A Cloud Storage Data Access Control Scheme Based on Attribute-Sets Encryption

来源 :第十二届中国可信计算与信息安全学术会议 | 被引量 : 0次 | 上传用户:szoysj
下载到本地 , 更方便阅读
声明 : 本文档内容版权归属内容提供方 , 如果您对本文有版权争议 , 可与客服联系进行内容授权或下架
论文部分内容阅读
  In order to solve the data security problem in cloud storage system,an access control scheme which supports for a finer attribute expression for cloud storage data based on CP-ASBE(Ciphertext-Policy Attribute-Sets Based Encryption)is propoesed in this paper,which can solve the problem of attribute confusion based on attribute encryption algorithm.A multi-authorization center is used to address single-point security issues.The digest of plaintext is used to encrypt the plaintext,and then the CP-ASBE encryption key is used to improve the efficiency and save the storage space of the cloud storage.In terms of attribute revocation,access control lists are used to handle coarse-grained privilege revocation.For fine-grained attribute revocation,proxy re-encryption is used and the complex calculations are delegated to the computationally powerful DataNode node.The confidentiality,integrity,non-repudiation,availability and security of the scheme are analyzed and proved.The results show that the cloud storage data access control scheme based on CP-ASBE can effectively improve the security of user data in HDFS(Hadoop Distributed File System)cloud storage system.
其他文献
At present,Vehicular Ad-Hoc Networks(VANETs)has been a hot research topic for researchers in the intelligent transportation.It can not only provide real-time traffic information for managers,but also
云计算的虚拟化、跨平台、多租户等特点,使得云安全问题日益突出,用户无法保证上传资料的安全。本文拟基于文件访问行为检测方法,对文件访问程序的行为进行度量和验证,并对远程证明机制进行扩展,提高云计算环境的安全性。针对度量目标问题,采用构建系统依赖图的方法(System DependenceGraph,SDG)),研究数据与程序间的依赖关系,建立程序行为验证的目标集,较好的解决了度量粒度的问题;针对度量
网络协议流量识别可以识别流量所属的网络应用或者协议,进而及时发现和处理网络故障和安全漏洞,提高网络服务质量和保障网络空间安全。近几年,网络协议流量识别受到广泛关注并取得了许多重要成果。故本文首先总结4 种主要网络协议流量识别方法:基于行为的识别方法、基于负载随机性的识别方法、基于有效负载的识别方法和基于机器学习的识别方法;然后分别基于4 种应用场景:在线加密流量、在线非加密流量、离线加密流量和离线
在信息安全中,用户被视为信息安全的“薄弱环节”。攻击者在用户端系统不断升级软件、安全加固的情况下,充分利用用户的脆弱性,使用户在攻击策略的误导下泄露密码,打开恶意邮件附件或是访问恶意网站。这个过程被统称为社会工程学攻击,即使是最健壮的系统安全防护机制对该攻击也束手无策。本文聚焦于技术领域内的社会工程学攻击——信息欺骗攻击,即攻击者主动操纵人机接口,欺骗用户以建立人机虚假信任,误导用户操作以绕过防御
Wireless sensor networks(WSNs)face many security challenges in their applications.In order to improve the security of WSNs,a trust security algorithm based on nodes behavior analysis and cloud model i
在侧信道攻击中,传统的相关性能量分析攻击通常会将多个S 盒分离各个击破。但是针对单个S 盒的相关性能量分析攻击不但忽略了其它S 盒的能量信息而且增加了分析噪声,降低了密钥恢复的效率和正确率。本文针对相关性能量分析在攻击多个S 盒对应密钥的过程中产生计算量过大的问题,提出了一种基于粒子群算法的多盒新型能量分析模型。该模型利用粒子群优化算法结构简单、搜索速度快以及具有记忆性的特点同时完成对多个S 盒的
Security compliance auditing against standards,regulations or requirements in cloud environments is of increasing importance to boost trust between stakeholders.Many automatic security compliance audi
软件漏洞是诸多安全事件的源头,而针对漏洞利用的恶意样本攻击则是当前主要的攻击手段.恶意样本通常会以嵌入恶意代码的方式实现利用漏洞安装运行其他下载项、混淆恶意代码、安装木马、设置后门等一系列恶意行为,进而造成极大的安全威胁.恶意样本由于结构复杂,使用灵活,对其的检测存在很大的难度.现有的恶意样本检测方法绝大多数建立在检测模式或规则上,难以应对高结构化恶意样本的模式或规则难以抽取等问题.本文提出了一种
Millionaire problem and private set intersection problem are not only the basic issues in the secure multiparty computation,but also the building block for privacy-preserving cooperative computation.H
Block chain is widely used in the financial field for its characteristics of centralization,anonymity and trust.Electronic money payment is an important application hotspot.Ring signature is widely us