电子学报 ›› 2018, Vol. 46 ›› Issue (1): 236-244.DOI: 10.3969/j.issn.0372-2112.2018.01.033

• 学术论文 • 上一篇    下一篇

DACPCC:一种包含访问权限的云计算数据访问控制方案

王于丁, 杨家海   

  1. 清华大学网络科学与网络空间研究院, 北京 100084
  • 收稿日期:2016-08-30 修回日期:2016-10-16 出版日期:2018-01-25
    • 通讯作者:
    • 杨家海
    • 作者简介:
    • 王于丁,男,1984年生于河北石家庄,清华大学网络科学与网络空间研究院博士生.研究方向为云计算安全.
    • 基金资助:
    • 国家自然科学基金 (No.61432009,No.61462009); 教育部博士学科专项基金 (No.20130002110058); 国家863高技术研究发展计划 (No.2015AA015601)

DACPCC:A Data Access Control Scheme with Access Permission for Cloud Computing

WANG Yu-ding, YANG Jia-hai   

  1. Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China
  • Received:2016-08-30 Revised:2016-10-16 Online:2018-01-25 Published:2018-01-25
    • Supported by:
    • National Natural Science Foundation of China (No.61432009, No.61462009); Research Fund for the Doctoral Program of Higher Education of China (No.20130002110058); National High-tech R&D Program of China  (863 Program) (No.2015AA015601)

摘要: 目前云计算访问控制技术最常用的加密体系是CP-ABE,但传统的CP-ABE加密体系中没有涉及用户的访问权限问题,数据提供者只能让用户去读取数据而不能写数据,访问控制机制不灵活,且效率低.针对这一不足,本文提出了一种包含访问权限的高效云计算访问控制方案DACPCC,该方案在CP-ABE基础上设置了权限控制密钥来加密云中的数据,数据提供者通过对权限控制密钥的选择来控制数据的访问权限.文章对DACPCC进行了详细的设计,并做了安全性证明和实验验证,结果表明DACPCC能够让数据提供者对其数据资源进行权限控制,并且是安全和高效的.

关键词: 云计算, 访问控制, 属性基加密, 访问权限, 属性撤销

Abstract: Currently, the most common encryption scheme of cloud computing access control system is CP-ABE, but the conventional CP-ABE encryption did not deal with the issue of user's access permission; data owners only allow the users to read the data but not to write, such kind of coarse access control mechanism is not flexible and low efficiency. To deal with this issue, the paper proposes a Data Access Control scheme with access Permission for Cloud Computing (DACPCC), it sets permission control keys to encrypt the data in cloud based on CP-ABE; the data owner controls the data's access permission by choosing the permission control keys. The paper illustrates the design details of the proposed scheme, then theoretically proves the security and evaluates the performance through simulated experiments; the results show that DACPCC allows the data owners to control the access permission of the data, and it is safe and more efficient.

Key words: cloud computing, access control, CP-ABE, access permission, attribute revocation

中图分类号: