In order to solve the problems of data sharing security and policy conflict in multicloud storage systems(MCSS), this work designs an attribute mapping mechanism that extends ciphertext policy attribute-based encrypti...In order to solve the problems of data sharing security and policy conflict in multicloud storage systems(MCSS), this work designs an attribute mapping mechanism that extends ciphertext policy attribute-based encryption(CP-ABE), and proposes a multi-authority CP-ABE access control model that satisfies the need for multicloud storage access control. The mapping mechanism mainly involves the tree structure of CP-ABE and provides support for the types of attribute values. The framework and workflow of the model are described in detail. The effectiveness of the model is verified by building a simple prototype system, and the performance of the prototype system is analyzed. The results suggest that the proposed model is of theoretical and practical significance for access control research in MCSS. The CP-ABE has better performance in terms of computation time overhead than other models.展开更多
Multicloud access control is important for resource sharing and security interoperability across different clouds,and heterogeneity of access control policy is an important challenge for cloud mashups.XACML is widely ...Multicloud access control is important for resource sharing and security interoperability across different clouds,and heterogeneity of access control policy is an important challenge for cloud mashups.XACML is widely used in distributed environment as a declaratively fine-grained,attribute-based access control policy language,but the policy integration of XACML lacks formal description and theory foundation.Multicloud Access Control Policy Integration Framework(MACPIF)is proposed in the paper,which consists of Attribute-based Policy Evaluation Model(ABPEM),Four-value Logic with Completeness(FLC)and Four-value Logic based Policy Integration Operators(FLPIOs).ABPEM evaluates access control policy and extends XACML decision to four-value.According to policy decision set and policy integration characteristics,we construct FLC and define FLPIOs including Intersection,Union,Difference,Implication and Equivalence.We prove that MACPIF can achieve policy monotonicity,functional completeness,canonical suitability and canonical completeness.Analysis results show that this framework can meet the requirements of policy integration in Multicloud.展开更多
基金supported in part by the Basic Public Welfare Research Program of Zhejiang Province under Grant LGF19F020006 LGF20G030001 GF20G030006the NSFC-Zhejiang Joint Fund for the Integration of Industrialization and Informatization under Grant U1509219。
文摘In order to solve the problems of data sharing security and policy conflict in multicloud storage systems(MCSS), this work designs an attribute mapping mechanism that extends ciphertext policy attribute-based encryption(CP-ABE), and proposes a multi-authority CP-ABE access control model that satisfies the need for multicloud storage access control. The mapping mechanism mainly involves the tree structure of CP-ABE and provides support for the types of attribute values. The framework and workflow of the model are described in detail. The effectiveness of the model is verified by building a simple prototype system, and the performance of the prototype system is analyzed. The results suggest that the proposed model is of theoretical and practical significance for access control research in MCSS. The CP-ABE has better performance in terms of computation time overhead than other models.
基金supported by National Key R&D Program of China (2017YFB0802900)NUPTSF (No. NY219004)
文摘Multicloud access control is important for resource sharing and security interoperability across different clouds,and heterogeneity of access control policy is an important challenge for cloud mashups.XACML is widely used in distributed environment as a declaratively fine-grained,attribute-based access control policy language,but the policy integration of XACML lacks formal description and theory foundation.Multicloud Access Control Policy Integration Framework(MACPIF)is proposed in the paper,which consists of Attribute-based Policy Evaluation Model(ABPEM),Four-value Logic with Completeness(FLC)and Four-value Logic based Policy Integration Operators(FLPIOs).ABPEM evaluates access control policy and extends XACML decision to four-value.According to policy decision set and policy integration characteristics,we construct FLC and define FLPIOs including Intersection,Union,Difference,Implication and Equivalence.We prove that MACPIF can achieve policy monotonicity,functional completeness,canonical suitability and canonical completeness.Analysis results show that this framework can meet the requirements of policy integration in Multicloud.