Attribute-based Distributed Access Control Scheme in Cloud

doi:10.3969/j.issn.1000-3428.2012.11.001

Computer Engineering ›› 2012, Vol. 38 ›› Issue (11): 1-4. doi: 10.3969/j.issn.1000-3428.2012.11.001

Special Issue: ；

• Networks and Communications • Next Articles

Attribute-based Distributed Access Control Scheme in Cloud

ZHANG Zhu-lin, WANG Cai-fen

(College of Mathematics and Information Science, Northwest Normal University, Lanzhou 730070, China)

Received:2011-12-02 Online:2012-06-05 Published:2012-06-05

基于属性的分布式云访问控制方案

张竹林，王彩芬

(西北师范大学数学与信息科学学院，兰州 730070)

作者简介:张竹林(1986－)，女，硕士研究生，主研方向：信息安全，密码学；王彩芬，教授、博士、博士生导师
基金资助:
国家自然科学基金地区科学基金资助项目(61163038, 61 063041)

Abstract

Abstract: Now existing access control scheme has the strong dependence to trusty third party in cloud. With regard to this problem, this paper proposes an access control scheme based on attribute. It designs an access control model in cloud, constructs an access control policy which adopts the way of Attribute-based Encryption(ABE) tree, and presents a method of user revocation and policy updates. Security analysis indicates that the scheme has the features of collusion-resistance, data confidentiality and backward and forward secrecy.

Key words: Attribute-based Encryption(ABE), cloud computing, access control, access tree, CP-ABE algorithm, KP-ABE algorithm

摘要： 云服务中现有访问控制方案对可信第三方具有强烈依赖性。针对该问题，提出一个基于属性的分布式云访问控制方案。建立云访问控制模型，采用ABE的加密树方式构造访问控制策略，并给出用户撤销及策略更新方法。安全性分析表明，该方案能够抵抗共谋攻击，具有数据保密性以及后向前向保密性。

关键词: 基于属性的加密, 云计算, 访问控制, 访问树, CP-ABE算法, KP-ABE算法

CLC Number:

TP309

ZHANG Zhu-Lin, WANG Cai-Fen. Attribute-based Distributed Access Control Scheme in Cloud[J]. Computer Engineering, 2012, 38(11): 1-4.

张竹林, 王彩芬. 基于属性的分布式云访问控制方案[J]. 计算机工程, 2012, 38(11): 1-4.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.3969/j.issn.1000-3428.2012.11.001

http://www.ecice06.com/EN/Y2012/V38/I11/1

References

[1] Crampton J, Martin K, Wild P. On Key Assignment for Hierar- chical Access Control[C]//Proc. of the 19th IEEE Computer Security Foundations Workshop. Venice, Italy: IEEE Computer Society, 2006.
[2] Damiani E, De S, Vimercati C, et al. An Experimental Evaluation of Multi-key Strategies for Data Outsourcing[C]//Proc. of SEC’07. [S. l.]: Springer-Verlag, 2007.
[3] Goyal V, Pandey A, Sahai A, et al. Attribute-based Encryption for Fine-grained Access Control of Encrypted Data[C]//Proc. of the 13th ACM Conf. on Computer and Communications Security. [S. l.]: ACM Press, 2006.
[4] Bethencourt J, Sahai A, Waters B. Ciphertext-policy Attribute- based Encryption[C]//Proc. of IEEE Symposium on Security and Privacy. [S. l.]: IEEE Computer Society, 2007.
[5] Chang Yancheng, Mitzenmacher M. Privacy Preserving Keyword Searches on Remote Encrypted Data[C]//Proc. of ACNS’05. [S. l.]: Springer-Verlag, 2005.
[6] Malek B, Miri A. Combining Attribute-based and Access Sys- tems[C]//Proc. of the 12th IEEE International Conference on Computational Science and Engineering. [S. l.]: IEEE Computer Society, 2009.
[7] Ostrovsky R, Sahai A, Waters B. Attribute-based Encryption with Non-monotonic Access Structures[C]//Proc. of ACM Conf. on Computer and Communications Security. [S. l.]: ACM Press, 2007.
[8] Yu Shucheng, Ren Kui, Lou Wenjing, et al. Defending Against Key Abuse Attacks in KP-ABE Enabled Broadcast Sys- tems[C]//Proc. of the 5th Int’l Conf. on Security and Privacy in Communication Networks. Singapore: Springer-Verlag, 2009.
[9] 洪澄, 张敏, 冯登国. AB-ACCS: 一种云存储密文访问控制方法[J]. 计算机研究与发展, 2010, 47(Z1): 259-265.
[10] Hur J, Noh D K. Attribute-based Access Control with Efficient Revocation in Data Outsourcing Systems[J]. IEEE Trans. on Parallel and Distributed Systems, 2011, 22(7): 1214-1221.
[11] Sahai A, Waters B. Fuzzy Identity Based Encryption[C]//Proc. of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Aarhus, Denmark: Springer-Verlag, 2005.

