of the user are processed, such as data query, uploading, storage and the like. And receiving the service request of the user and transmitting the request to the related module for processing.
And an identity verification module: the identity of the user that initiated the cloud service request is verified. The user provides the identification picture, the system performs multi-stage encryption and hash processing, and the system comprises an SM4 algorithm for encrypting data to be transmitted. The hash value and the encrypted data are sent to a server over a network. The server decrypts the data and compares the hash values to verify the data integrity and the user identity.
Request judging module: it is determined whether the user request is outside of its scope of rights. According to the authority level of the user, the system checks whether the service request of the user exceeds the preset authority. If so, the request is denied; otherwise, the request is passed to the service management module.
And a service management module: and providing corresponding cloud services and processing data uploaded by the user. When the user's request passes the verification and is within the authority range, the system provides corresponding service. And the data to be uploaded by the user is encrypted and uploaded, so that the data security is ensured. The encryption process includes symmetric encryption and attribute encryption, and constructing an access control policy and an attribute trapdoor public key.
Through the working principle, the cloud service security cloud control system based on big data can ensure data security, prevent unauthorized access and provide efficient and safe cloud computing service for users.
The foregoing is merely illustrative of the present invention and the present invention is not limited thereto, and any modifications may be made by those skilled in the art without departing from the spirit and principles of the present invention,
Equivalent substitutions and modifications and the like are intended to be covered by the scope of the present invention.

Claims (10)

1. The cloud service security cloud control method based on the big data is characterized by comprising the following steps of:
firstly, implementing user registration login processing, which relates to the optimization of encryption storage and authentication process for user identity information by adopting machine learning and deep learning algorithms; secondly, executing a permission acquisition step, wherein the permission acquisition step comprises the steps of analyzing access data flow of a user login account by using big data analysis and pattern recognition technology, and automatically adjusting and optimizing permission setting based on a user behavior pattern; then, service authority allocation is carried out, the service authority is dynamically adjusted by adopting a self-adaptive learning system according to the behavior and the demand of a user, and a recommendation algorithm is applied to provide personalized service options; then, processing the service request, understanding and processing the user service request by using a natural language processing technology, and predicting the user service requirement by using a time sequence analysis prediction model; next, identity verification is realized, and the accuracy of the identity verification is enhanced and abnormal login attempts are identified by combining biological feature analysis and an abnormal detection algorithm; then, request judgment is carried out, whether the user request accords with the authority range is automatically judged by utilizing a decision tree algorithm, and the potential risk of each request is evaluated through a risk evaluation model; and finally, performing service management, applying an advanced data encryption algorithm and a hash function to protect data security, and dynamically distributing cloud resources by using an optimization algorithm to improve service efficiency.
2. The cloud service security cloud control method based on big data according to claim 1, wherein the cloud service security data processing method based on big data is adopted, and the method comprises the following steps:
SQL lexical and grammatical analysis is used for extracting parameter information when a user accesses a database;
extracting user information from the access data stream;
encryption processing of the data original text comprises random generation and encryption operation of a symmetric encryption key;
encrypting and hashing the identification picture provided by the user to generate a hash value;
asymmetric encryption processing is carried out on the data original text and the identification picture to generate a new ciphertext;
the ciphertext is sent to a server and decrypted in the server;
comparing the data original text with the hash value of the identification picture, and confirming the identity of the user and the integrity of the data;
And (3) encrypting the data to be uploaded by the user by using an attribute encryption method, wherein the encryption processing comprises the steps of constructing an access control strategy and uploading an encrypted ciphertext.
3. Cloud service security cloud control system based on big data, characterized in that the system includes:
The user registration login module is used for registering the user identity and logging in; encrypting and storing the identity information according to a preset master key;
the permission acquisition module is connected with the user registration login module and is used for determining the permission of the user based on the user login account;
The service authority allocation module is connected with the authority acquisition module and is used for providing cloud services of corresponding grades based on user authorities;
The service request module is connected with the service authority allocation module and is used for carrying out data query, data uploading, data storage and other service request operations by a user;
the identity verification module is connected with the service request module and used for verifying the identity of the user initiating the cloud service request;
the request judging module is connected with the identity verification module and is used for determining whether a service request input by a user exceeds a preset range or not based on the user permission level;
And the service management module is connected with the request judging module and is used for providing corresponding service based on the user service request when the service request input by the user does not exceed the user authority and the user verification is passed, and encrypting and uploading the data to be uploaded by the user.
4. The cloud service security cloud control system of claim 1, wherein said rights acquisition module determining rights of a user based on a user login account comprises:
S1: acquiring an access data stream of a received user access database based on a user login account;
s2: analyzing the access data stream to acquire user access information;
s3: and determining the operation authority of the user on the database based on the user access information.
5. The cloud service security cloud control system based on big data as claimed in claim 2, wherein in S2, the analyzing the access data stream to obtain the user access information includes:
SQL lexical analysis and SQL syntax analysis are carried out on the access data stream, and database parameter information related to the user accessing the database is obtained; and extracting user information from the access data stream.
6. The big data based cloud service security cloud control system of claim 2, wherein said user access information comprises said database parameter information and said user information.
7. The cloud service security cloud control system based on big data as claimed in claim 1, wherein the authentication module is configured to authenticate the identity of the user initiating the cloud service request, and specifically comprises:
(1) The user provides the identification picture, encrypts and hashes the picture to obtain a hash value;
(2) Randomly generating a secret key, encrypting a file original text to form a ciphertext;
(3) Carrying out hash and symmetric encryption on the ciphertext to obtain a hash value;
(4) Performing asymmetric encryption on the hash value and the ciphertext obtained in the steps (1) - (3) to obtain a new ciphertext;
(5) The new ciphertext is sent to a system server through network data;
(6) The server decrypts the new ciphertext to obtain a data original text and an identification picture;
(7) Respectively hashing the data original text and the identification picture to obtain a data original Wen Haxi value and an identification picture hash value;
(8) Comparing the data source Wen Haxi in the step (7) with the hash value in the step (3), and if the data source Wen Haxi is consistent with the hash value, not falsifying the data source; comparing the hash value of the identification picture in the step (7) with the hash value in the step (1), and if the hash values are consistent, confirming that the identity of the user terminal sending the information is correct.
8. The cloud service security cloud control system based on big data of claim 1, wherein in the step (2), the user side randomly generates a key through an SM4 algorithm, and encrypts the data original to be transmitted by using the key through the SM4 algorithm.
9. The cloud service security cloud control system based on big data as claimed in claim 1, wherein the service management module, the encrypting and uploading the data to be uploaded by the user comprises:
(1) Inputting data m to be uploaded by a user, a system public parameter PP, operating encryptions (PP, m) at a data processing end, selecting a symmetric encryption key k, and symmetrically encrypting confidential information m to obtain E K (m);
(2) Constructing an access control strategy gamma= (M, p), wherein M is an lxd matrix, and p is a unijective function; performing attribute encryption on the symmetric encryption key k, randomly selecting s epsilon z p, and recording vectors Then/>Calculate c=k·e (g, g) αs;
(3) For all the attributes involved in the access control policy, obtain its corresponding trapdoor public key GTDM, and calculate I A represents all the properties involved in the access control strategy, and finally obtains ciphertext CT and uploads the ciphertext CT to the cloud server, wherein
10. A cloud service security cloud control method based on big data for implementing the cloud service security cloud control system based on big data according to any one of claims 1 to 7, the method comprising:
S31: a user registration login module is utilized to register user identity and log in; encrypting and storing the identity information according to a preset master key; determining the authority of the user based on the user login account by utilizing an authority acquisition module; providing cloud services of corresponding grades based on user rights by utilizing a service rights distribution module;
The service request module is connected with the service authority allocation module and is used for carrying out data query, data uploading, data storage and other service request operations by a user;
s32: the identity verification module is connected with the service request module and used for verifying the identity of a user initiating the cloud service request; determining whether a service request input by a user exceeds a preset range or not based on the user permission level by using a request judging module;
s33: and when the service request input by the user does not exceed the user authority and the user verification is passed, the service management module is used for providing corresponding service based on the user service request and encrypting and uploading the data to be uploaded by the user.
CN202410159646.8A 2024-02-04 2024-02-04 Cloud service security cloud control system and method based on big data Pending CN117938535A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410159646.8A CN117938535A (en) 2024-02-04 2024-02-04 Cloud service security cloud control system and method based on big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410159646.8A CN117938535A (en) 2024-02-04 2024-02-04 Cloud service security cloud control system and method based on big data

