期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种面向云存储的动态授权访问控制机制 被引量:15

An Access Control Mechanism with Dynamic Privilege for Cloud Storage
下载PDF
导出
摘要 云存储是一种新型的数据存储体系结构,云存储中数据的安全性、易管理性等也面临着新的挑战.首先,云存储系统需要为用户提供安全可靠的数据访问服务,并确保云端数据的安全性.为此,研究者们针对云存储中数据结构复杂、数据存储量大等特点提出了属性加密(attribute-based encryption,ABE)方案,为云储存系统提供细粒度的密文访问控制机制.在该机制中,数据所有者使用访问策略表示数据的访问权限并对数据进行加密.但数据的访问权限常会因各种原因发生改变,从而导致云中存储密文的频繁更新,进而影响数据的易管理性.为避免访问权限管理造成大量的计算和通信开销,提出了一种高效、安全、易管理的云存储体系结构:利用ABE加密机制实现对密文的访问控制,通过高效的动态授权方法实现访问权限的管理,并提出了不同形式的访问策略之间的转换方法,使得动态授权方法更为通用,不依赖于特定的访问策略形式;针对授权执行者的不同,制定了更新授权、代理授权和临时授权3种动态授权形式,使得动态授权更为灵活、快捷;特别地,在该动态授权方法中,授权执行者根据访问策略的更改计算出最小增量集合,并根据该增量集合更新密文以降低密文更新代价.理论分析和实验结果表明,该动态授权方法能减小资源的耗费、优化系统执行效率、提高访问控制机制灵活性. Cloud storage is a novel data storage architecture.There are some challenges about data security and manageability in cloud.Cloud needs to provide secure and reliable data access service for users.Because of the variety and volume of the data in cloud,a fine-grained access control mechanism named attribute-based encryption(ABE)has been proposed to ensure data security.In ABE mechanism,data owner describes access privileges of data by access policies and encrypts the data with the policy.User can recover the data if and only if he matches with the policy.Due to various reasons,the access privilege is dynamic and changeable,which increases the difficulty of data management and costs lot of system resource in cloud.Thus,we construct a cloud storage architecture provided by fine-grained ciphertext access control mechanism by use of utilizing ABE which supports efficient,security and manageable data access service.Firstly,we propose a transformation method amongst the common types of access policy,such that the access policy is expressed more generaly.Secondly,we provide three methods to manage access policy:updating privilege,agency privilege and temporary privilege.All of the methods can reduce a lot of computation and communication cost brought by policy updating.Finally,we give the analysis and simulation about our scheme.The results show that our cloud storage architecture is security,efficient and manageable.
作者 王晶 黄传河 王金海
机构地区 武汉大学计算机学院
出处 《计算机研究与发展》 EI CSCD 北大核心 2016年第4期904-920,共17页 Journal of Computer Research and Development
基金 国家自然科学基金项目(61373040 61173137) 高等学校博士学科点专项科研基金项目(20120141110002) 湖北省自然科学基金重点项目(2010CDA004)~~
关键词 云存储体系结构 数据安全 动态授权 属性加密 访问控制系统 cloud storage architecture data security dynamic privilege attribute-based encryption(ABE) access control system
分类号 TP303 [自动化与计算机技术—计算机系统结构] TP309 [自动化与计算机技术—计算机科学与技术]
  • 相关文献

