摘要
针对缺乏适合基于云计算的生产型重要信息系统内部隔离机制的问题,对云计算模式下现有的访问控制技术进行了比较,提出了基于两级密钥管理的访问控制方案。第一级构造了一个基于单项散列函数的访问控制多项式实现了子群体间信息流的隔离,即实现了生产型重要信息系统内部门间的信息隔离;在第一级密钥管理的基础上,提出了子群体间层次密钥管理,实现不同部门间信息流的访问控制。然后对该方案的安全性和复杂度进行了分析。最后,通过实例和仿真实验对基于两级密钥管理的访问控制方案进行了验证。
There is no appropriate internal isolation mechanism for important production information system based on cloud computing. Here the main access control technologies were compared thoroughly and then two-layer key management scheme was put forward. In terms of the first layer, access control polynomial based on one-way hash function was constructed to achieve the separation of information flow between subgroups, that is, the information isolation within any department of a company was accomplished. Based on the first layer, a hierarchical key management was presented for different subgroups so as to realize the access control between different departments of a company. Then the security and complexity were analyzed. Finally, through the example and simulation experiment, the access control model based on two-layer key management scheme was verified.
出处
《通信学报》
EI
CSCD
北大核心
2013年第S1期207-215,共9页
Journal on Communications
基金
国家科技重大专项"新一代宽带无线移动通信网"基金资助项目(2012ZX03002003)
国家高技术研究发展计划("863"计划)基金资助项目(2009AA01Z437)
国家核高基金资助项目(2010ZX01037-001-001)~~
关键词
云计算
密码学访问控制
密钥管理
生产型信息系统
cloud computing
cryptographic access control
key management
production information system
