分布式云存储技术为数量日益庞大的机载软件提供了新的分发与存储方式,这意味着航空公司失去了对软件的直接控制,因此机载软件安全成为了航空公司十分关注的问题。为了提高云存储环境下机载软件的安全性,提出了一种基于可信隐式第三方(T...分布式云存储技术为数量日益庞大的机载软件提供了新的分发与存储方式,这意味着航空公司失去了对软件的直接控制,因此机载软件安全成为了航空公司十分关注的问题。为了提高云存储环境下机载软件的安全性,提出了一种基于可信隐式第三方(Trusted Implicit Third Party,TITP)的机载软件审计方法对云上机载软件进行监控与管理,以确保机载软件的完整性。此外,由部署在云端的可信硬件代替用户进行审计工作,解决了可公开验证审计机制中第三方审计者不完全可信的问题,并以日志的方式记录审计结果以供用户查询。运用可信硬件进行完整性验证不仅降低了用户计算成本,而且缩短了用户在线时间。与其他可信隐式第三方审计方法进行实验对比,所提方法在审计计算过程中节省了10%的时间消耗。展开更多
Privacy-preservation and effective auditing are two desirable but challenging requirements on distributed ledgers. To meet the requirements, this paper presents an auditing scheme, called as AudiTEE, which can audit a...Privacy-preservation and effective auditing are two desirable but challenging requirements on distributed ledgers. To meet the requirements, this paper presents an auditing scheme, called as AudiTEE, which can audit a distributed ledger in a generic, efficient, and privacy-preserving manner. AudiTEE leverages Trusted Execution Environment (TEE) to generate confidential but auditable transactions and realize arbitrary, efficient and confidential audit on them. Unfortunately, TEE suffers from some inherent barriers and is itself not a complete solution for fast audit. To tackle these challenges, AudiTEE takes advantage of KAMT (K-anonymity Authentication Based on Merkle Tree) protocol for efficient management on account and user-defined anonymous transactions. Further, to achieve a complete and fast audit with <i>unlinkability</i>, TEE doesn’t process through all but only a comparatively small part of transactions according to a special <i>ktag</i> attached on each transaction to ensure that a user cannot hide transactions from auditor even when auditor is blind with who is involved in each transaction on the ledger. Apart from the above, AudiTEE allows flexible control on user behaviors. We implement a concrete instance of AudiTEE under a bank setting and demonstrate the scalability with all its core functionalities.展开更多
针对现有的基于身份加密(identity based encryption,IBE)体系中缺乏权限管理问题,提出一种基于信任服务IBE体系下的权限管理方案.该方案采用门限的思想和算法对服务进行集中管理,并结合基于角色的访问控制管理权限,实现了细粒度的权限...针对现有的基于身份加密(identity based encryption,IBE)体系中缺乏权限管理问题,提出一种基于信任服务IBE体系下的权限管理方案.该方案采用门限的思想和算法对服务进行集中管理,并结合基于角色的访问控制管理权限,实现了细粒度的权限管理.采用信任继承的思想为用户分配角色,并采用集中审计的思想维护系统,提高了系统的可靠性.展开更多
文摘分布式云存储技术为数量日益庞大的机载软件提供了新的分发与存储方式,这意味着航空公司失去了对软件的直接控制,因此机载软件安全成为了航空公司十分关注的问题。为了提高云存储环境下机载软件的安全性,提出了一种基于可信隐式第三方(Trusted Implicit Third Party,TITP)的机载软件审计方法对云上机载软件进行监控与管理,以确保机载软件的完整性。此外,由部署在云端的可信硬件代替用户进行审计工作,解决了可公开验证审计机制中第三方审计者不完全可信的问题,并以日志的方式记录审计结果以供用户查询。运用可信硬件进行完整性验证不仅降低了用户计算成本,而且缩短了用户在线时间。与其他可信隐式第三方审计方法进行实验对比,所提方法在审计计算过程中节省了10%的时间消耗。
文摘Privacy-preservation and effective auditing are two desirable but challenging requirements on distributed ledgers. To meet the requirements, this paper presents an auditing scheme, called as AudiTEE, which can audit a distributed ledger in a generic, efficient, and privacy-preserving manner. AudiTEE leverages Trusted Execution Environment (TEE) to generate confidential but auditable transactions and realize arbitrary, efficient and confidential audit on them. Unfortunately, TEE suffers from some inherent barriers and is itself not a complete solution for fast audit. To tackle these challenges, AudiTEE takes advantage of KAMT (K-anonymity Authentication Based on Merkle Tree) protocol for efficient management on account and user-defined anonymous transactions. Further, to achieve a complete and fast audit with <i>unlinkability</i>, TEE doesn’t process through all but only a comparatively small part of transactions according to a special <i>ktag</i> attached on each transaction to ensure that a user cannot hide transactions from auditor even when auditor is blind with who is involved in each transaction on the ledger. Apart from the above, AudiTEE allows flexible control on user behaviors. We implement a concrete instance of AudiTEE under a bank setting and demonstrate the scalability with all its core functionalities.
文摘针对现有的基于身份加密(identity based encryption,IBE)体系中缺乏权限管理问题,提出一种基于信任服务IBE体系下的权限管理方案.该方案采用门限的思想和算法对服务进行集中管理,并结合基于角色的访问控制管理权限,实现了细粒度的权限管理.采用信任继承的思想为用户分配角色,并采用集中审计的思想维护系统,提高了系统的可靠性.