对象云存储中分类分级数据的访问控制方法
发布时间:2018-07-25 06:20
【摘要】:随着云计算技术的广泛应用,云存储中数据的安全性、易管理性面临着新的挑战.对象云存储系统是一种数据存储云计算体系结构,通常用来存储具有分类分级特点的非结构化数据.在云服务不可信的前提下,如何实现对云存储中大量具有分类分级特点资源的细粒度访问控制机制,保障云存储中数据不被非法访问,是云计算技术中亟需解决的问题.对近些年来国内外学者的成果进行研究发现,现有的方案并不能有效地应对这种问题.利用强制访问控制、属性基加密、对象存储各自的优势,并结合分类分级的属性特点,提出了基于安全标记对象存储访问控制模型.给出了CGAC算法及其安全证明,将分类分级特点的属性层级支配关系嵌入ABE机制中,生成固定长度的密文.该算法不仅访问控制策略灵活,具有层次化授权结构,还可以友好地与对象存储元数据管理机制结合.通过理论效率分析和实验系统实现,验证了所提出方案的计算、通信开销都相对较小,具有很高的实际意义.
[Abstract]:With the wide application of cloud computing technology, the security and manageability of data in cloud storage are facing new challenges. Object cloud storage system is a data storage cloud computing architecture, which is usually used to store unstructured data with classified and hierarchical characteristics. Under the premise that cloud service is not trusted, how to realize the fine-grained access control mechanism of a large number of classified and hierarchical resources in cloud storage and ensure that the data in cloud storage is not accessed illegally is a problem that needs to be solved in cloud computing technology. Through the research of domestic and foreign scholars in recent years, it is found that the existing schemes can not effectively deal with this problem. Taking advantage of the advantages of mandatory access control, attribute base encryption and object storage, and combining the attribute characteristics of classification and classification, a secure tagged object storage access control model is proposed. In this paper, the CGAC algorithm and its security proof are given, and the attribute hierarchy dominating relation is embedded into the ABE mechanism to generate ciphertext of fixed length. This algorithm not only has flexible access control strategy, but also has hierarchical authorization structure, and can be easily combined with object storage metadata management mechanism. The calculation of the proposed scheme is verified by theoretical efficiency analysis and experimental system. The communication overhead is relatively small and has high practical significance.
【作者单位】: 信息安全国家重点实验室(中国科学院信息工程研究所);中国科学院大学网络空间安全学院;北京大学数学科学院;
【基金】:中国科学院战略性先导科技专项(XDA06040601) 国家电网公司科技项目(XXB17201400056) 新疆维吾尔自治区科技支撑计划(201230121) 国家自然科学基金(61370187)~~
【分类号】:TP309;TP333
本文编号:2142907
[Abstract]:With the wide application of cloud computing technology, the security and manageability of data in cloud storage are facing new challenges. Object cloud storage system is a data storage cloud computing architecture, which is usually used to store unstructured data with classified and hierarchical characteristics. Under the premise that cloud service is not trusted, how to realize the fine-grained access control mechanism of a large number of classified and hierarchical resources in cloud storage and ensure that the data in cloud storage is not accessed illegally is a problem that needs to be solved in cloud computing technology. Through the research of domestic and foreign scholars in recent years, it is found that the existing schemes can not effectively deal with this problem. Taking advantage of the advantages of mandatory access control, attribute base encryption and object storage, and combining the attribute characteristics of classification and classification, a secure tagged object storage access control model is proposed. In this paper, the CGAC algorithm and its security proof are given, and the attribute hierarchy dominating relation is embedded into the ABE mechanism to generate ciphertext of fixed length. This algorithm not only has flexible access control strategy, but also has hierarchical authorization structure, and can be easily combined with object storage metadata management mechanism. The calculation of the proposed scheme is verified by theoretical efficiency analysis and experimental system. The communication overhead is relatively small and has high practical significance.
【作者单位】: 信息安全国家重点实验室(中国科学院信息工程研究所);中国科学院大学网络空间安全学院;北京大学数学科学院;
【基金】:中国科学院战略性先导科技专项(XDA06040601) 国家电网公司科技项目(XXB17201400056) 新疆维吾尔自治区科技支撑计划(201230121) 国家自然科学基金(61370187)~~
【分类号】:TP309;TP333
【相似文献】
相关期刊论文 前1条
1 张鸿辉;刘伟;李永强;;应用于电网企业的云存储访问控制增强策略[J];计算机应用与软件;2014年02期
,本文编号:2142907
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2142907.html
