期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

DIFC-AC:一种云计算中信息隐私性保护方法 被引量:5

DIFC-AC: INFORMATION PRIVACY PROTECTION FOR CLOUD COMPUTING SYSTEM
下载PDF
导出
摘要 随着云计算这种新的网络计算模式的普及,云用户信息隐私性保护问题成为云计算领域亟待解决的重要问题。当用户将数据上传到云服务器端,用户就不再能保证其数据受到保护。为了让用户对上传到云上的数据进行自主的授权和控制,提出一种基于分布式信息流控制的访问控制方法 DIFC-AC,其核心思想是采用安全标签来跟踪数据的流动,数据所有者通过在标签中设置授权条件来控制进程对该数据的访问权限。提出DIFC-AC原型系统的设计与实现,DIFC-AC保证用户数据在服务器端的整个生命周期的隐私性。性能测试数据显示DIFC-AC原型系统的性能开销能够控制在合理范围之内。 With the permeation of cloud computing,this new networks computation mode also raises the information privacy protection issue,which becomes an important problem to be urgently resolved in cloud computing field.Once the data is uploaded to the cloud server,users are no longer to be able to guarantee the data is protected.In order to allow users to autonomously authorise and control the data uploaded to the cloud,we present DIFC-AC,an access control method based on decentralised information flow control model.The core idea of DIFC-AC is to use security labels to track data flows.Data owners control the access privileges of the process on the data by setting control conditions on the labels.The design and implementation of a prototype system of DIFC-AC is presented.DIFC-AC ensures the user data privacy on the server throughout the life-time.Performance evaluation data shows that the prototype system imposes reasonably low runtime overhead.
作者 叶志伟 叶建伟
机构地区 哈尔滨工业大学计算机科学与技术学院
出处 《计算机应用与软件》 CSCD 北大核心 2013年第3期30-34,共5页 Computer Applications and Software
基金 国家自然科学基金项目(NSF61100188)
关键词 隐私性保护 云计算 分布式信息流控制 安全标签 Privacy protection Cloud computing Decentralised information flow control Security label
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献9

  • 1IDC. IT Cloud Services User Survey, pt. 2 : Top Benefits & Challenges [ R/OL]. [2008 - 10 -02]. http://blogs, idc. eom/ie/? p =210.
  • 2Cachin C, Keidar I, Shraer A. Trusting the cloud [ J ]. ACM SIGACT News,2009,40 ( 2 ) : 81 - 86.
  • 3冯登国,张敏,张妍,徐震.云计算安全研究[J].软件学报,2011,22(1):71-83. 被引量:1072
  • 4Denning D E. A Lattice Model of Secure Information Flow[ J]. Commu- nications of the ACM, 1976,19 (5) :236 - 243.
  • 5Myers A C, Liskov B. Protecting Privacy Using the Decentralized Label Model[ J ]. ACM Transactions on Computer Systems, 2000,9 ( 4 ) : 410 - 442.
  • 6Efstathopoulos P, Krohn M, Vandebogart S, et al. Labels and Event Processes in the Asbestos Operating System [ J ]. Operating Systems Re- view(ACM) ,2005,39 (5) : 17 - 30.
  • 7Zeldovich N, Boyd S, Kohler E, et al. Making Information Flow Explicit in HiStar[ C ]//Proceedings of the 7th USENIX Symposium on Operat- ing Systems Design and Implementation, Seattle, WA, USA, 2006 : 263 - 278.
  • 8Zeldovich N, Boyd-Wickizer S, Mazieres D. Securing Distributed Sys- tems with Information Flow Control [ C ]//Proceedings of 5th USENIX Symposium on Networked Systems Design and Implementation, 2008 : 293 - 308.
  • 9Krohn M, Yip A, Brodsky M, et al. Information Flow Control for Stand- ard OS Abstractions[ C]//ACM. Proceedings of the 21st ACM Sympo- sium on Operating Systems Principles, Stevenson, WA, USA, 2007. NY USA : ACM ,2007:321 - 334.

