微信服务号

微信订阅号

2025-4-6- 4
Home > Archive>Volume 28, Issue 9, 2017 >2334-2353. DOI:10.13328/j.cnki.jos.005182
PDF HTML XML Export Cite reminder
Access Control Mechanism for Classified and Graded Object Storage in Cloud Computing
Author:
Affiliation:

Fund Project:

Strategic Priority Research Program of Chinese Academy of Sciences (XDA06040601); Science and Technology Projects of State Grid Corporation of China (XXB17201400056); National Natural Science Foundation of China (61370187)

  • Article
    • | |
  • Metrics
    • |
  • Reference [34]
    • |
  • Related [20]
    • | | |
  • Comments
    Abstract:

    With the popularity of cloud computing, the security and manageability of cloud data faces new challenges. Object-based storage cluster is a cloud computing architecture, which is usually used to store classified and graded unstructured data. Under the premise of untrusted cloud service, how to achieve practicable fine-grained access control mechanism of massive classified and graded data while protecting data from unauthorized access, is an urgent issue to be handled. The proposed methods in recent years offer no effective ways to solve this new problem. By taking full advantages of mandatory access control method, attribute-based encryption and object storage technology, and by combining with the characters of classified and graded data, this paper proposes a hierarchical secure label-based access control model in object cloud. Similarly, the core algorithm in this model, which is called CGAC and provably secure, provides a method to embed the hierarchical feature of classified and graded attributes into ABE mechanism, and get constant-size ciphertext. This algorithm not only has flexible access policy and hierarchical authorization structure, but also combines the benefits of metadata management of object storage. Finally, through the theoretical analysis and experimental system implementation, the paper verifies that the model's computation cost in encryption and decryption is acceptable, confirming the proposed method has high practical significance.

    Reference
    [1] Factor M, Meth K, Naor D, Rodeh O, Satran J. Object storage:The future building block for storage systems. In:Proc. of the Local to Global Data Interoperability-Challenges and Technologies. IEEE, 2005. 119-123.[doi:10.1109/LGDI.2005.1612479]
    [2] Mesnier M, Ganger GR, Riedel E. Object-Based storage. IEEE Communications Magazine, 2003,41(8):84-90.[doi:10.1109/MCOM.2003.1222722]
    [3] Committee AIT. Project t10/1355-d working draft:Information technology-SCSI objectbased storage device commands. 2004.
    [4] Arnold J. OpenStack Swift:Using, Administering, and Developing for Swift Object Storage. O'Reilly Media, Inc., 2014.
    [5] Hamlen K, Kantarcioglu M, Khan L, Thuraisingham B. Security issues for cloud computing. International Journal of Information Security and Privacy 2010,4(2):39-51.
    [6] Wang YD, Yang JH, Xu C, Ling X, Yang Y. Survey on access control technologies for cloud computing. Ruan Jian Xue Bao/Journal of Software, 2015,26(5):1129-1150(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/4820.htm[doi:10.13328/j.cnki.jos.004820]
    [7] Bethencourt J, Sahai A, Waters B. Ciphertext-Policy attribute-based encryption. In:Proc. of the IEEE Symp. on Security and Privacy (SP 2007). IEEE, 2007. 321-334.[doi:10.1109/SP.2007.11]
    [8] Bell DE, Padula LJL. Secure computer system:Unified exposition and multics interpretation. In:Proc. of the Secure Computer System Unified Exposition & Multics Interpretation. 1976. 161.
    [9] Shen C. Application analysis of BLP model in cloud storage. Computer & Digital Engineering, 2012,40:65-66(in Chinese with English abstract).[doi:10.3969/j.issn.1672-9722.2012.06.021]
    [10] Lin GY, He S, Huang H, Wu JY, Wei C. Access control security model based on behavior in cloud computing environment. Journal on Communications, 2012,33(3):59-66(in Chinese with English abstract).
    [11] Horwitz J, Lynn B. Toward hierarchical identity-based encryption. In:Proc. of the Advances in Cryptology-EUROCRYPT. Springer-Verlag, 2002. 466-481.[doi:10.1007/3-540-46035-7_31]
    [12] Wan Z, Liu JE, Deng RH. HASBE:A hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. on Information Forensics and Security, 2012,7:743-754.[doi:10.1109/TIFS.2011.2172209]
    [13] Deng H, Wu Q, Qin B, Domingo-Ferrer J, Zhang L, Liu J, Shi WC. Ciphertext-Policy hierarchical attribute-based encryption with short ciphertexts. Information Sciences, 2014,275:370-384.[doi:10.1016/j.ins.2014.01.035]
    [14] You L, Wang L. Hierarchical authority key-policy attribute-based encryption. In:Proc. of the 2015 IEEE 16th Int'l Conf. on Communication Technology (ICCT). IEEE, 2015. 868-872.[doi:10.1109/ICCT.2015.7399963]
    [15] Wang S, Zhou J, Liu JK, Yu J, Chen J, Xie W. An efficient file hierarchy attribute-based encryption scheme in cloud computing. IEEE Trans. on Information Forensics and Security, 2016,11:1265-1277.[doi:10.1109/TIFS.2016.2523941]
    [16] Liu Z, Yan H, Lin Z, Xu L. An improved cloud data sharing scheme with hierarchical attribute structure. Journal of Universal Computerence, 2015,21(3):454-472.[doi:10.3217/jucs-021-03-0454]
    [17] Ge A, Zhang R, Chen C, Ma C, Zhang Z. Threshold ciphertext policy attribute-based encryption with constant size ciphertexts. In:Proc. of the Information Security and Privacy. Springer-Verlag, 2012. 336-349.[doi:10.1007/978-3-642-31448-3_25]
    [18] Zhang XC, Yang G. Attribute-Based access control model with constant-size ciphertext in Hadoop cloud environment. Computer Engineering and Applications, 2015,51(23):87-93(in Chinese with English abstract).[doi:10.3778/j.issn.1002-8331.1311-0372]
    [19] Biswas P, Patwa F, Sandhu R. Content level access control for openstack swift storage. In:Proc. of the 5th ACM Conf. on Data and Application Security and Privacy. ACM Press, 2015. 123-126.[doi:10.1145/2699026.2699124]
    [20] Boneh D. Identity-Based encryption from the Weil pairing. In:Proc. of the Advances in Cryptology-CRYPTO 2001. SpringerVerlag, 2001. 213-229.[doi:10.1007/3-540-44647-8_13]
    [21] Boneh D, Boyen X, Goh EJ. Hierarchical identity based encryption with constant size ciphertext. In:Proc. of the Annual Int'l Conf. on the Theory and Applications of Cryptographic Techniques. Springer-Verlag, 2005. 440-456.[doi:10.1007/11426639_26]
    [22] Ran C, Halevi S, Katz J. Chosen-Ciphertext security from identity-based encryption. Siam Journal on Computing, 2007,36:1301-1328.
    [23] Fujisaki E, Okamoto T. Secure integration of asymmetric and symmetric encryption schemes. Journal of Cryptology, 2013,26:80-101.[doi:10.1007/s00145-011-9114-1]
    [24] Shamir A. How to share a secret. Communications of the ACM, 1979,22:612-613.[doi:10.1145/359168.359176]
    [25] Agrawal S, Freeman DM, Vaikuntanathan V. Functional encryption for inner product predicates from learning with errors. In:Proc. of the Advances in Cryptology-ASIACRYPT 2011, Int'l Conf. on the Theory and Application of Cryptology and Information Security. Seoul, 2011. 21-40.[doi:10.1007/978-3-642-25385-0_2]
    [26] Herranz J, Laguillaumie F, Ràfols C. Constant size ciphertexts in threshold attribute-based encryption. In:Proc. of the Int'l Conf. on Practice and Theory in Public Key Cryptography. 2010. 19-34.[doi:10.1007/978-3-642-13013-7_2]
    [27] Li J, Wang Q, Wang C, Ren K. Enhancing attribute-based encryption with attribute hierarchy. Mobile Networks and Applications, 2011,16:553-561.[doi:10.1007/s11036-010-0233-y]
    [28] Akinyele JA, Green M, Rubin A. Charm:A framework for rapidly prototyping cryptosystems. Cryptology ePrint Archive, Report. 2011/617. 2011.
    [29] Yang T. Sample code of "an access control mechanism for classified and graded object storage in cloud computing". 2016. https://github.com/hbhdytf
    附中文参考文献:
    [6] 王于丁,杨家海,徐聪,凌晓,杨洋.云计算访问控制技术研究综述.软件学报,2015,26(5):1129-1150. http://www.jos.org.cn/1000-9825/4820.htm[doi:10.13328/j.cnki.jos.004820]
    [9] 沈承东,严明向.BLP模型在云存储中应用分析.计算机与数字工程,2012,40:65-66.[doi:10.3969/j.issn.1672-9722.2012.06.021]
    [10] 林果园,贺珊,黄皓,等.基于行为的云计算访问控制安全模型.通信学报,2012,33(3):59-66.
    [18] 张欣晨,杨庚.Hadoop环境中基于属性和定长密文的访问控制方法.计算机工程与应用,2015,51(23):87-93.[doi:10.3778/j.issn. 1002-8331.1311-0372]
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

杨腾飞,申培松,田雪,冯荣权.对象云存储中分类分级数据的访问控制方法.软件学报,2017,28(9):2334-2353

Copy
Share
Article Metrics
  • Abstract:4311
  • PDF: 7546
  • HTML: 3540
  • Cited by: 0
History
  • Received:July 10,2016
  • Revised:November 10,2016
  • Online: September 02,2017
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2033290Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063