微信服务号

微信订阅号

2025年4月3日 15:27 星期四
首页 > 过刊浏览>2016年第27卷第6期 >1432-1450. DOI:10.13328/j.cnki.jos.005003
PDF HTML阅读 XML下载 导出引用 引用提醒
支持策略隐藏的加密云存储访问控制机制
作者:
基金项目:

国家重点基础研究发展计划(973)(2014CB340603);国家高技术研究发展计划(863)(2013AA01A214);中国科学院战略性先导专项(XDA06010702)


Enforcing Access Controls on Encrypted Cloud Storage with Policy Hiding
Author:
Fund Project:

National Program on Key Basic Research Project of China (973) (014CB340603); National High-Tech R&D Program of China (863) (2013AA01A214); Strategy Pilot Project of Chinese Academy of Sciences (XDA06010702)

  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [27]
    • |
  • 相似文献 [20]
    • |
  • 引证文献
    • | |
  • 文章评论
    摘要:

    使用密码技术对云存储数据实施机密性保护和访问控制,是当前云计算安全研究的重要内容.选择加密(selective encryption)技术根据访问控制策略产生密钥推导图来分发密钥,在保证云存储数据机密性和细粒度访问控制的前提下,具有简化文件存储加密、系统密钥量少的优势.然而,已有选择加密方案需要完全或部分地公开访问控制策略,以用于密钥推导;该信息反映了用户/文件之间的授权访问关系,泄露了用户隐私.基于现有的研究工作,提出一种访问控制策略隐藏机制,在支持加密云存储数据的细粒度访问控制和高效密钥分发的前提下,能更好地隐藏访问控制策略信息,而且在密钥获取计算速度上有明显优势.

    Abstract:

    Enforcing access controls on cloud storage by cryptography is an important topic of cloud security. Based on access control policies, selective encryption builds key derivation graphs to distribute symmetric keys among users. Selective encryption can ensure the confidentiality and fine-grained access control of cloud storage data, while simplifying data encryption procedure and reducing the total number of keys. However, the existing selective encryption solutions have to fully or at least partially disclose the access control policies. This policy information unfortunately, is usually related to the authorization relation between users and files, leading to privacy leakage. This work significantly improves the existing policy-hiding schemes (of selective encryption) with much less privacy leakage and much faster key derivation, while supporting fine-grained access control on encrypted cloud storage.

