面向数据库服务隐私增强的访问控制策略

项目名称： 面向数据库服务隐私增强的访问控制策略

项目编号： No.61202020

项目类型： 青年科学基金项目

立项/批准年度： 2013

项目学科： 计算机科学学科

项目作者： 田秀霞

作者单位： 上海电力学院

项目金额： 23万元

中文摘要： 网络连接的便利、低廉；海量数据的高昂管理费用，使得依托第三方的数据库服务模式成为中小企业用来委托管理自身海量数据的首选。隐私增强的访问控制是实现数据库服务中数据隐私和合法用户授权管理不可缺少的重要机制和关键技术，但目前绝大多数提出的访问控制都只关注了委托数据的隐私保护，而很少关注到委托策略的隐私保护以及随着用户和资源增删改等频繁变动结合委托策略密钥的安全动态更新与分发问题。本项目拟引入基于身份的层次密码机制和密码提交协议作为保护隐私的核心密码机制，采用不同密码机制和委托访问控制策略有效融合的技术，研究面向数据库服务隐私增强的访问控制，包括保护隐私的密码机制构造、密码机制和委托策略有效融合算法、结合委托策略的密钥更新分配模型等内容，从理论与实验上详细分析新隐私增强的访问控制各项性能。本项目提出的理论和原型能够有效地促进数据库服务模式在涉及隐私数据的医疗、证券、电子商务等行业中推广应用。

中文关键词： 数据库服务；访问控制策略；隐私增强；加密机制；

英文摘要： With the convenience and low costs of network connection and the high costs of mass data management, Database as a Service paradigm based on third party platform becomes the first choice of small and medium enterprises, in which the database service provider can manage and maintain the mass delegated data of enterprises on behalf of them. Privacy enhancing access control is one of the most important security mechanisms for data privacy protection and legal users authorization in Database as a Service paradigm, but still, most of the proposed access controls are focusing on the privacy of delegated data, almost no research notices the privacy of delegated access control policy or the secure updating and distribution of keys according to the delegated policy with the frequently of inserting, updating and deleting of users and resources. Our project takes the identity based hierarchical encryption mechanism and commiment protocol as the key cryptographic encryption mechanism, to implement different privacy preservations and adopts the technology of combining different cryptographic encryption mechanisms with delegated access control policy, to implement privacy enhancing access control. We mainly study effective solutions from three aspects in sequence: the construction of cryptographic encryption mechanism ensurin

英文关键词： Database as a Service；Access Control Policy；Privacy Enhancing；Encryption Scheme；