基于加密的访问控制在云计算中的应用研究

发布时间：2018-08-10 22:23

【摘要】：随着云计算的快速发展,使用云存储大量数据成为一种趋势。如何保证既为合法用户按需提供优质的服务,又能防止非法用户访问未授权的资源已成为云计算环境下安全研究的热点之一。为了保证数据的安全性,数据拥有者通常使用加密方式加密他们的数据,且只有访问控制策略允许的用户才可以使用对应私钥解密这些数据。本文重点研究了基于加密的访问控制系统,只有授权用户可以访问并解密数据,非授权用户不能查看加密数据的内容。本文对云计算环境下的基于加密的访问控制系统进行研究,所取得的主要成果为:1.基于原始RBE方案提出了两种扩展模型。首先介绍了基于角色的加密方案(RBE),然后在原始RBE方案的基础上提出了两种扩展的RBE模型:MRBE和LMRBE。MRBE解决了多角色继承问题,LMRBE具有临时撤销用户的优点。2.证明了MRBE的安全性。论证结果表明该方案是选择明文安全的。3.给出了基于分层加密密钥的访问控制系统(LEKAC)。上述RBE方案运用于云计算环境下时,需要假定云服务提供商以及访问控制策略管理者都是可信的。针对两者不可信的情况,本文提出了基于分层加密密钥的访问控制系统。该方案不仅能实现数据的安全共享,还可以防止公有云提供商和访问控制策略管理者查看用户私密数据,具有很高的安全性,能很好地用于云计算环境中。4.针对LEKAC方案不能有效的防止云服务提供商和访问控制策略管理者进行共谋攻击的问题,提出了一个改进的LEKAC方案。该方案能够很好的防止云服务提供商和访问控制策略管理者进行共谋攻击。5.给出了一种基于MRBE的安全混合云存储架构,并给出了该混合云架构的一种实际应用。该架构采用共有云存储企业的私密数据,同时允许企业把相关敏感信息存储在私有云中,且能保证其安全性。最后给出的实际应用表明,该系统能很好地应用在电子病历系统中。
[Abstract]:With the rapid development of cloud computing, the use of cloud storage of a large number of data has become a trend. How to ensure that the legitimate users can provide high quality services on demand and prevent illegal users from accessing unauthorized resources has become one of the hotspots of security research in cloud computing environment. In order to ensure the security of the data, the data owners usually encrypt their data by encryption, and only users allowed by the access control policy can decrypt the data using the corresponding private key. This paper focuses on an access control system based on encryption. Only authorized users can access and decrypt data, and unauthorized users cannot view the contents of encrypted data. In this paper, the encryption based access control system in cloud computing environment is studied. The main results are: 1. 1. Two extended models are proposed based on the original RBE scheme. This paper first introduces the role-based encryption scheme (RBE), and then proposes two extended RBE models: (RBE), and LMRBE.MRBE to solve the problem of multi-role inheritance based on the original RBE scheme. The security of MRBE is proved. The result shows that the scheme is secure in clear text. An access control system (LEKAC).) based on hierarchical encryption key is presented. When the above RBE scheme is applied to cloud computing, it is necessary to assume that both the cloud service provider and the access control policy manager are trusted. In this paper, an access control system based on hierarchical encryption key is proposed. This scheme can not only realize the secure sharing of data, but also prevent the public cloud providers and access control policy managers from viewing the private data of users. It is highly secure and can be used in cloud computing environment. Aiming at the problem that the LEKAC scheme can not effectively prevent the cloud service providers and access control policy managers from colluding attack, an improved LEKAC scheme is proposed. This scheme can prevent cloud service provider and access control policy manager from colluding attack. A secure hybrid cloud storage architecture based on MRBE is presented, and a practical application of the hybrid cloud architecture is given. The architecture uses common cloud to store private data of enterprises, and allows enterprises to store sensitive information in private cloud and ensure its security. Finally, the practical application shows that the system can be well applied in the electronic medical record system.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【共引文献】