[1]	Baohua HUANG, Huiying ZHENG, Xi QU, Ningjiang CHEN. Efficient Storage Access Control Scheme for Alliance Chain [J]. Computer Engineering, 2023, 49(8): 37-45.
[2]	FANG Zixuan, CAO Suzhen, YAN Junjian, LU Yanfei, HE Qizhi, WANG Caifen. White-box Traceable CP-ABE Scheme in Smart Healthcare Environment [J]. Computer Engineering, 2023, 49(3): 142-150.
[3]	TIAN Xiuxia, YANG Mingyi. Smart Contract-Based Access Control Mechanism in Home IoT [J]. Computer Engineering, 2023, 49(3): 18-28.
[4]	LIU Zhibin, HUANG Qiulan, HU Qingbao, CHENG Yaodong, HU Yu, TIAN Haolai. Design and Implementation of Fine-Grained Scheduling Strategy for Kubernetes Heterogeneous Resources [J]. Computer Engineering, 2023, 49(2): 31-36,45.
[5]	XI Zhiwen, CAI Jingjing, YANG Wenmin, CHAI Zhilei. Concurrent Request Scheduling Mechanism for FPGA Cloud Platform Based on Microservice Architecture [J]. Computer Engineering, 2022, 48(7): 206-213.
[6]	HE Xiaowei, XU Jingjie, WANG Bin, WU Hao, ZHANG Bowen. Research on Cloud Computing Resource Load Forecasting Based on GRU-LSTM Combination Model [J]. Computer Engineering, 2022, 48(5): 11-17,34.
[7]	LIU Jing, ZHU Bingxu, LIANG Jiahang, REN Nüer, JI Haipeng. Blockchain Access Control Strategy Based on Mainchain and Sidechain Cooperation [J]. Computer Engineering, 2022, 48(3): 10-16,22.
[8]	ZHANG Xiaodong, CHEN Taowei, YU Yimin. A Blockchain Data Sharing Scheme Based on LWE-CPABE [J]. Computer Engineering, 2022, 48(10): 158-168,175.
[9]	SHI Lingpeng, ZHU Zheng, ZHOU Junsong, LI Xin, LI Jing. Load Balancing Mechanism for Microservice Architecture in Cloud-based Systems [J]. Computer Engineering, 2021, 47(9): 44-50,58.
[10]	ZHAO Yufeng, LEI Sheng, ZHANG Guogang, GENG Yingsan. Design and Development of Container-based Cloud Platform for Power Equipment Simulation [J]. Computer Engineering, 2021, 47(9): 171-177,184.
[11]	WANG Jingyu, ZHOU Xuejuan. An Attribute-based Encryption Scheme for Ciphertext Policy that Supports Attribute Revocation [J]. Computer Engineering, 2021, 47(7): 95-100.
[12]	NI Siyuan, HU Hongchao, LIU Wenyan, LIANG Hao. Heterogeneous Cloud Resource Allocation Algorithm Based on Rotation Strategy [J]. Computer Engineering, 2021, 47(6): 44-51,67.
[13]	ZHANG Benhong, WU Haohao, YU Lei. Contention-based Time Division Multiple Access MAC Protocol in Vehicular Ad Hoc Networks [J]. Computer Engineering, 2021, 47(5): 154-159.
[14]	ZHANG Jianguo, HU Xiaohui. Research on Improved Access Control Mechanism of Internet of Things Devices Based on Ethereum [J]. Computer Engineering, 2021, 47(4): 32-39,47.
[15]	ZHANG Jianghui, CUI Bo, LI Ru, SHI Jinshan. Access Control System of Internet of Things Based on Smart Contract [J]. Computer Engineering, 2021, 47(4): 21-31.

Please choose a citation manager

Content to export

Attribute-based Distributed Access Control Scheme in Cloud

基于属性的分布式云访问控制方案

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments

模态框（Modal）标题

Please choose a citation manager

Content to export

Attribute-based Distributed Access Control Scheme in Cloud

基于属性的分布式云访问控制方案

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments