虚拟分组撤销策略的云存储访问控制模型

Virtual Group Revocation Policy-based Cloud Storage Access Control Model

下载PDF

导出

摘要为解决现有云存储访问控制模型用户权限撤销效率低、无法适应大规模用户的问题,在分析基于属性加密的密文策略的基础上提出了一个新的模型,给出了虚拟分组撤销策略,将用户映射到多个虚拟分组中,并重新构建了访问结构。用户权限撤销的范围被限制在一个虚拟分组内,对该虚拟组内的用户重新分发密钥即可实现用户权限撤销,而其它虚拟分组不需要任何变化,从而提高了用户权限撤销的效率。在Hadoop平台下进行了仿真实验,结果表明该模型具有较高的撤销效率。 To solve the problems that the existing cloud storage access control models have low efficiency of users＇ privilege revocation and are unable to adapt to a large number of users,this paper proposed a new model on the basis of analysis of cipher-text policy attribute-based encryption.Virtual group revocation policy was given,all users were mapped to multiple virtual groups,and the access structure was rebuilt.The range of users＇ privilege revocation was limited within a virtual group.By redistributing the users＇ private key in the certain virtual group where revocation takes place,users＇ privilege revocation can be achieved without any changes in the other virtual groups.Obviously,this approach greatly improves the efficiency of users＇ privilege revocation.A simulation experiment was conducted in Apache Hadoop platform,and the experiment results demonstrate that this model has higher efficiency on users＇ privilege revocation.

作者谢丽霞薄夫宽赵彬彬

机构地区中国民航大学计算机科学与技术学院

出处《计算机科学》 CSCD 北大核心 2016年第5期122-126,共5页 Computer Science

基金国家科技重大专项(2012ZX03002002) 国家自然科学基金(60776807 61179045) 天津市科技计划重点项目(09JCZDJC16800) 中国民航科技基金(MHRD201009 MHRD201205)资助

关键词云存储访问控制虚拟分组用户权限撤销 Cloud storage Access control Virtual group Users＇ privilege revocation

分类号 TP309 [自动化与计算机技术—计算机系统结构] TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献12

1Wu J,Fu J,Lin Z,et al.A survey on cloud storage [J].Journal of Computers,2011,6(8):1764-1771.
2Elavarasi P,Parijatham R.Key updation for the dynamic attri-butes in cloud computing for competent user retraction [J].International Journal of Engineering Science and Technology,2013,5(06s):2278-9510.
3Sahai A,Waters B.Fuzzy identity-based encryption[C]∥The 24th Annual International Conference on Theory and Applications of Cryptographic Techniques.Berlin:Springer,2005:457-473.
4Goyal B,Pandey O,Sahai A,et al.Attribute based encryption for fine-grained access control of encrypted data[C]∥The 13th ACM Conference on Computer and Communications Security.New York:ACM Press,2006:89-98.
5Bethencourt J,Sahai A,Waters B.Ciphertext-policy attribute-based encryption[J].Journal of Network and Computer Applications,2010,33(2):76-83.
6Waters B.Ciphertext-policy attribute-based encryption:An expressive,efficient,and provably secure realization[C]∥The 14th International Conference on Practice and Theory in Public Key Cryptography.Berlin:Springer,2011,6571:53-70.
7Zhang R,Chen P.A Dynamic Cryptographic Access Control Sch-eme in Cloud Storage Services [C]∥2012 8th International Conference on Computing and Networking Technology.Washington D C:IEEE CS Press,2012:50-55.
8Pervez Z,Khattak A M,Lee S,et al.SAPDS:self-healing attri-bute-based privacy aware data sharing in cloud[J].The Journal of Supercomputing,2012,62(1):431-460.
9Yang K,Jia X,Ren K.Attribute-based Fine-Grained AccessControl with Efficient Revocation in Cloud Storage Systems[C]∥The 8th ACM Symposium on Information,Computer and Communications Security.New York:ACM Press,2013:523-528.
10Yu S,Wang S,Ren K,et al.Attribute based data sharing with attribute revocation[C]∥The 5th ACM Symposium on Information,Computer and Communications Security.New York:ACM Press,2010:261-270.

