【摘要】：隨著云計(jì)算的快速發(fā)展,使用云存儲(chǔ)大量數(shù)據(jù)成為一種趨勢(shì)。如何保證既為合法用戶按需提供優(yōu)質(zhì)的服務(wù),又能防止非法用戶訪問(wèn)未授權(quán)的資源已成為云計(jì)算環(huán)境下安全研究的熱點(diǎn)之一。為了保證數(shù)據(jù)的安全性,數(shù)據(jù)擁有者通常使用加密方式加密他們的數(shù)據(jù),且只有訪問(wèn)控制策略允許的用戶才可以使用對(duì)應(yīng)私鑰解密這些數(shù)據(jù)。本文重點(diǎn)研究了基于加密的訪問(wèn)控制系統(tǒng),只有授權(quán)用戶可以訪問(wèn)并解密數(shù)據(jù),非授權(quán)用戶不能查看加密數(shù)據(jù)的內(nèi)容。本文對(duì)云計(jì)算環(huán)境下的基于加密的訪問(wèn)控制系統(tǒng)進(jìn)行研究,所取得的主要成果為:1.基于原始RBE方案提出了兩種擴(kuò)展模型。首先介紹了基于角色的加密方案(RBE),然后在原始RBE方案的基礎(chǔ)上提出了兩種擴(kuò)展的RBE模型:MRBE和LMRBE。MRBE解決了多角色繼承問(wèn)題,LMRBE具有臨時(shí)撤銷用戶的優(yōu)點(diǎn)。2.證明了MRBE的安全性。論證結(jié)果表明該方案是選擇明文安全的。3.給出了基于分層加密密鑰的訪問(wèn)控制系統(tǒng)(LEKAC)。上述RBE方案運(yùn)用于云計(jì)算環(huán)境下時(shí),需要假定云服務(wù)提供商以及訪問(wèn)控制策略管理者都是可信的。針對(duì)兩者不可信的情況,本文提出了基于分層加密密鑰的訪問(wèn)控制系統(tǒng)。該方案不僅能實(shí)現(xiàn)數(shù)據(jù)的安全共享,還可以防止公有云提供商和訪問(wèn)控制策略管理者查看用戶私密數(shù)據(jù),具有很高的安全性,能很好地用于云計(jì)算環(huán)境中。4.針對(duì)LEKAC方案不能有效的防止云服務(wù)提供商和訪問(wèn)控制策略管理者進(jìn)行共謀攻擊的問(wèn)題,提出了一個(gè)改進(jìn)的LEKAC方案。該方案能夠很好的防止云服務(wù)提供商和訪問(wèn)控制策略管理者進(jìn)行共謀攻擊。5.給出了一種基于MRBE的安全混合云存儲(chǔ)架構(gòu),并給出了該混合云架構(gòu)的一種實(shí)際應(yīng)用。該架構(gòu)采用共有云存儲(chǔ)企業(yè)的私密數(shù)據(jù),同時(shí)允許企業(yè)把相關(guān)敏感信息存儲(chǔ)在私有云中,且能保證其安全性。最后給出的實(shí)際應(yīng)用表明,該系統(tǒng)能很好地應(yīng)用在電子病歷系統(tǒng)中。
[Abstract]:With the rapid development of cloud computing, the use of cloud storage of a large number of data has become a trend. How to ensure that the legitimate users can provide high quality services on demand and prevent illegal users from accessing unauthorized resources has become one of the hotspots of security research in cloud computing environment. In order to ensure the security of the data, the data owners usually encrypt their data by encryption, and only users allowed by the access control policy can decrypt the data using the corresponding private key. This paper focuses on an access control system based on encryption. Only authorized users can access and decrypt data, and unauthorized users cannot view the contents of encrypted data. In this paper, the encryption based access control system in cloud computing environment is studied. The main results are: 1. 1. Two extended models are proposed based on the original RBE scheme. This paper first introduces the role-based encryption scheme (RBE), and then proposes two extended RBE models: (RBE), and LMRBE.MRBE to solve the problem of multi-role inheritance based on the original RBE scheme. The security of MRBE is proved. The result shows that the scheme is secure in clear text. An access control system (LEKAC).) based on hierarchical encryption key is presented. When the above RBE scheme is applied to cloud computing, it is necessary to assume that both the cloud service provider and the access control policy manager are trusted. In this paper, an access control system based on hierarchical encryption key is proposed. This scheme can not only realize the secure sharing of data, but also prevent the public cloud providers and access control policy managers from viewing the private data of users. It is highly secure and can be used in cloud computing environment. Aiming at the problem that the LEKAC scheme can not effectively prevent the cloud service providers and access control policy managers from colluding attack, an improved LEKAC scheme is proposed. This scheme can prevent cloud service provider and access control policy manager from colluding attack. A secure hybrid cloud storage architecture based on MRBE is presented, and a practical application of the hybrid cloud architecture is given. The architecture uses common cloud to store private data of enterprises, and allows enterprises to store sensitive information in private cloud and ensure its security. Finally, the practical application shows that the system can be well applied in the electronic medical record system.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【共引文獻(xiàn)】

相關(guān)期刊論文 前1條

1 馬駿;郭淵博;馬建峰;劉西蒙;李琦;;物聯(lián)網(wǎng)感知層基于資源分層的多用戶訪問(wèn)控制方案[J];電子學(xué)報(bào);2014年01期

相關(guān)博士學(xué)位論文 前2條

1 馬駿;物聯(lián)網(wǎng)感知環(huán)境分層訪問(wèn)控制機(jī)制研究[D];西安電子科技大學(xué);2014年

2 崔宗敏;云環(huán)境下加密數(shù)據(jù)的密鑰管理方法[D];華中科技大學(xué);2014年

相關(guān)碩士學(xué)位論文 前2條

1 周讓;數(shù)據(jù)云存儲(chǔ)加密訪問(wèn)控制方案的研究[D];電子科技大學(xué);2013年

2 賈濤;層次訪問(wèn)控制在電動(dòng)汽車入網(wǎng)中的應(yīng)用研究[D];華北電力大學(xué);2014年

，

本文編號(hào)：2176383