计算机科学 ›› 2018, Vol. 45 ›› Issue (11): 149-154.doi: 10.11896/j.issn.1002-137X.2018.11.022
陈成, 努尔买买提·黑力力
CHEN Cheng, Nurmamat HELIL
摘要: 云存储允许数据拥有者将数据储存在云端,以便为用户提供数据共享服务。然而,同一个数据拥有者储存的不同数据之间可能会出现利益冲突。鉴于此,文中提出针对利益冲突数据集的基于密文策略属性基加密(CP-ABE)的访问控制方案。在该方案中,数据拥有者将虚拟属性用“与”门嵌入访问树中以得到修正的访问树,并在修正的访问树下对利益冲突数据集中的各个数据加密,从而避免了一个用户访问利益冲突数据集中的部分或全部数据而导致的错误、欺骗或风险。最后,从理论上对所提方案的效率和安全性进行了分析,分析结果表明了其是高效且安全的。
中图分类号:
[1]MELL P,GRANCE T.The NIST definition of cloud computing[J].Communications of the ACM,2011,53(6):50. [2]SAHAI A,WATERS B.Fuzzy identity-based encryption[C]∥International Conference on Theory and Applications of Cryptographic Techniques.Springer-Verlag,2005:457-473. [3]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]∥ACM Conference on Computer and Communications Security.ACM,2006:89-98. [4]OSTROVSKY R,SAHAI A,WATERS B.Attribute-based encryption with non-monotonic access structures[C]∥ACM Conference on Computer & Communications Security.2007:195-203. [5]ATTRAPADUNG N,IMAI H.Conjunctive broadcast and attribute-based encryption[C]∥Third International Conference.DBLP,2009:248-265. [6]ATTRAPADUNG N,IMAI H.Attribute-based encryption supporting direct/indirect revocation modes[C]∥Ima International Conference on Cryptography and Coding.Springer-Verlag,2009:278-300. [7]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]∥IEEE Symposium on Security and Privacy.IEEE Computer Society,2007:321-334. [8]BREWER D F C,NASH M J.The chinese wall security policy[C]∥IEEE Symposium on Security and Privacy.IEEE Xplore,1989:206-214. [9]BARACALDO N,JOSHI J.A trust-and-risk aware RBAC framework:tackling insider threat[C]∥Proceedings of the 17th ACM Symposium on Access Control Models and Technologies.ACM,2012:167-176. [10]HELIL N,RAHMAN K.CP-ABE access control scheme for sensitive data set constraint with hidden access policy and constraint policy[J].Security & Communication Networks,2017,2017(6):1-13. [11]YU S,WANG C,REN K,et al.Attribute based data sharing with attribute revocation[C]∥ACM Symposium on Information,Computer and Communications Security.ACM,2010:261-270. [12]YANG K,JIA X,REN K.Attribute-based fine-grained access control with efficient revocation in cloud storage systems[C]∥ACM Sigsac Symposium on Information,Computer and Communications Security.ACM,2013:523-528. [13]HUR J.Improving security and efficiency in attribute-based data sharing[J].IEEE Transactions on Knowledge & Data Engineering,2013,25(10):2271-2282. [14]ZU L,LIU Z,LI J.New ciphertext-policy attribute-based en- cryption with efficient revocation[C]∥IEEE International Conference on Computer and Information Technology.IEEE,2014:281-287. [15]WANG P P,FENG D G,ZHANG L W.CP-ABE scheme supporting fully fine-grained attribute revocation[J].Journal of Software,2012,23(10):2805-2816.(in Chinese) 王鹏翩,冯登国,张立武.一种支持完全细粒度属性撤销的CP-ABE方案[J].软件学报,2012,23(10):2805-2816. [16]SU J S,CAO D,WANG X F,et al.Attribute-based encryption schemes[J].Journal of Software,2011,22(6):1299-1315.(in Chinese) 苏金树,曹丹,王小峰,等.属性基加密机制[J].软件学报,2011,22(6):1299-1315. [17]FENG D G,CHEN C.Research on attribute-based cryptography[J].Journal of Cryptologic Research,2014,1(1):1-12.(in Chinese) 冯登国,陈成.属性密码学研究[J].密码学报,2014,1(1):1-12. [18]YAN X X,MENG H.Ciphertext policy attribute-based encryption schemesupporting direct revocation[J].Journal on Communications,2016,37(5):44-50.(in Chinese) 闫玺玺,孟慧.支持直接撤销的密文策略属性基加密方案[J].