参考文献26

  • 1Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data [C] //Proc of the 13th ACM Conf on Computer and Communications Security. New York: ACM, 2006:89-98. 被引量:1
  • 2Su Wenchi, Chang Shuchih Ernest. Integrated cloud storage architecture for enhancing service reliability, availability and scalability [C] //Proc of IEEE Int Conf on Information Science, Electronics and Electrical Engineering. Piseataway, NJ: IEEE, 2014i 764-768. 被引量:1
  • 3Sahai A, Seyalioglu H, Waters B, et al. Dynamic credentials and ciphertext delegation for attribute-based encryption [C] //Proe of the 32nd Cryptology Conf. Berlin: Springer, 2012: 199-217. 被引量:1
  • 4Yang Kan, Jia Xiaohua, Ren Kui, et al. Enabling efficient access control with dynamic policy updating for big data in the cloud [C] //Proc of the 33rd Annual IEEE Int Conf on Computer Communications, New York : IEEE Communications Society, 2014:2013-2021. 被引量:1
  • 5Liu Zhen, Cao Zhenfu. On efficiently transferring the linear secret-sharing scheme matrix in ciphertext-policy attribute based encryption[R/OL]. IACR Cryptology ePrint Archive, 2010 [2010-06 29]. http://eprint, iacr. org/2010/374. 被引量:1
  • 6傅颖勋,罗圣美,舒继武.一种云存储环境下的安全网盘系统[J].软件学报,2014,25(8):1831-1843. 被引量:28
  • 7张桂刚,李超,张勇,邢春晓.一种基于海量信息处理的云存储模型研究[J].计算机研究与发展,2012,49(S1):32-36. 被引量:23
  • 8Buyya R, Chee S Y, Venugopal S. Market oriented cloud eomputing~ Vision, hype, and rea!.ity for de~i,#ering it services as computing utilities [C]//Proc of the 10th IEEE Int Conf on High Performance Computing and Communications. Piscataway, NJ: IEEE, 2008: 6-13. 被引量:1
  • 9Beimel A. Secure schemes for secret sharing and key distribution [D]. Haifa, Israel: Faculty of Computer Science, Technion-Israel Institute of Technology, 1996. 被引量:1
  • 10Andersen A, Trygve A, Schirmer N. Privacy for cloud storage [C] //Proc of Securing Electronic Business. Berlin; Springer, 2014:211-219. 被引量:1

二级参考文献84

  • 1Fiat A, Naor M. Broadcast encryption. In: Stinson DR, ed. Advances in Cryptology-CRYPTO'93. Berlin, Heidelberg: Springer- Verlag, 1994. 480-491. 被引量:1
  • 2Naor D, Naor M, Lotspiech J. Revocation and tracing schemes for stateless receivers. In: Kilian J, ed. Advances in Cryptology- CRYPTO 2001. Berlin, Heidelberg: Springer-Verlag, 2001.41-62. 被引量:1
  • 3Boneh D, Gentry C, Waters B. Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup V, ed. Advances in Crytology-CRYPTO 2005. Berlin, Heidelberg: Springer-Verlag, 2005. 258-275. [doi: 10.1007/11535218_16]. 被引量:1
  • 4Shamir A. Identity-Based cryptosystems and signature schemes. In: Blakley GR, Chaum D, eds. Advances in Cryptology- CRYPTO'84. Berlin, Heidelberg: Springer-Verlag, 1984.47-53. 被引量:1
  • 5Boneh D, Franklin M. Identity-Based encryption from the weil pairing. In: Kilian J, ed. Advances in Cryptology-CRYPTO 2001. LNCS 2139, Berlin, Heidelberg: Springer-Verlag, 2001. 213-229. [doi: 10.1007/3-540-44647-8_13]. 被引量:1
  • 6Sahai A, Waters B. Fuzzy identity-based encryption. In: Cramer R, ed. Advances in Cryptology-EUROCRYPT 2005. Berlin, Heidelberg: Springer-Verlag, 2005. 457-473. 被引量:1
  • 7Goyal V, Pandey O, Sahai A, Waters B. Attribute-Based encryption for fine-grained access control of encrypted data. In: Proc. of the 13th ACM Conf. on Computer and Communications Security. New York: ACM Press, 2006. 89-98. [doi: 10.1145/1180405. 1180418]. 被引量:1
  • 8Yu SC, Ren K, Lou WJ. Attribute-Based content distribution with hidden policy. In: Proc. of the 4th Workshop on Secure Network Protocols (NPSec). Orlando: IEEE Computer Society, 2008.39-44. [doi: 10.1109/NPSEC.2008.4664879]. 被引量:1
  • 9Traynor P, Butler K, Enck W, Mcdaniel P. Realizing massive-scale conditional access systems through attribute-based cryptosystems. In: Proc. of the 15th Annual Network and Distributed System Security Symp. (NDSS 2008). San Diego: USENIX Association, 2008.1-13. 被引量:1
  • 10Cheung L, Newport C. Provably secure ciphertext policy ABE. In: Proc. of the ACM Conf. on Computer and Communications Security. New York: ACM Press, 2007.456-465. [doi: 10.1145/1315245.1315302]. 被引量:1

共引文献146

同被引文献132

引证文献15

二级引证文献102

计算机研究与发展
2016年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部