基于SAMBA和CP-ABE的异构系统访问控制方法

Access Control Method for Heterogeneous Systems Based on SAMBA and CP-ABE

针对企业私有云计算环境下原有的Windows操作系统所采用的AD单点登录不能直接访问云服务器的问题,提出一种基于SAMBA协议的异构系统CP-ABE加密访问控制方法。现有的异构系统单点登录依赖外部服务器完成身份认证,存在安全隐患且响应速度受网络环境影响,通过在Linux服务器上配置SAMBA本地服务器作为中介,利用Winbind组件和Kerberos组件实现AD账户到SAMBA服务器的映射和身份认证,避免了依赖第三方认证服务器存在的安全风险以及信息交互期间存在的网络性能隐患,同时iSCSI组件将云存储系统与SAMBA服务器相连,Quota工具对不同用户和组设置磁盘配额,实现了对云存储空间的合理利用。最后,采用CP-ABE技术进行访问控制和文件加密确保数据的安全传输和隐私保护,最终实现AD账户单点登录云存储系统。实验表明,该方法在企业私有云环境下能够有效解决异构系统的加密访问控制问题,为混合云环境下的访问控制提供了一种有效的解决方案,为企业数据安全和管理提供了有力支持。

The issue of the original Active Directory(AD) single sign-on used in the enterprise private cloud computing environment not being able to directly access cloud servers is addressed by proposing a cloud storage heterogeneous system CP-ABE encryption access control method based on the SAMBA protocol.Existing cross-platform single sign-on relies on external servers to complete identity authentication,which introduces security risks and is influenced by network environments in terms of response speed.By configuring the SAMBA local server as an intermediary on a Linux server,mapping AD accounts to the SAMBA server,and completing identity authentication using Winbind and Kerberos components,reliance on third-party authentication servers' security risks and network performance issues during information exchange are avoided.Additionally,the iSCSI component connects the cloud storage system with the SAMBA server,and disk quotas for different users and groups are set using the Quota tool,ensuring the rational utilization of cloud storage space.Finally,CP-ABE technology is employed for access control and file encryption to ensure secure data transmission and privacy protection,ultimately achieving AD account single sign-on to the cloud storage system.Experiments demonstrate that the proposed method effectively resolves the cross-platform encrypted access control problem in enterprise private cloud environments,providing an effective solution for access control in hybrid cloud environments and strong support for enterprise data security and management.