计算机科学

计算机科学 ›› 2016, Vol. 43 ›› Issue (3): 118-121.doi: 10.11896/j.issn.1002-137X.2016.03.024

• 信息安全 • 上一篇    下一篇

基于CP-ABE和XACML多权限安全云存储访问控制方案

刘晓建,王力生,廖新考   

  1. 同济大学电子与信息工程学院 上海201804,同济大学电子与信息工程学院 上海201804,同济大学电子与信息工程学院 上海201804
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受国家高技术研究发展计划(863项目)(2013AA040302)资助

Multiple Permissions Secure Access Control Scheme Combining CP-ABE and XACML in Cloud Storage

LIU Xiao-jian, WANG Li-sheng and LIAO Xin-kao   

  • Online:2018-12-01 Published:2018-12-01

PDF (PC)

1201

摘要: 为了保护云存储系统中用户数据的机密性和用户隐私,提出了一种基于属性加密结合XACML框架的多权限安全云存储访问控制方案。通过CP-ABE加密来保证用户数据的机密性,通过XACML框架实现基于属性细粒度访问控制。云存储系统中的用户数据通过对称加密机制进行加密,对称密钥采用CP-ABE加密。仿真实验表明,该方案是高效灵活并且安全的。安全性分析表明,该方案能够抵抗共谋攻击,具有数据机密性以及后向前向保密性。

关键词: 云存储,访问控制,密文策略属性加密,XACML

Abstract: In order to protect the confidentiality of user data and user privacy in cloud storage system,multiple permissions secure access control scheme combining ciphertext-policy attribute-based encryption(CP-ABE) and XACML was proposed.The confidentiality of user data is ensured by CP-ABE encryption and properties of fine-grained access control are implemented by XACML framework.In cloud storage system user data is encrypted by symmetric encryption mecha-nism,and symmetric key encryption uses the CP-ABE.Simulation results show that the model is efficient,flexible,and secure.Security analysis shows that the scheme can resist collusion attacks,has data confidentiality and backward forward confidentiality.

Key words: Cloud storage,Access control,Ciphertext-policy attribute-based encryption,XACML

[1] Larry D.Cloud computing hasn’t gone Fortune 500 yet,But it’s coming[EB/OL].(2008-03).http://www.zdnet.com/article/cloud-computing-hasnt-gone-fortune-500-yet-but-its-coming
[2] Christian C,Idit K,Alexander S.Trusting the cloud[J].Acm Sigact News,2009,40(2):81-86
[3] Goyal V,Pandey O,Sahai A,et al.Attribute-based encryptionfor fine-grained access control of encrypted data[C]∥Procee-dings of the 13th ACM Conference on Computer and Communications Security.New York:ACM,2006:89-98
[4] Bethencourt J,Sahai A,Waters B.Ciphertext-policy attribute-based encryption[C]∥IEEE Symposium on Security and Privacy.California,2007:321-334
[5] Pirretti M,Traynor P,McDaniel P,et al.Secure attribute-based systems[C]∥Proceedings of the 13th ACM conference on Computer and communications security.New York:ACM,2006:99-112
[6] Wang Peng-pian,Feng Deng-guo,Zhang Li-wu.CP-ABE Scheme Supporting Fully Fine-Grained Attribute Revocation[J].Journal of Software, 2012,23(10):2805-2816(in Chinese) 王鹏翩,冯登国,张立武.一种支持完全细粒度属性撤销的 CP-ABE方案[J].软件学报,2012,23(10):2805-2816
[7] Li Ming,Yu Shu-cheng,Zheng Yao.Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption[J].Parallel and Distributed Systems,2013,4(1):131-143
[8] Brent W.Public Key Cryptography-PKC 2011[M].Berlin:Springer,2011:53-70
[9] 马恒太,李鹏飞,颜学雄,等.Web服务安全[M].北京:电子工业出版社,2007:280-319
[10] Niu De-hua,Ma Jian-feng,Ma Zhuo,et al.Enhanced cloud sto-rage access control scheme based on arrtibute[J].Journal on Communications, 2013,4(Z1):276-284(in Chinese) 牛德华,马建峰,马卓,等.基于属性的安全增强云存储访问控制方案[J].通信学报,2013,4(Z1):276-284
[11] Sun’s XACML Implementation[EB/OL].http://sunxacml.sourceforge.net/
[12] Advanced Crypto Software Collection[EB/OL].http://acsc.cs.utexas.edu/cpabe/
[13] Chen Yan-li,Song Ling-ling,Yang Geng.Efficient Aceess Control Scheme Combining CP-ABE and SD in Cloud Computing[J].Computer Science,2014,1(9):152-157,8(in Chinese) 陈燕俐,宋玲玲,杨庚.基于CP-ABE和SD的高效云计算访问控制方案[J].计算机科学,2014,1(9):152-157,8
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发