云环境下有时限的层次访问控制机制研究
发布时间:2018-08-22 11:16
【摘要】:近几年来,随着云计算的快速发展,服务提供商越来越倾向于将本地数据部署到云上。然而,一些安全方面的问题随之而来,一方面,云数据提供商不希望自己的数据被云服务提供商窥视,另一方面,云数据提供商希望能根据用户权限控制云上数据的访问。最近,Chen等针对此问题第一次提出了对云上层次结构存储的数据的访问控制系统,但是,他们没有考虑时限的特性。在一些应用中(如,付费电视),时限的特性是非常必要的,因为,用户可能会在一个时间段内(一周、一月或几月)订阅云上某一部分内容,云数据提供商如果不希望云服务提供商来管理用户的访问权限就必须考虑为用户提供一个时限密钥。本文针对云环境下的有时限的层次访问控制提出了两种算法。算法一针对连续型时限,这种算法产生的用户密钥在同等私密等级下比其他算法短,密钥生成算法对移动客户端是可以接受的。算法二针对离散型时限,在对时限的处理上离散时限能够使用的范围更广。此外,我们还对两种算法做了安全性证明,这两种算法都不需要使用防篡改设备,因此其应用面更广。最后,我们基于HDFS实现了算法一并提出了一种云端数据访问控制系统。这个系统和以前的研究不同,是使用密钥分配来实现云环境下的分层访问控制的,在用户注销时的时间开销远小于基于代理重加密(Proxy Re-encryption,PRE)技术的实现方法。从实验结果来看,加密和解密的速度都是可接受的。
[Abstract]:In recent years, with the rapid development of cloud computing, service providers are increasingly inclined to deploy local data to the cloud. However, some security issues follow. On the one hand, cloud data providers do not want their data to be peeked at by cloud service providers. On the other hand, cloud data providers want to control their data according to user privileges. Recently, Chen et al. proposed an access control system for data stored in cloud hierarchy for the first time. However, they did not consider the time-limit characteristics. In some applications (such as pay TV), the time-limit characteristics are necessary because users may be in a period of time (week, January or To subscribe to a certain part of the cloud, cloud data providers must consider providing a time-limited key for users if they do not want the cloud service providers to manage their access rights. The user key is shorter than other algorithms at the same level of privacy, and the key generation algorithm is acceptable to mobile clients. In algorithm 2, the discrete time limit can be used more widely for the discrete time limit. Finally, we implement the algorithm based on HDFS and propose a cloud data access control system. This system, unlike previous studies, uses key distribution to achieve hierarchical access control in the cloud environment. The time cost of user logout is much less than that of Proxy-based re-encryption. The experimental results show that the speed of encryption and decryption is acceptable.
【学位授予单位】:哈尔滨工业大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN918.4
本文编号:2196937
[Abstract]:In recent years, with the rapid development of cloud computing, service providers are increasingly inclined to deploy local data to the cloud. However, some security issues follow. On the one hand, cloud data providers do not want their data to be peeked at by cloud service providers. On the other hand, cloud data providers want to control their data according to user privileges. Recently, Chen et al. proposed an access control system for data stored in cloud hierarchy for the first time. However, they did not consider the time-limit characteristics. In some applications (such as pay TV), the time-limit characteristics are necessary because users may be in a period of time (week, January or To subscribe to a certain part of the cloud, cloud data providers must consider providing a time-limited key for users if they do not want the cloud service providers to manage their access rights. The user key is shorter than other algorithms at the same level of privacy, and the key generation algorithm is acceptable to mobile clients. In algorithm 2, the discrete time limit can be used more widely for the discrete time limit. Finally, we implement the algorithm based on HDFS and propose a cloud data access control system. This system, unlike previous studies, uses key distribution to achieve hierarchical access control in the cloud environment. The time cost of user logout is much less than that of Proxy-based re-encryption. The experimental results show that the speed of encryption and decryption is acceptable.
【学位授予单位】:哈尔滨工业大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN918.4
【参考文献】
相关期刊论文 前5条
1 孙军红;王新红;;一种分布式环境下基于角色的访问控制模型[J];计算机工程与应用;2011年23期
2 张宏;贺也平;石志国;;基于周期时间限制的自主访问控制委托模型[J];计算机学报;2006年08期
3 李孟珂,余祥宣;基于角色的访问控制技术及应用[J];计算机应用研究;2000年10期
4 黄建,卿斯汉,温红子;带时间特性的角色访问控制[J];软件学报;2003年11期
5 孙国梓;董宇;李云;;基于CP-ABE算法的云存储数据访问控制[J];通信学报;2011年07期
,本文编号:2196937
本文链接:https://www.wllwen.com/kejilunwen/wltx/2196937.html
