云计算中基于属性的访问控制方法

发布时间：2018-05-11 00:21

本文选题：云计算 + 访问控制　；参考：《南京邮电大学》2014年硕士论文

【摘要】：作为一种新兴的高效计算模式，，云计算近年来引起了各界的广泛关注和支持。目前，许多IT巨头都在开发自己的商业云计算系统，通过按使用收费和提供巨量的计算能力，极大地减少了用户在软硬件和人力资源等各方面的投资，这些应用促进了云计算理论与技术研究进展。同时，云计算环境的动态复杂性、云平台的开放性、资源的高度集中性等特征也不可避免地为用户数据安全和隐私保护等安全问题带来极大的挑战。本文首先分析了云计算安全的关键技术以及云存储服务中的访问控制方法，指出云计算环境中实施访问控制的重点和难点，然后针对云计算环境的分布式和不可信等特征，提出两种基于云存储系统的对加密文件的访问控制方案。方案一是一种基于属性和固定密文长度的层次化访问控制方法，该方案将密文长度和双线性对计算量限制在固定值，具有较高的效率，并且引入层次化授权结构，减少了单一授权的负担和风险，实现了高效、精细、可扩展的访问控制，同时证明了该方案在判定性q-BDHE假设下具有CCA2安全性。方案二提出了分布式属性权威结构，避免了中心权威授权带来的安全脆弱性，提高了授权效率。同时通过扩展优化固定密文长度的CP-ABE算法，使之适应于分布式系统结构，解决了密文长度随属性数目的增加而线性增长的问题，提高了系统的效率，并实现了有效的用户权限更新。最后，仿真模拟了一个访问控制系统，实现了各实体的功能，并通过实验结果验证了算法的实际性能与理论分析一致。
[Abstract]:As a new and efficient computing model, cloud computing has attracted wide attention and support in recent years. At present, many IT giants are developing their own commercial cloud computing systems, greatly reducing their investment in software, hardware, human resources, and so on, by charging for their use and providing huge amounts of computing power. These applications promote the research progress of cloud computing theory and technology. At the same time, the dynamic complexity of cloud computing environment, the openness of cloud platform and the high concentration of resources will inevitably bring great challenges to user data security and privacy protection. This paper first analyzes the key technologies of cloud computing security and access control methods in cloud storage services, points out the key points and difficulties of implementing access control in cloud computing environment, and then aims at the distributed and unreliable characteristics of cloud computing environment. Two access control schemes for encrypted files based on cloud storage system are proposed. The first scheme is a hierarchical access control method based on attribute and fixed ciphertext length. The scheme limits ciphertext length and bilinear pairwise computation to a fixed value, so it has high efficiency and introduces hierarchical authorization structure. It can reduce the burden and risk of single authorization, and achieve efficient, fine and extensible access control. It is also proved that the scheme has CCA2 security under the assumption of deterministic q-BDHE. In the second scheme, the distributed attribute authority structure is proposed, which avoids the security fragility caused by the central authority authorization and improves the authorization efficiency. At the same time, by extending and optimizing the CP-ABE algorithm of fixed ciphertext length, it adapts to the distributed system structure, solves the problem that the ciphertext length increases linearly with the increase of the number of attributes, and improves the efficiency of the system. And realized the valid user authority renewal. Finally, an access control system is simulated, and the functions of each entity are realized. The experimental results show that the actual performance of the algorithm is consistent with the theoretical analysis.
【学位授予单位】：南京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【相似文献】