期刊文献+

面向敏感数据共享环境下的融合访问控制机制 被引量:8

Fused access control scheme for sensitive data sharing
下载PDF
导出
摘要 为解决敏感数据共享应用中的数据分发问题和提高数据共享的安全性,将属性基加密机制和使用控制技术相结合,提出一种融合访问控制机制。该机制一方面采用属性基加密机制保证了数据在存储和分发过程中的机密性,通过灵活且可扩展的访问控制策略控制敏感数据的共享范围;另一方面,通过使用控制技术实现对用户的权限控制,防止合法用户对敏感数据进行非法操作,解决共享用户中的权限滥用问题。最后,对机制的安全性和性能进行了分析,显著地降低了服务端的工作负荷,并通过实验测试了该机制的有效性。 In order to improve security of sensitive data sharing and distributing, fused access control scheme based on the mechanism of attribute-based encryption (ABE) and usage control (UCON) was proposed. The scheme could ensure data confidentiality in the storage, distribution process and control sensitive data sharing scope with dynamic access poli- cies. Additionally, the scheme can prevent legal users operating sensitive data illegally and prohibit privilege abuse for domain user.The results of security analysis and efficiency analysis show that fused access control scheme alleviates the administering burdens on data management server and realizes secure storage and distribution for sensitive data.
作者 闫玺玺 耿涛
出处 《通信学报》 EI CSCD 北大核心 2014年第8期71-77,共7页 Journal on Communications
基金 国家自然科学基金资助项目(61300216) 河南理工大学博士基金资助项目(B2013-043) 中国科学院信息工程研究所密码研究专项基金资助项目(Y3Z0032104)~~
关键词 数据共享 访问控制 属性基加密 使用控制 data sharing access control attribute-based encryption scheme usage control
  • 相关文献

参考文献2

二级参考文献29

  • 1Sahai A, Waters B. Fuzzy identity based encryption. In: Proceedings of EUROCRYPT'05. LNCS, 3494. Berlin: Springer, 2005. 457-473.
  • 2Goyal V, Pandey 0, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security. New York: ACM Press, 2006. 89-98.
  • 3Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In: Proceedings of 2007 IEEE Symposium on Security and Privacy. Washington: IEEE Computer Society, 2007. 321-334.
  • 4Cheung L, Newport C. Porvably secure ciphertext policy ABE. In: Proceedings of the 14th ACM Conference on Computer and Communications Security. New York: ACM Press, 2007. 456-465.
  • 5Waters B. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. Cryp?tology ePrint Archive, Report 2008/290.
  • 6Attrapadung N, Imai H. Dual-policy attribute based encryption. In: Applied Cryptography and Network Security. LNCS, 5536. Berlin: Springer, 2009. 168-185.
  • 7Lewko A, Okamoto T, Sahai A, et al. Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Proceedings of EUROCRYPT 2010. LNCS, 6110. Berlin: Springer, 2010. 62-91.
  • 8Shamir A. Identity-based cryptosystems and signature schemes. In: Proceedings of CRYPTO 1984. LNCS, 196. Berlin: Springer, 1984. 47-53.
  • 9Boneh D, Franklin M. Identity based encryption from the Wei! pairing. In: Proceedings of CRYPTO'01. LNCS, 2139. Berlin: Springer, 2001. 213-229.
  • 10Waters B. Efficient identity-based encryption without random oracles. In: Proceedings of EUROCRYPT'05. LNCS, 3494. Berlin: Springer, 2005. 114-127.

共引文献8

同被引文献76

引证文献8

二级引证文献40

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部