基于隐含格结构ABE算法的移动存储介质情境访问控制
发布时间:2018-08-02 09:04
【摘要】:研究了如何增强可信终端对移动存储介质的访问控制能力,以有效避免通过移动存储介质的敏感信息泄露。首先在隐含密文策略的属性加密方法的基础上,提出了基于格结构的属性策略描述方法。将每个属性构成线性格或子集格,属性集构造成一个乘积格,并利用基于格的多级信息流控制模型制定访问策略。证明了新方法的正确性和安全性。新方法在保持已有隐藏访问策略属性加密算法优点的同时,还能有效简化访问策略的表达,更符合多级安全中敏感信息的共享,能够实现细粒度的访问控制。进一步地,通过将移动存储设备和用户的使用情境作为属性构建访问策略,实现了动态的、细粒度的情境访问控制。最终设计了对移动存储介质进行接入认证、情境访问控制的分层安全管理方案。分析了方案的安全性和灵活性,并通过比较实验说明了应用情境访问控制的方案仍具有较好的处理效率。该方案同样适用于泛在环境下敏感信息的安全管理。
[Abstract]:This paper studies how to enhance the access control ability of the trusted terminal to the mobile storage medium so as to effectively avoid the leakage of sensitive information through the mobile storage medium. First, on the basis of the attribute encryption method that implies the ciphertext strategy, a attribute strategy description method based on the lattice structure is proposed. The new method has proved the correctness and security of the new method. The new method can effectively simplify the access strategy and share the sharing of sensitive information in multilevel security. It is able to achieve fine-grained access control. Further, dynamic and fine-grained context access control is realized by building access strategies of mobile storage devices and users' use situation as attributes. Finally, a hierarchical security management scheme for access authentication and situational access control for mobile storage media is designed. The security and flexibility, and the comparison experiment shows that the application scenario access control scheme still has better processing efficiency. This scheme is also suitable for the safe management of sensitive information under the ubiquitous environment.
【作者单位】: 南京师范大学计算机学院;麦考瑞大学计算机学院;
【基金】:江苏省教育科学“十二五”规划重点基金资助项目(B-a/2013/01/013) 江苏省自然科学重大基金资助项目(产学研联合创新基金)(BY2011108)~~
【分类号】:TP333;TP309
本文编号:2158932
[Abstract]:This paper studies how to enhance the access control ability of the trusted terminal to the mobile storage medium so as to effectively avoid the leakage of sensitive information through the mobile storage medium. First, on the basis of the attribute encryption method that implies the ciphertext strategy, a attribute strategy description method based on the lattice structure is proposed. The new method has proved the correctness and security of the new method. The new method can effectively simplify the access strategy and share the sharing of sensitive information in multilevel security. It is able to achieve fine-grained access control. Further, dynamic and fine-grained context access control is realized by building access strategies of mobile storage devices and users' use situation as attributes. Finally, a hierarchical security management scheme for access authentication and situational access control for mobile storage media is designed. The security and flexibility, and the comparison experiment shows that the application scenario access control scheme still has better processing efficiency. This scheme is also suitable for the safe management of sensitive information under the ubiquitous environment.
【作者单位】: 南京师范大学计算机学院;麦考瑞大学计算机学院;
【基金】:江苏省教育科学“十二五”规划重点基金资助项目(B-a/2013/01/013) 江苏省自然科学重大基金资助项目(产学研联合创新基金)(BY2011108)~~
【分类号】:TP333;TP309
【相似文献】
相关期刊论文 前10条
1 唐中学;;军队移动存储介质安全保密策略探讨[J];信息安全与通信保密;2009年07期
2 余敬;;浅析移动存储介质的管理[J];湖南农机;2010年09期
3 孙铁燕;;移动存储介质“生命周期”管控系统设计[J];中国科技财富;2009年08期
4 周俐军;王冬梅;宋皓;;政务内网中的移动存储介质管理问题及对策[J];电子政务;2008年10期
5 杨力铭;刘炜;;涉密内网中的移动存储介质管理问题及对策[J];甘肃科技;2010年02期
6 米守防;苏飞;;基于文件过滤驱动的移动存储介质读写控制[J];大连民族学院学报;2011年01期
7 王鹏;刘静;;移动存储介质及其作为涉密载体使用过程中的管控工作初探[J];民营科技;2009年12期
8 沈瑜;妙全兴;;基于分区表的移动存储介质标识方法[J];现代电子技术;2009年04期
9 汤放鸣;;移动存储介质防护管控技术及评价方法[J];信息安全与技术;2011年09期
10 汤放鸣;;移动存储介质防护管控技术现状分析及发展趋势[J];信息安全与技术;2010年08期
,本文编号:2158932
本文链接:https://www.wllwen.com/kejilunwen/jisuanjikexuelunwen/2158932.html
