摘要
为解决数据混合存储导致精准查找速度慢、数据未分类分级管理造成安全治理难等问题,构建基于主从多链的数据分类分级访问控制模型,实现数据的分类分级保障与动态安全访问。首先,构建链上链下混合式可信存储模型,以平衡区块链面临的存储瓶颈问题;其次,提出主从多链架构,并设计智能合约,将不同隐私程度的数据自动存储于从链;最后,以基于角色的访问控制为基础,构建基于主从多链与策略分级的访问控制(MCLP-RBAC)机制并给出具体访问控制流程设计。在分级访问控制策略下,所提模型的吞吐量稳定在360 TPS(Transactions Per Second)左右。与BC-BLPM方案相比,发送速率与吞吐量之比达到1∶1,具有一定优越性;与无访问策略相比,内存消耗降低35.29%;与传统单链结构相比,内存消耗平均降低52.03%;与数据全部上链的方案相比,平均存储空间缩小36.32%。实验结果表明,所提模型能有效降低存储负担,实现分级安全访问,具有高扩展性,适用于多分类数据的管理。
In order to solve the problems of slow accurate search speed due to mixed data storage and difficult security governance caused by unclassified and graded data management,a data classified and graded access control model based on master-slave multi-chain was built to achieve classified and graded protection of data and dynamic secure access.Firstly,a hybrid on-chain and off-chain trusted storage model was constructed to balance the storage bottleneck faced by blockchain.Secondly,a master-slave multi-chain architecture was proposed and smart contracts were designed to automatically store data with different privacy levels in the slave chain.Finally,based on Role-Based Access Control,a Multi-Chain and Level Policy-Role Based Access Control(MCLP-RBAC)mechanism was constructed and its specific access control process design was provided.Under the graded access control policy,the throughput of the proposed model is stabilized at around 360 TPS(Transactions Per Second).Compared with the BC-BLPM scheme,it has a certain superiority in throughput,with the ratio of sending rate to throughput reaching 1∶1.Compared with no access strategy,the memory consumption is reduced by about 35.29%;compared with the traditional single chain structure,the memory average consumption is reduced by 52.03%.And compared with the scheme with all the data on the chain,the average storage space is reduced by 36.32%.The experimental results show the proposed model can effectively reduce the storage burden,achieve graded secure access,and suitable for the management of multi-class data with high scalability.
作者
陈美宏
袁凌云
夏桐
CHEN Meihong;YUAN Lingyun;XIA Tong(School of Information Science and Technology,Yunnan Normal University,Kunming Yunnan 650500,China;Key Laboratory of Educational Informatization for Nationlities,Ministry of Education(Yunnan Normal University),Kunming Yunnan 650500,China)
出处
《计算机应用》
CSCD
北大核心
2024年第4期1148-1157,共10页
journal of Computer Applications
基金
国家自然科学基金资助项目(62262073)
云南省重大科技专项计划项目(202202AE090011)
云南省应用基础研究计划项目(202101AT070098)
云南省万人计划青年拔尖人才项目(YNWR⁃QNBJ⁃2019⁃237)
云南师范大学研究生创新基金资助项目(YJSJJ23⁃B179)。
关键词
区块链
星际文件系统
访问控制
多分类
数据安全
blockchain
Inter Planetary File System(IPFS)
access control
multi-class
data security
