摘要
针对云计算下基于属性访问控制策略容易被第三方修改造成资源被恶意访问的情况和现有策略检索方法效率低的问题,提出基于默克尔-帕特里夏树(MPT)和布隆过滤器(Bloom Filter)的属性访问控制策略管理方法。为访问控制策略集合构建一棵MPT树,通过PDP进行验证的方式监督策略是否被修改,把策略集合通过Hash函数映射到Bloom Filter,通过对访问控制请求进行hash运算来完成策略检索过程。理论分析和实验结果表明,该方法能在策略被篡改时以改变根hash的方式导致PDP验证失败,提高策略的安全性,与其它的策略检索方法相比,该方法提高了策略的检索效率。
Aiming at the situation that attribute-based access control policy is easy to be modified by a third party in cloud computing environment,which results in malicious access to resources,as well as the problem that the existing retrieval method of policy is inefficient,an attribute access control policy management method based on MPT and Bloom Filter was proposed.An MPT tree was constructed for the set of access control policies,and whether the policies were modified by means of PDP verification was supervised.The policy set was mapped to the Bloom Filter through the Hash function,and the policy retrieval process was completed by performing the hash operation on the search policy.Theoretical analysis and experimental results show that the proposed method can cause PDP verification failure by changing the root hash when the policy is tampered,thereby improving the security of the policy.Compared with other policy retrieval methods,the proposed method improves the policy efficiency of policies.
作者
潘瑞杰
王高才
黄珩逸
PAN Rui-jie;WANG Gao-cai;HUANG Heng-yi(School of Computer and Electronic Information,Guangxi University,Nanning 530004,China)
出处
《计算机工程与设计》
北大核心
2022年第3期601-607,共7页
Computer Engineering and Design
基金
国家自然科学基金项目(62062007)。