Publications (1)

Publication Number Publication Date
CN117938535A true CN117938535A (en) 2024-04-26

Family

ID=90768438

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410159646.8A Pending CN117938535A (en) 2024-02-04 2024-02-04 Cloud service security cloud control system and method based on big data

Country Status (1)

Country Link
CN (1) CN117938535A (en)

Similar Documents

Publication Publication Date Title
US20220358242A1 (en) Data security hub
US11403413B2 (en) Avoiding user session misclassification using configuration and activity fingerprints
US11663364B2 (en) Whole-lifecycle encrypted big data analysis method and system for the data from the different sources
CA2924861C (en) Method and system for providing a secure secrets proxy
CN109450910A (en) Data sharing method, data sharing network and electronic equipment based on block chain
CN113612740B (en) Authority management method and device, computer readable medium and electronic equipment
US9998443B2 (en) Retrospective discovery of shared credentials
CN113468511B (en) Data processing method and device, computer readable medium and electronic equipment
CN109995791B (en) Data authorization method and system
CN113378125A (en) Cloud service security cloud control system and method based on big data
CN115168888B (en) Service self-adaptive data management method, device and equipment
Weng et al. Proof of unlearning: Definitions and instantiation
CN112883425B (en) Block chain-based data processing method and block chain link point
CN117251850A (en) Intelligent data sharing and monitoring method and system
CN117332391A (en) Power distribution network data asset security access method and system considering authority hierarchical management and control
CN117938535A (en) Cloud service security cloud control system and method based on big data
US20220343351A1 (en) Distributed scoring system
Srinivasa Rao et al. A secure and efficient temporal features based framework for cloud using MapReduce
CN114553882B (en) Government affair data treatment platform based on blockchain
US20190108331A1 (en) Real-time monitoring and alerting for directory object update processing
Yang TDACS: An ABAC and trust-based dynamic access control scheme in hadoop
US20240086923A1 (en) Entity profile for access control
CN116561741B (en) Data modeling method, system and related equipment
CN117527265B (en) Internet of things data acquisition system and method based on distributed digital identity
Guo et al. Blockchain-Based Cognitive Computing Model for Data Security on a Cloud Platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination