基于属性的安全增强云存储访问控制方案

doi:10.3969/j.issn.1000-436x.2013.z1.037

摘要/Abstract

摘要：

为了保证云存储中用户数据和隐私的安全，提出了一种基于属性的安全增强云存储访问控制方案。通过共用属性集，将基于属性的加密体制(ABE)与XACML框架有机结合，在XACML框架上实现细粒度的基于属性的访问控制并由ABE保证数据的机密性。考虑到数据量很大时ABE的效率较低，因此，云存储中海量敏感数据的机密性用对称密码体制实现，ABE仅用于保护数据量较小的对称密钥。实验分析表明，该方案不仅能保证用户数据和隐私的机密性，而且性能优于其他同类系统。

关键词: 云存储, 访问控制, XACML框架, 基于属性的加密, 共用属性集

Abstract:

In order to ensure the security of data and privacy in cloud storage, an enhanced cloud storage access control solution based on attribute was proposed. By designing a common set of attributes, attribute-based encryption(ABE) was integrated into XACML (eXtensible access control markup language) framework and the goal to ensure the confidential-ity of sensitive data and to provide fine-grained access control was achieved. Considering the efficiency of ABE is very low when it is used to a large amount of data, symmetric cryptography was used to ensure the confidentiality of the vast amounts of sensitive data while ABE was used to protect the small number of symmetric keys. Experiments show that the scheme can ensure the confidentiality of the data and privacy and its performance is superior to other similar systems.

Key words: cloud storage, access control, XACML framework, ABE, attribute set

牛德华,马建峰,马卓,李辰楠,王蕾. 基于属性的安全增强云存储访问控制方案[J]. 通信学报, 2013, 34(Z1): 276-284.

De-hua NIU,Jian-feng MA,Zhuo MA,Chen-nan LI,Lei WANG. Enhanced cloud storage access control scheme based on attribute[J]. Journal on Communications, 2013, 34(Z1): 276-284.

图/表 12

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

图11

图12

参考文献 20

[1]	CHRISTIAN C , IDIT K , ALEXANDER S T . Trusting the cloud[J]. ACM SIGACT News Archive, 2009,40(2):81-86.
[2]	ERIC Y , JIN T , HAMILTON B A . Attributed based access control (ABAC) for web services[A]. Proceedings of the IEEE International Conference on Web Services[C]. Orlando Florida,USA, 2005.7.
[3]	SAHAI A , WATERS B . Fuzzy identity based encryption[J]. LNCS, 2005,3494(1):457-473.
[4]	YU S C , WANG C , REN K . Achieving secure, scalable, and fine-grained data access control in cloud computing[A]. Proceedings of the 2010 IEEE INFOCOM[C]. Piscataway, NJ, USA, 2010.534-542.
[5]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attrib-ute-based encryption[A]. Proceedings of 2007 IEEE Symposium on Security and Privacy[C]. Berkeley, USA, 2007.321-334.
[6]	MALEK B , MIRI A . Combining attribute-based and access sys-tems[A]. Proceedings of 12th IEEE Int′l Conf on Computational Sci-ence and Engineering[C]. Vancouver, Canada, 2009.305-312.
[7]	洪澄，张敏，冯登国．面向云存储的高效动态密文访问控制[J]．通信学报， 2011,32(7):90-98. HONG C , ZHANG M , FENG D G . Achieving effitient dynamic cryp-tographic access control in cloud storage[J]. Joumal on Communica-tions, 2011,32(7):90-98.
[8]	OASIS eXtensible access control markup language (XACML)[EB/OL]. .
[9]	GOYAL V , PANDEY O , SAHAI A . Attibute-based encryption for fine-grained access control of encrypted data[A]. Proceedings of the 13th ACM Conference on Computer and Communications Security[C]. New York, USA, 2006.89-98.
[10]	WAN Z G , LIU J , DENG R H . HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing[J]. IEEE Transactions on Information Forensics and Security, 2012,7(2):743-754.
[11]	洪澄，张敏，冯登国． AB-ACCS：一种云存储密文访问控制方法[J]．计算机研究与发展， 2010,47:259-265. HONG C , ZHANG M , FENG D G . AB-ACCS: a cryptographic access control scheme for cloud storage[J]. Journal of Computer Research and Development, 2010,47:259-265.
[12]	HUR J B , NOH D K . Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Par-allel and Distributed Systems, 2011,22(7):1214-1221.
[13]	WANG G J , LIU Q , WU J . Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[A]. Proceedings of the 17th ACM Conference on Computer and Communications secu-rity[C]. New York, USA, 2010.735-737.
[14]	Brief introduction to XACML[EB/OL]. .
[15]	XACML open source project SUNXACML[EB/OL]. .
[16]	XACML open source project NDG-XACML[EB/OL]. .
[17]	Advanced crypto software collection[EB/OL]. .
[18]	XACML open source project enterprise XACML[EB/OL]. .
[19]	XACML open source project XEngine[EB/OL]. .
[20]	XACML 2.0 conformance tests[EB/OL]. .