Computer Engineering and Applications ›› 2024, Vol. 60 ›› Issue (13): 276-286.DOI: 10.3778/j.issn.1002-8331.2305-0207

• Big Data and Cloud Computing • Previous Articles     Next Articles

Attribute-Based Data and Privilege Hybrid Access Control Scheme in Cloud Computing

LIU Qin, LI Pengju, YU Chunwu   

  1. 1.School of Cyber Science and Engineering, Wuhan University, Wuhan 430079, China
    2.School of Computer Science, Wuhan University, Wuhan 430079, China
  • Online:2024-07-01 Published:2024-07-01

云计算中属性基数据与权限混合访问控制方案

刘芹,李鹏举,余纯武   

  1. 1.武汉大学 国家网络安全学院,武汉 430079
    2.武汉大学 计算机学院,武汉 430079

Abstract: The emergence of cloud computing has made it possible to access applications and data from anywhere. Due to its flexibility, efficiency, and resource sharing capabilities, cloud computing has been rapidly applied to various industries and fields. Fine-grained data access control, privacy protection, and privilege control in cloud computing have become hot research issues in both academia and industry. To address these issues, this paper proposes a data and privilege hybrid access control scheme based on SM9 attribute encryption. In scenarios that require encryption of a large amount of hierarchical data, this scheme is more flexible and efficient than traditional attribute-based encryption schemes, the anonymity of it can reduce the leakage of user’s privacy, and hierarchical privilege control makes it possible to manage the operation privilege of cloud data more finely. The security analysis and simulation experiments show that, the proposed scheme is secure under decisional bilinear Diffie-Hellman assumption, and it is efficient in encryption and decryption.

Key words: anonymity, hierarchical data, privilege control, SM9, attribute-based encryption

摘要: 云计算的出现使得从任何位置访问应用程序和数据成为可能,由于其灵活、高效和资源共享的特性,云计算迅速应用于各个行业和领域。云计算中的安全细粒度数据访问控制、隐私保护和权限控制已成为学术界和工业界研究的热点问题。为了解决这些问题,提出一种基于SM9属性加密的数据与权限混合访问控制方案,在需要加密大量具有层次结构的数据的场景下,该方案比传统的属性基加密方案更加灵活高效,匿名的特点可以限制用户隐私泄露,层次权限控制使得更细粒度地管理云数据的操作权限成为可能。安全分析和实验结果表明,该方案在判定性双线性Diffie-Hellman假设下是安全的,在加解密等方面具有良好的工作效率。

关键词: 匿名, 层次数据, 权限控制, SM9, 属性基加密