| 基于属性的安全增强云存储访问控制方案 |
| |
| 引用本文: | 牛德华,马建峰,马卓,李辰楠,王蕾.基于属性的安全增强云存储访问控制方案[J].通信学报,2013,34(Z1):37-284. |
| |
| 作者姓名: | 牛德华 马建峰 马卓 李辰楠 王蕾 |
| |
| 作者单位: | 西安电子科技大学 计算机学院,陕西 西安 710071 |
| |
| 摘 要: | 为了保证云存储中用户数据和隐私的安全,提出了一种基于属性的安全增强云存储访问控制方案。通过共用属性集,将基于属性的加密体制(ABE)与XACML框架有机结合,在XACML框架上实现细粒度的基于属性的访问控制并由ABE保证数据的机密性。考虑到数据量很大时ABE的效率较低,因此,云存储中海量敏感数据的机密性用对称密码体制实现,ABE仅用于保护数据量较小的对称密钥。实验分析表明,该方案不仅能保证用户数据和隐私的机密性,而且性能优于其他同类系统。
|
| 关 键 词: | 云存储 访问控制 XACML框架 基于属性的加密 共用属性集 |
| 收稿时间: | 7/3/2013 12:00:00 AM |
Enhanced cloud storage access control scheme based on attribute |
| |
| De-hua NIU,Jian-feng MA,Zhuo MA,Chen-nan LI,Lei WANG.Enhanced cloud storage access control scheme based on attribute[J].Journal on Communications,2013,34(Z1):37-284. |
| |
| Authors: | De-hua NIU Jian-feng MA Zhuo MA Chen-nan LI Lei WANG |
| |
| Affiliation: | School of Computer Science and Technology, Xidian University, Xi'an 710071, China |
| |
| Abstract: | In order to ensure the security of data and privacy in cloud storage, an enhanced cloud storage access control solution based on attribute was proposed. By designing a common set of attributes, attribute-based encryption(ABE) was integrated into XACML (eXtensible access control markup language) framework and the goal to ensure the confidentiality of sensitive data and to provide fine-grained access control was achieved. Considering the efficiency of ABE is very low when it is used to a large amount of data, symmetric cryptography was used to ensure the confidentiality of the vast amounts of sensitive data while ABE was used to protect the small number of symmetric keys. Experiments show that the scheme can ensure the confidentiality of the data and privacy and its performance is superior to other similar systems. |
| |
| Keywords: | cloud storage access control XACML framework ABE attribute set |
|
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