    参考文献
    [1] http://aws.amazon.com/cn/s3/
    [2] https://www.icloud.com/
    [3] http://yun.baidu.com/?ref=ppzq
    [4] http://www.windowsazure.cn/?fb=002
    [5] http://www.ksyun.com/
    [6] http://www.iimedia.cn/38351.html
    [7] http://popcrush.com/apple-releases-statement-icloud-celeb-photo-hacks
    [8] De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Samarati P. Over-Encryption: Management of access control evolution on outsourced data. In: Wolfgang K, ed. Proc. of the 33rd Int'l Conf. on Very Large Data Bases. Vienna: VLDB Endowment, 2007. 123-134.
    [9] De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Samarati P. Encryption policies for regulating access to outsourced data. ACM Trans. on Database Systems, 2010,35(2):12. [doi: 10.1145/1735886.1735891]
    [10] De Capitani di Vimercati S,Foresti S, Jajodia S, Paraboschi S, Pelosi G, Samarati P. Preserving confidentiality of security policies in data outsourcing. In: AtluriV, ed. Proc. of the 7th ACM Workshop on Privacy in the Electronic Society. New York: ACM, 2008. 75-84. [doi: 10.1145/1456403.1456417]
    [11] Agrawal R, Borgida A, Jagadish HV. Efficient management of transitive relationships in large data and knowledge bases. In: Clifford J, ed. Proc. of the 1989 ACM SIGMOD Int'l Conf. on Management of data. New York: ACM, 1989. 253-262. [doi: 10. 1145/66926.66950]
    [12] Yu SC, Wang C, Ren K, Lou WJ. Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Mandyam G, ed. Piscataway: IEEE, 2010. 1-9. [doi: 10.1109/INFCOM.2010.5462174]
    [13] Wang Q, Wang C, Li J, Ren K, Lou WJ. Enabling public verifiability and data dynamics for storages security in cloud computing. In: Proc. of the 14th European Symp. on Research in Computer Security. Berlin, Heidelberg: Springer-Verlag, 2009. 355-370. [doi: 10.1007/978-3-642-04444-1_22]
    [14] De Capitani di Vimercati S, Foresti S, Jajodia S, Livraga G, Paraboschi S, Samarati P. Enforcing dynamic write privileges in data outsourcing. Computers & Security, 2013,47-63. [doi: 10.1016/j.cose.2013.01.008]
    [15] Blundo C, Cimato S, De Capitani di Vimercati S, Santis AD, Foresti S, Paraboschi S, Samarati P. Managing key hierarchies for access control enforcement: Heuristic approaches. Computer & Security, 2010,29:533-547. [doi: 10.1016/j.cose.2009.12.006]
    [16] Jiang WY, Wang Z, Liu LM, Gao N. Towards efficient update of access control policy for cryptographic cloud storage. In: Proc. of the SeucreComm Workshop on Data Protection in Mobile and Pervasive Computing. 2014.
    [17] Sahai A,Waters B. Fuzzy identity-based encryption. In: Cramer R, ed. Advances in Cryptology–EUROCRYPT 2005. Berlin, Heidelberg: Springer-Verlag, 2005. 457-473. [doi: 10.1007/11426639_27]
    [18] Goyal V, Pandey O, Sahai A, Waters B. Attribute-Based encryption for fine-grained access control of encrypted data. In: Juels A, ed. Proc. of the 13th ACM Conf. on Computer and Communications Security. New York: ACM, 2006. 89-98. [doi: 10.1145/ 1180405.1180418]
    [19] Bethencourt J, Sahai A, Waters B. Ciphertext-Policy attribute-based encryption. In: Shands D, ed. Proc. of the 2007 IEEE Symp. on Security and Privacy. Piscataway: IEEE, 2007. 321-334. [doi: 10.1109/SP.2007.11]
    [20] Kapadia A, Tsang PP, Smith SW. Attribute-Based publishing with hidden credentials and hidden policies. In: Proc. of the 14th Annual Network and Distributed System Security Symp. 2007. 179-192.
    [21] Li XH, Gu D, Ren YL, Ding N, Yuan K. Efficient ciphertext-policy attribute based encryption with hidden policy. In: Yang X, ed. Proc. of the 5th Int'l Conf. Berlin, Heidelberg: Springer-Verlag, 2012. 146-159. [doi: 10.1007/978-3-642-34883-9_12]
    [22] Blaze M, Bleumer G, Strauss M. Divertible protocols and atomic proxy cryptography. In: Nyberg K, ed. Advances in Cryptology —EUROCRYPT'98. Berlin, Heidelberg: Springer-Verlag, 1998. 127-144. [doi: 10.1007/BFb0054122]
    [23] Ateniese G, Fu K, Gren M, Hohenberger S. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. on Information and System Security, 2006,9(1):1-30. [doi: 10.1145/1127345.1127346]
    [24] Yu SC, Wang C, Ren K, Lou WJ. Attribute based data sharing with attribute revocation. In: Feng DG, ed. Proc. of the 5th ACM Symp. on Information, Computer and Communications Security. New York: ACM, 2010. 261-270. [doi: 10.1145/1755688. 1755720]
    [25] Tang Y, Lee PPC, Lui JCS, Perlman R. Secure overlay cloud storage with access control and assured deletion. IEEE Trans. on Dependable and Secure Computing, 2012,9(6):903-916. [doi: 10.1109/TDSC.2012.49]
    [26] Liu Q, Wang GJ, Wu J. Time-Based proxy re-encryption scheme for secure data sharing in a cloud environment. Information Sciences, 2012,258(2014):355-370. [doi: 10.1016/j.ins.2012.09.034]
    [27] Weiss MA. Data Structures and Algorithm Analysis in C. Addison-Wesley, 1996.
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

雷蕾,蔡权伟,荆继武,林璟锵,王展,陈波.支持策略隐藏的加密云存储访问控制机制.软件学报,2016,27(6):1432-1450

复制
分享
文章指标
  • 点击次数:6611
  • 下载次数: 8212
  • HTML阅读次数: 2697
  • 引用次数: 0
历史
  • 收稿日期:2015-08-15
  • 最后修改日期:2015-10-09
  • 在线发布日期: 2016-01-22
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第19781059位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号