对象云存储中分类分级数据的访问控制方法
CSTR:
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

基金项目:

中国科学院战略性先导科技专项(XDA06040601);国家电网公司科技项目(XXB17201400056);新疆维吾尔自治区科技支撑计划(201230121);国家自然科学基金(61370187)


Access Control Mechanism for Classified and Graded Object Storage in Cloud Computing
Author:
Affiliation:

Fund Project:

Strategic Priority Research Program of Chinese Academy of Sciences (XDA06040601); Science and Technology Projects of State Grid Corporation of China (XXB17201400056); National Natural Science Foundation of China (61370187)

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    随着云计算技术的广泛应用,云存储中数据的安全性、易管理性面临着新的挑战.对象云存储系统是一种数据存储云计算体系结构,通常用来存储具有分类分级特点的非结构化数据.在云服务不可信的前提下,如何实现对云存储中大量具有分类分级特点资源的细粒度访问控制机制,保障云存储中数据不被非法访问,是云计算技术中亟需解决的问题.对近些年来国内外学者的成果进行研究发现,现有的方案并不能有效地应对这种问题.利用强制访问控制、属性基加密、对象存储各自的优势,并结合分类分级的属性特点,提出了基于安全标记对象存储访问控制模型.给出了CGAC算法及其安全证明,将分类分级特点的属性层级支配关系嵌入ABE机制中,生成固定长度的密文.该算法不仅访问控制策略灵活,具有层次化授权结构,还可以友好地与对象存储元数据管理机制结合.通过理论效率分析和实验系统实现,验证了所提出方案的计算、通信开销都相对较小,具有很高的实际意义.

    Abstract:

    With the popularity of cloud computing, the security and manageability of cloud data faces new challenges. Object-based storage cluster is a cloud computing architecture, which is usually used to store classified and graded unstructured data. Under the premise of untrusted cloud service, how to achieve practicable fine-grained access control mechanism of massive classified and graded data while protecting data from unauthorized access, is an urgent issue to be handled. The proposed methods in recent years offer no effective ways to solve this new problem. By taking full advantages of mandatory access control method, attribute-based encryption and object storage technology, and by combining with the characters of classified and graded data, this paper proposes a hierarchical secure label-based access control model in object cloud. Similarly, the core algorithm in this model, which is called CGAC and provably secure, provides a method to embed the hierarchical feature of classified and graded attributes into ABE mechanism, and get constant-size ciphertext. This algorithm not only has flexible access policy and hierarchical authorization structure, but also combines the benefits of metadata management of object storage. Finally, through the theoretical analysis and experimental system implementation, the paper verifies that the model's computation cost in encryption and decryption is acceptable, confirming the proposed method has high practical significance.

    参考文献
    相似文献
    引证文献
引用本文

杨腾飞,申培松,田雪,冯荣权.对象云存储中分类分级数据的访问控制方法.软件学报,2017,28(9):2334-2353

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2016-07-10
  • 最后修改日期:2016-11-10
  • 录用日期:
  • 在线发布日期: 2017-09-02
  • 出版日期:
文章二维码
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号