通信学报,2016,37(5):44-50. [19]ZHANG K,MA J F,LI H,et al.Multi-authority attribute-based encryption with efficient revocation[J].Journal on Communications,2017,38(3):83-91.(in Chinese) 张凯,马建峰,李辉,等.支持高效撤销的多机构属性加密方案[J].通信学报,2017,38(3):83-91. [20]SHAN Z Y,SUN Y F.A study of security attributes imme- diatere vocation in secure OS[J].Journal of Computer Research and Development,2002,39(12):1680-1688.(in Chinese) 单智勇,孙玉芳.安全操作系统安全属性即时撤消研究[J].计算机研究与发展,2002,39(12):1680-1688. [21]FANG L,YIN L H,GUO Y C,et al.A survey of key technologies in attribute-based access control scheme[J].Chinese Journal of Computers,2017,40(7):1680-1698.(in Chinese) 房梁,殷丽华,郭云川,等.基于属性的访问控制关键技术研究综述[J].计算机学报,2017,40(7):1680-1698. |
[1] | 郭鹏军, 张泾周, 杨远帆, 阳申湘. 飞机机内无线通信网络架构与接入控制算法研究 Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft 计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220 |
[2] | 阳真, 黄松, 郑长友. 基于区块链与改进CP-ABE的众测知识产权保护技术研究 Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE 计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075 |
[3] | 郭显, 王雨悦, 冯涛, 曹来成, 蒋泳波, 张迪. 基于区块链的工业控制系统角色委派访问控制机制 Blockchain-based Role-Delegation Access Control for Industrial Control System 计算机科学, 2021, 48(9): 306-316. https://doi.org/10.11896/jsjkx.210300235 |
[4] | 程学林, 杨小虎, 卓崇魁. 基于组织架构的数据权限控制模型研究与实现 Research and Implementation of Data Authority Control Model Based on Organization 计算机科学, 2021, 48(6A): 558-562. https://doi.org/10.11896/jsjkx.200700127 |
[5] | 潘瑞杰, 王高才, 黄珩逸. 云计算下基于动态用户信任度的属性访问控制 Attribute Access Control Based on Dynamic User Trust in Cloud Computing 计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013 |
[6] | 曹萌, 于洋, 梁英, 史红周. 基于区块链的大数据交易关键技术与发展趋势 Key Technologies and Development Trends of Big Data Trade Based on Blockchain 计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163 |
[7] | 何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳. 多云环境中基于属性加密的高效多关键词检索方案 Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment 计算机科学, 2021, 48(11A): 576-584. https://doi.org/10.11896/jsjkx.201000026 |
[8] | 徐堃, 付印金, 陈卫卫, 张亚男. 基于区块链的云存储安全研究进展 Research Progress on Blockchain-based Cloud Storage Security Mechanism 计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015 |
[9] | 王静宇, 刘思睿. 大数据风险访问控制研究进展 Research Progress on Risk Access Control 计算机科学, 2020, 47(7): 56-65. https://doi.org/10.11896/jsjkx.190700157 |
[10] | 顾荣杰, 吴治平, 石焕. 基于TFR 模型的公安云平台数据分级分类安全访问控制模型研究 New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model 计算机科学, 2020, 47(6A): 400-403. https://doi.org/10.11896/JsJkx.191000066 |
[11] | 潘恒, 李景峰, 马君虎. 可抵御内部威胁的角色动态调整算法 Role Dynamic Adjustment Algorithm for Resisting Insider Threat 计算机科学, 2020, 47(5): 313-318. https://doi.org/10.11896/jsjkx.190800051 |
[12] | 王辉, 刘玉祥, 曹顺湘, 周明明. 融入区块链技术的医疗数据存储机制 Medical Data Storage Mechanism Integrating Blockchain Technology 计算机科学, 2020, 47(4): 285-291. https://doi.org/10.11896/jsjkx.190400001 |
[13] | 屠袁飞,张成真. 面向云端的安全高效的电子健康记录 Secure and Efficient Electronic Health Records for Cloud 计算机科学, 2020, 47(2): 294-299. https://doi.org/10.11896/jsjkx.181202256 |
[14] | 乔毛,秦岭. 云存储服务中一种高效属性撤销的AB-ACCS方案 AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services 计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015 |
[15] | 黄美蓉, 欧博, 何思源. 一种基于特征提取的访问控制方法 Access Control Method Based on Feature Extraction 计算机科学, 2019, 46(2): 109-114. https://doi.org/10.11896/j.issn.1002-137X.2019.02.017 |
|