Search

CN-122020678-A - Data security storage and access control method and system in cloud computing environment

CN122020678ACN 122020678 ACN122020678 ACN 122020678ACN-122020678-A

Abstract

The invention provides a data security storage and access control method and system in a cloud computing environment, wherein the method comprises the steps of obtaining data to be stored and storing the data, and accessing target data according to a data access instruction of a user, and the steps of obtaining the data to be stored and storing the data to be stored comprise the steps of randomly splitting the data to be stored into a plurality of data blocks and encrypting the data blocks after the data to be stored is received, adding filling data into each data block to obtain reconstructed data blocks, and randomly storing the reconstructed data blocks on a plurality of physical nodes, so that the stored data cannot be read from a single physical node, the stored data can be prevented from being leaked, the security of data storage is improved, and the data in each reconstructed data block is not only encrypted, but also provided with filling data to increase interference, and the security of data storage can be further improved.

Inventors

  • CHEN YIXUAN
  • ZHANG SEN
  • LI QUANSHENG
  • LI BIAO
  • Wang Qianrun
  • CHEN BING
  • WANG HAIJIE

Assignees

  • 陈逸轩

Dates

Publication Date
20260512
Application Date
20251204

Claims (10)

  1. 1. The data security storage and access control method under the cloud computing environment is characterized by comprising the steps of acquiring data to be stored and storing the data, and accessing target data according to a data access instruction of a user; The step of acquiring and storing the data to be stored comprises the following steps: Splitting the data to be stored into a plurality of data blocks with different sizes, respectively generating sequence numbers of each data block according to the sequence of the data blocks, respectively adding each sequence number into the corresponding data block, and randomly sequencing the plurality of data blocks; acquiring identity information of a user corresponding to the data to be stored, respectively generating a key of each data block according to the random ordering according to the identity information, and respectively encrypting the corresponding data block by adopting each key; Splitting each data block into a plurality of effective sub-data blocks, and adding filling data between the effective sub-data blocks to respectively convert each data block into a reconstructed data block; Randomly storing the storage data blocks on different physical nodes of a server, acquiring a storage address of each effective sub-data block, and constructing storage information of the data to be stored according to the physical node where each storage data block is located and the storage address; the step of accessing the stored data according to the data access instruction of the user comprises the following steps: acquiring target storage information according to the data access instruction, and reading effective sub-data blocks of each storage data block according to the target storage information; and constructing a target data block according to the effective sub-data blocks, and sending the target data block to a client of a user according to the random ordering.
  2. 2. The method for secure storage and access control of data according to claim 1, wherein, Before the step of acquiring the target storage information according to the data access instruction, the method further comprises the following steps: Acquiring user information corresponding to the data access instruction, and judging whether the data access instruction is legal or not according to the user information; If yes, acquiring a time stamp of the data access instruction, and executing the step of acquiring target storage information according to the data access instruction under the condition that the time stamp is in a set working time period; and when the time stamp is not in the set working time period, judging that the user corresponding to the data access instruction has abnormality.
  3. 3. The method for secure storage and access control of data according to claim 2, wherein, The step of determining that the user corresponding to the data access instruction has an abnormality further comprises: And if the continuous set times judge that the user corresponding to the data access instruction is abnormal, triggering the biological identity authentication of the user.
  4. 4. The method for secure storage and access control of data according to claim 1, wherein, The step of accessing the target data according to the data access instruction of the user further comprises the following steps: And generating an access log of the target data, and storing the access log by adopting a blockchain.
  5. 5. The method for secure storage and access control of data according to claim 1, wherein, The step of accessing the target data according to the data access instruction of the user further comprises the following steps: and acquiring the access frequency of each stored data, and adjusting the redundant backup quantity of the corresponding stored data according to each access frequency.
  6. 6. The method for secure storage and access control of data according to claim 1, wherein, After the step of acquiring the data to be stored and storing the data, the method further comprises the following steps: Responding to a received data modification instruction, acquiring identity information of a user corresponding to the data modification instruction and target data corresponding to the data modification instruction, and verifying whether the user has permission to modify the target data according to the identity information; If yes, modifying the corresponding target data according to the data modification instruction.
  7. 7. The method for secure storage and access control of data according to claim 6, wherein, The step of modifying the corresponding target data according to the data modification instruction further comprises the following steps: and acquiring the historical access user of the target data, and sending the modified target data to the historical access user.
  8. 8. The method for secure storage and access control of data according to claim 1, wherein, The step of accessing the target data according to the data access instruction of the user further comprises the following steps: and generating a behavior portrait according to the access record of the user, and adjusting the authority threshold of the user according to the behavior portrait.
  9. 9. The method for secure storage and access control of data according to claim 1, wherein, After the step of acquiring the data to be stored and storing the data, the method further comprises the following steps: The sensitivity of the stored data is obtained and the key of the stored data is updated periodically according to the sensitivity.
  10. 10. A data security storage and access control system in a cloud computing environment, comprising a processor and a memory, wherein the memory has a computer program stored thereon, the processor being configured to execute the computer program to implement the steps of the data security storage and access control method of any of claims 1-9.

