Cloud computing improves the efficiency of the use, analysis and management of big data, but also brings the worry of data security and private information disclosure of cloud service to the data contributors. To solve this problem, combined with the role-based access control, attribute-based access control methods and using the architecture of next generation access control, a reverse hybrid access control method based on object attribute matching in cloud computing environment was proposed. Firstly, the access right level of the shared file was set by the data contributor, and the minimum weight of the access object was reversely specified. Then, the weight of each attribute was directly calculated by using the variation coefficient weighting method, and the process of policy rule matching in the attribute centered role-based access control was cancelled. Finally, the right value of the data contributor setting to the data file was used as the threshold for the data visitor to be allowed to access, which not only realized the data access control, but also ensured the protection of private data. Experimental results show that, with the increase of the number of visits, the judgment standards of the proposed method for malicious behaviors and insufficient right behaviors tend to be stable, the detection ability of the method becomes stronger and stronger, and the success rate of the method tends to a relatively stable level. Compared with the traditional access control methods, the proposed method can achieve higher decision-making efficiency in the environment of large number of user visits, which verifies the effectiveness and feasibility of the proposed method.

Clustering algorithm is used to preprocess personal privacy information in order to achieve differential privacy protection, which can reduce the reconstruction error caused by directly distributing histogram data, and the reconstruction error caused by different combining methods of histogram. Aiming at the problem of sensitivity to input data parameters in DP-DBSCAN (Differential Privacy-Density-Based Spatial Clustering of Applications with Noise) differential privacy algorithm, the OPTICS (Ordering Points To Identify Clustering Structure) algorithm based on density clustering was applied to differential privacy protection. And an improved differential privacy protection algorithm, called DP-OPTICS (Differential Privacy-Ordering Points To Identify Clustering Structure) was introduced, the sparse dataset was compressed, the same variance noise and different variance noise were used as two noise-adding ways by comparison, considering the probability of privacy information's being broken by the attacker, the upper bound of privacy parameter ε was determined, which effectively balanced the relationship between the privacy of sensitive information and the usability of data. The DP-OPTICS algorithm was compared with the differential privacy protection algorithm based on OPTICS clustering and DP-DBSCAN algorithm. The DP-OPTICS algorithm is between the other two in time consumption. However, in the case of having the same parameters, the stability of the DP-OPTICS algorithm is the best among them, so the improved OP-OPTICS differential privacy protection algorithm is generally feasible.

To resist existing limitations and associated attack by anonymization of single sensitive attributes, an ( α _ij, k,m)-anonymity model based on greedy algorithm was proposed. Firstly, the ( α _ij, k,m)-anonymity model was mainly to protect multi-sensitive attribute information. Secondly, the model for level was carried out according to the sensitive values of the sensitive attributes, if there were m sensitive attributes, there were m tables. Thirdly, each level was assigned a specific account α _ij by the model. Finally, the ( α _ij, k,m)-anonymity algorithm based on greedy strategy was designed, and a local optimum method was adopted to implement the ideas of the model which improves the degree of data privacy protection. The proposed model was compared with other three models from information loss, execution times, and the sensitivity distance of equivalent class. The experimental results show that, although the execution time of the proposed model is slightly longer than other compared models, however, the information loss is less and the privacy protection degree of data is higher. It can resist the associated attack and protect the data of multi-sensitive attributes.