【摘要】：隨著云計(jì)算技術(shù)的廣泛應(yīng)用,云存儲(chǔ)中數(shù)據(jù)的安全性、易管理性面臨著新的挑戰(zhàn).對(duì)象云存儲(chǔ)系統(tǒng)是一種數(shù)據(jù)存儲(chǔ)云計(jì)算體系結(jié)構(gòu),通常用來存儲(chǔ)具有分類分級(jí)特點(diǎn)的非結(jié)構(gòu)化數(shù)據(jù).在云服務(wù)不可信的前提下,如何實(shí)現(xiàn)對(duì)云存儲(chǔ)中大量具有分類分級(jí)特點(diǎn)資源的細(xì)粒度訪問控制機(jī)制,保障云存儲(chǔ)中數(shù)據(jù)不被非法訪問,是云計(jì)算技術(shù)中亟需解決的問題.對(duì)近些年來國(guó)內(nèi)外學(xué)者的成果進(jìn)行研究發(fā)現(xiàn),現(xiàn)有的方案并不能有效地應(yīng)對(duì)這種問題.利用強(qiáng)制訪問控制、屬性基加密、對(duì)象存儲(chǔ)各自的優(yōu)勢(shì),并結(jié)合分類分級(jí)的屬性特點(diǎn),提出了基于安全標(biāo)記對(duì)象存儲(chǔ)訪問控制模型.給出了CGAC算法及其安全證明,將分類分級(jí)特點(diǎn)的屬性層級(jí)支配關(guān)系嵌入ABE機(jī)制中,生成固定長(zhǎng)度的密文.該算法不僅訪問控制策略靈活,具有層次化授權(quán)結(jié)構(gòu),還可以友好地與對(duì)象存儲(chǔ)元數(shù)據(jù)管理機(jī)制結(jié)合.通過理論效率分析和實(shí)驗(yàn)系統(tǒng)實(shí)現(xiàn),驗(yàn)證了所提出方案的計(jì)算、通信開銷都相對(duì)較小,具有很高的實(shí)際意義.
[Abstract]:With the wide application of cloud computing technology, the security and manageability of data in cloud storage are facing new challenges. Object cloud storage system is a data storage cloud computing architecture, which is usually used to store unstructured data with classified and hierarchical characteristics. Under the premise that cloud service is not trusted, how to realize the fine-grained access control mechanism of a large number of classified and hierarchical resources in cloud storage and ensure that the data in cloud storage is not accessed illegally is a problem that needs to be solved in cloud computing technology. Through the research of domestic and foreign scholars in recent years, it is found that the existing schemes can not effectively deal with this problem. Taking advantage of the advantages of mandatory access control, attribute base encryption and object storage, and combining the attribute characteristics of classification and classification, a secure tagged object storage access control model is proposed. In this paper, the CGAC algorithm and its security proof are given, and the attribute hierarchy dominating relation is embedded into the ABE mechanism to generate ciphertext of fixed length. This algorithm not only has flexible access control strategy, but also has hierarchical authorization structure, and can be easily combined with object storage metadata management mechanism. The calculation of the proposed scheme is verified by theoretical efficiency analysis and experimental system. The communication overhead is relatively small and has high practical significance.
【作者單位】： 信息安全國(guó)家重點(diǎn)實(shí)驗(yàn)室(中國(guó)科學(xué)院信息工程研究所);中國(guó)科學(xué)院大學(xué)網(wǎng)絡(luò)空間安全學(xué)院;北京大學(xué)數(shù)學(xué)科學(xué)院;
【基金】：中國(guó)科學(xué)院戰(zhàn)略性先導(dǎo)科技專項(xiàng)(XDA06040601) 國(guó)家電網(wǎng)公司科技項(xiàng)目(XXB17201400056) 新疆維吾爾自治區(qū)科技支撐計(jì)劃(201230121) 國(guó)家自然科學(xué)基金(61370187)~~
【分類號(hào)】：TP309;TP333

【相似文獻(xiàn)】

相關(guān)期刊論文 前1條

1 張鴻輝;劉偉;李永強(qiáng);;應(yīng)用于電網(wǎng)企業(yè)的云存儲(chǔ)訪問控制增強(qiáng)策略[J];計(jì)算機(jī)應(yīng)用與軟件;2014年02期

，

本文編號(hào)：2142907