Description

Data security storage and access control method and system in cloud computing environment Technical Field The invention relates to the technical field of data security storage, in particular to a data security storage and access control method and system in a cloud computing environment. Background The cloud server can provide simple, efficient, safe and reliable computing service with elastically-stretchable processing functions, the management mode is simpler than that of a physical server, a user can efficiently create and release data, and the purposes of greatly reducing the operation and maintenance cost of the server and improving the operating working efficiency are achieved. Because the cloud server is a virtual computer running on the internet, it is easy to be invaded by hackers to cause data leakage, so how to improve the data security of the cloud server is a technical problem that the stored data in the cloud computing environment needs to face. Disclosure of Invention The invention provides a data security storage and access control method and system in a cloud computing environment, which are used for improving the security of data storage in the cloud computing environment. Specifically, in a first aspect, the present invention provides a method for securely storing and accessing data in a cloud computing environment, including a step of acquiring data to be stored and storing the data, and a step of accessing target data according to a data access instruction of a user; The step of acquiring and storing the data to be stored comprises the following steps: Splitting the data to be stored into a plurality of data blocks with different sizes, respectively generating sequence numbers of each data block according to the sequence of the data blocks, respectively adding each sequence number into the corresponding data block, and randomly sequencing the plurality of data blocks; acquiring identity information of a user corresponding to the data to be stored, respectively generating a key of each data block according to the random ordering according to the identity information, and respectively encrypting the corresponding data block by adopting each key; Splitting each data block into a plurality of effective sub-data blocks, and adding filling data between the effective sub-data blocks to respectively convert each data block into a reconstructed data block; Randomly storing the storage data blocks on different physical nodes of a server, acquiring a storage address of each effective sub-data block, and constructing storage information of the data to be stored according to the physical node where each storage data block is located and the storage address; the step of accessing the stored data according to the data access instruction of the user comprises the following steps: acquiring target storage information according to the data access instruction, and reading effective sub-data blocks of each storage data block according to the target storage information; and constructing a target data block according to the effective sub-data blocks, and sending the target data block to a client of a user according to the random ordering. Further, before the step of obtaining the target storage information according to the data access instruction, obtaining user information corresponding to the data access instruction, and judging whether the data access instruction is legal or not according to the user information; If yes, acquiring a time stamp of the data access instruction, and executing the step of acquiring target storage information according to the data access instruction under the condition that the time stamp is in a set working time period; and when the time stamp is not in the set working time period, judging that the user corresponding to the data access instruction has abnormality. Further, after the step of determining that the user corresponding to the data access instruction is abnormal, triggering the biometric authentication of the user if the continuous set times determine that the user corresponding to the data access instruction is abnormal. Further, the method further comprises the steps of generating an access log of the target data and storing the access log by adopting a blockchain after the step of accessing the target data according to the data access instruction of the user. Further, the method further comprises the steps of acquiring the access frequency of each stored data and adjusting the redundancy backup quantity corresponding to each stored data according to each access frequency after the step of accessing the target data according to the data access instruction of the user. Further, after the step of acquiring the data to be stored and storing the data, the method further comprises: Responding to a received data modification instruction, acquiring identity information of a user corresponding to the data modification instruction and target data corresponding to the data m