【摘要】：近幾年來(lái),隨著云計(jì)算的快速發(fā)展,服務(wù)提供商越來(lái)越傾向于將本地?cái)?shù)據(jù)部署到云上。然而,一些安全方面的問(wèn)題隨之而來(lái),一方面,云數(shù)據(jù)提供商不希望自己的數(shù)據(jù)被云服務(wù)提供商窺視,另一方面,云數(shù)據(jù)提供商希望能根據(jù)用戶權(quán)限控制云上數(shù)據(jù)的訪問(wèn)。最近,Chen等針對(duì)此問(wèn)題第一次提出了對(duì)云上層次結(jié)構(gòu)存儲(chǔ)的數(shù)據(jù)的訪問(wèn)控制系統(tǒng),但是,他們沒(méi)有考慮時(shí)限的特性。在一些應(yīng)用中(如,付費(fèi)電視),時(shí)限的特性是非常必要的,因?yàn)?用戶可能會(huì)在一個(gè)時(shí)間段內(nèi)(一周、一月或幾月)訂閱云上某一部分內(nèi)容,云數(shù)據(jù)提供商如果不希望云服務(wù)提供商來(lái)管理用戶的訪問(wèn)權(quán)限就必須考慮為用戶提供一個(gè)時(shí)限密鑰。本文針對(duì)云環(huán)境下的有時(shí)限的層次訪問(wèn)控制提出了兩種算法。算法一針對(duì)連續(xù)型時(shí)限,這種算法產(chǎn)生的用戶密鑰在同等私密等級(jí)下比其他算法短,密鑰生成算法對(duì)移動(dòng)客戶端是可以接受的。算法二針對(duì)離散型時(shí)限,在對(duì)時(shí)限的處理上離散時(shí)限能夠使用的范圍更廣。此外,我們還對(duì)兩種算法做了安全性證明,這兩種算法都不需要使用防篡改設(shè)備,因此其應(yīng)用面更廣。最后,我們基于HDFS實(shí)現(xiàn)了算法一并提出了一種云端數(shù)據(jù)訪問(wèn)控制系統(tǒng)。這個(gè)系統(tǒng)和以前的研究不同,是使用密鑰分配來(lái)實(shí)現(xiàn)云環(huán)境下的分層訪問(wèn)控制的,在用戶注銷時(shí)的時(shí)間開(kāi)銷遠(yuǎn)小于基于代理重加密(Proxy Re-encryption,PRE)技術(shù)的實(shí)現(xiàn)方法。從實(shí)驗(yàn)結(jié)果來(lái)看,加密和解密的速度都是可接受的。
[Abstract]:In recent years, with the rapid development of cloud computing, service providers are increasingly inclined to deploy local data to the cloud. However, some security issues follow. On the one hand, cloud data providers do not want their data to be peeked at by cloud service providers. On the other hand, cloud data providers want to control their data according to user privileges. Recently, Chen et al. proposed an access control system for data stored in cloud hierarchy for the first time. However, they did not consider the time-limit characteristics. In some applications (such as pay TV), the time-limit characteristics are necessary because users may be in a period of time (week, January or To subscribe to a certain part of the cloud, cloud data providers must consider providing a time-limited key for users if they do not want the cloud service providers to manage their access rights. The user key is shorter than other algorithms at the same level of privacy, and the key generation algorithm is acceptable to mobile clients. In algorithm 2, the discrete time limit can be used more widely for the discrete time limit. Finally, we implement the algorithm based on HDFS and propose a cloud data access control system. This system, unlike previous studies, uses key distribution to achieve hierarchical access control in the cloud environment. The time cost of user logout is much less than that of Proxy-based re-encryption. The experimental results show that the speed of encryption and decryption is acceptable.
【學(xué)位授予單位】：哈爾濱工業(yè)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TN918.4

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 孫軍紅;王新紅;;一種分布式環(huán)境下基于角色的訪問(wèn)控制模型[J];計(jì)算機(jī)工程與應(yīng)用;2011年23期

2 張宏;賀也平;石志國(guó);;基于周期時(shí)間限制的自主訪問(wèn)控制委托模型[J];計(jì)算機(jī)學(xué)報(bào);2006年08期

3 李孟珂,余祥宣;基于角色的訪問(wèn)控制技術(shù)及應(yīng)用[J];計(jì)算機(jī)應(yīng)用研究;2000年10期

4 黃建,卿斯?jié)h,溫紅子;帶時(shí)間特性的角色訪問(wèn)控制[J];軟件學(xué)報(bào);2003年11期

5 孫國(guó)梓;董宇;李云;;基于CP-ABE算法的云存儲(chǔ)數(shù)據(jù)訪問(wèn)控制[J];通信學(xué)報(bào);2011年07期

，

本文編號(hào)：2196937