二级参考文献56

1Fiat A, Naor M. Broadcast encryption. In: Stinson DR, ed. Advances in Cryptology-CRYPTO'93. Berlin, Heidelberg: Springer- Verlag, 1994. 480-491.
2Naor D, Naor M, Lotspiech J. Revocation and tracing schemes for stateless receivers. In: Kilian J, ed. Advances in Cryptology- CRYPTO 2001. Berlin, Heidelberg: Springer-Verlag, 2001.41-62.
3Boneh D, Gentry C, Waters B. Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup V, ed. Advances in Crytology-CRYPTO 2005. Berlin, Heidelberg: Springer-Verlag, 2005. 258-275. [doi: 10.1007/11535218_16].
4Shamir A. Identity-Based cryptosystems and signature schemes. In: Blakley GR, Chaum D, eds. Advances in Cryptology- CRYPTO'84. Berlin, Heidelberg: Springer-Verlag, 1984.47-53.
5Boneh D, Franklin M. Identity-Based encryption from the weil pairing. In: Kilian J, ed. Advances in Cryptology-CRYPTO 2001. LNCS 2139, Berlin, Heidelberg: Springer-Verlag, 2001. 213-229. [doi: 10.1007/3-540-44647-8_13].
6Sahai A, Waters B. Fuzzy identity-based encryption. In: Cramer R, ed. Advances in Cryptology-EUROCRYPT 2005. Berlin, Heidelberg: Springer-Verlag, 2005. 457-473.
7Goyal V, Pandey O, Sahai A, Waters B. Attribute-Based encryption for fine-grained access control of encrypted data. In: Proc. of the 13th ACM Conf. on Computer and Communications Security. New York: ACM Press, 2006. 89-98. [doi: 10.1145/1180405. 1180418].
8Yu SC, Ren K, Lou WJ. Attribute-Based content distribution with hidden policy. In: Proc. of the 4th Workshop on Secure Network Protocols (NPSec). Orlando: IEEE Computer Society, 2008.39-44. [doi: 10.1109/NPSEC.2008.4664879].
9Traynor P, Butler K, Enck W, Mcdaniel P. Realizing massive-scale conditional access systems through attribute-based cryptosystems. In: Proc. of the 15th Annual Network and Distributed System Security Symp. (NDSS 2008). San Diego: USENIX Association, 2008.1-13.
10Cheung L, Newport C. Provably secure ciphertext policy ABE. In: Proc. of the ACM Conf. on Computer and Communications Security. New York: ACM Press, 2007.456-465. [doi: 10.1145/1315245.1315302].

共引文献97

1萧萍.基于矩阵的隐藏访问结构的属性基加密方案[J].自动化与仪器仪表,2016(3):221-222.
2刘帆,杨明.一种用于云存储的密文策略属性基加密方案[J].计算机应用研究,2012,29(4):1452-1456. 被引量：25
3马丹丹,陈勤,党正芹,张金漫.基于多属性机构的密文策略加密机制[J].计算机工程,2012,38(10):114-116. 被引量：5
4黄杜煜,张振峰,张立武.一个适应性安全的支持用户私钥撤销的KP-ABE方案[J].小型微型计算机系统,2012,33(10):2194-2198.
5马海英,曾国荪.可追踪并撤销叛徒的属性基加密方案[J].计算机学报,2012,35(9):1845-1855. 被引量：12
6傅颖勋,罗圣美,舒继武.安全云存储系统与关键技术综述[J].计算机研究与发展,2013,50(1):136-145. 被引量：175
7胡海英,商威.一种可撤销的KP-ABE方案[J].计算机系统应用,2013,22(9):123-128. 被引量：5
8方忠进,夏志华,周舒.基于属性加密的气象云数据访问控制策略研究[J].计算机科学,2013,40(12):205-207. 被引量：2
9刘孟占,印凯泽.基于密文规则的属性基加密技术的云存储数据共享机制[J].计算机应用,2013,33(A02):133-135. 被引量：8
10王冠,范红,杜大海.云存储访问控制方案的安全性分析与改进[J].计算机应用,2014,34(2):373-376. 被引量：7

1王榕国,黄日茂.基于数据相关性无线传感器网络的虚拟分组管理方法[J].信息安全与技术,2012,3(12):98-101.
2赵勇,杨树堂,陆松年,李建华.支持远程的大规模多用户虚拟分组及其应用技术研究[J].计算机应用与软件,2008,25(4):7-8. 被引量：1
3查婷民,陆松年,杨树堂.大规模多用户并发控制的防火墙实验系统[J].信息技术,2008,32(2):130-131.
4王珍珍,吴小霞,张超英,禤浚波,覃章荣.基于结果类型分组的XML关键字查询[J].计算机应用研究,2011,28(11):4194-4198. 被引量：1
5方英兰,金浩,韩兵.一种针对已有应用服务的单点登录解决方案[J].北方工业大学学报,2015,27(3):36-42. 被引量：1
6张茂辉.一种简洁单点登录系统设计与实现[J].电脑编程技巧与维护,2014(4):36-38.
7张齐,钟观宝.基于用户映射的CAS单点登录系统设计与实现[J].信息通信技术,2009,3(4):6-11. 被引量：12
8徐宜会.可信计算直接匿名验证[J].重庆工学院学报,2007,21(19):136-141. 被引量：1
9董新风,李保国.企业信息门户单点登录和信息集成[J].兵工自动化,2011,30(8):46-49. 被引量：1
10郭一辰,陈靖,张黎,黄聪会.大规模无线移动自组织网络混合模拟测试方法[J].计算机应用,2013,33(1):101-104. 被引量：2

计算机科学

2016年第5期

浏览历史

内容加载中请稍等...

虚拟分组撤销策略的云存储访问控制模型

参考文献12

二级参考文献56

共引文献97

相关作者

相关机构

相关主题

浏览历史