二级参考文献24

  • 1罗武庭.DJ—2可变矩形电子束曝光机的DMA驱动程序[J].LSI制造与测试,1989,10(4):20-26. 被引量:373
  • 2Organization for the Advancement of Structured Information Standards (OASIS) http://www.oasis-open.org/.
  • 3Distributed Management Task Force (DMTF) http://www.dmtf.org/home.
  • 4Cloud Security Alliance http://www.cloudsecurityalliance.org.
  • 5Crampton J, Martin K, Wild P. On key assignment for hierarchical access control. In: Guttan J, ed, Proc. of the 19th IEEE Computer Security Foundations Workshop--CSFW 2006. Venice: IEEE Computer Society Press, 2006. 5-7.
  • 6Damiani E, De S, Vimercati C, Foresti S, Jajodia S, Paraboschi S, Samarati P. An experimental evaluation of multi-key strategies for data outsourcing. In: Venter HS, Eloff MM, Labuschagne L, Eloff JHP, Solms RV, eds. New Approaches for Security, Privacy and Trust in Complex Environments, Proc. of the IFIP TC-11 22nd Int'l Information Security Conf. Sandton: Springer-Verlag, 2007. 395-396.
  • 7Bethencourt J, Sahai A, Waters B. Ciphertext-Policy attribute-based encryption. In: Shands D, ed. Proc. of the 2007 IEEE Symp. on Security and Privacy. Oakland: IEEE Computer Society, 2007. 321-334. [doi: 10.1109/SP.2007.11].
  • 8Yu S, Ren K, Lou W, Li J. Defending against key abuse attacks in KP-ABE enabled broadcast systems. In: Bao F, ed. Proc. of the 5th Int'l Conf. on Security and Privacy in Communication Networks. Singapore: Springer-Verlag, http://www.linkpdf.com/ ebook-viewer.php?url=http://www.ualr.edu/sxyul/file/SecureCommO9_AFKP_ABE.pdf.
  • 9Ibraimi L, Petkovic M, Nikova S, Hartel P, Jonker W. Ciphertext-Policy attribute-based threshold decryption with flexible delegation and revocation of user attributes. Technical Report, Centre for Telematics and Information Technology, University of Twente, 2009.
  • 10Roy S, Chuah M. Secure data retrieval based on ciphertext policy attribute-based encryption (CP-ABE) system for the DTNs. Technical Report, 2009.

共引文献1071

同被引文献25

  • 1Cloud Security Alliance. Security guidance for critic m'eas of focus in cloud computing v2.1 [ EB/OL]. [2011-12-24]. http://www, cloudsecurityalliance, org/-guidance/csaguide. v2.1. pdf.
  • 2MORENO-VOZMEDIANO R, MONTERO R S, LLORENTE I M. IaaS cloud architecture:From virtualized datacenters to federated cloud infrastructures [ J ]. Computer, 2012, 45 (12) :65 -72.
  • 3JIN H. QoS-driven service selection for multi-tenant SaaS [ C ] l//Proceedings of the 5th International Conference on Cloud Computing. 2012:566 - 573.
  • 4WANG Cong, CAO Ning, LI Jin, et al. Secure ranked key- word search over encrypted cloud data[ C ]///Proceedings of the 30th IEEE Imernational Conference on Distributed Computing Systems(ICDCS). 2010:253 - 262.
  • 5WANG C, WANG Q, REN K, et al. Privacy-preserving public auditing for data storage security in cloud compu- ting[ C] JJIEEE INFOCOM. 2010:1 - 9.
  • 6陈康,郑纬民.云计算:系统实例与研究现状[J].软件学报,2009,20(5):1337-1348. 被引量:1311
  • 7周水庚,李丰,陶宇飞,肖小奎.面向数据库应用的隐私保护研究综述[J].计算机学报,2009,32(5):847-861. 被引量:221
  • 8毛剑,李坤,徐先栋.云计算环境下隐私保护方案[J].清华大学学报(自然科学版),2011,51(10):1357-1362. 被引量:43
  • 9黄汝维,桂小林,余思,庄威.云环境中支持隐私保护的可计算加密方法[J].计算机学报,2011,34(12):2391-2402. 被引量:61
  • 10徐鹏,陈思,苏森.互联网应用PaaS平台体系结构[J].北京邮电大学学报,2012,35(1):120-124. 被引量:57

引证文献5

二级引证文献3

计算机应用与软件
2013年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部