面向隐私保护的云数据访问模型与方法研究

项目名称： 面向隐私保护的云数据访问模型与方法研究

项目编号： No.61462069

项目类型： 地区科学基金项目

立项/批准年度： 2015

项目学科： 自动化技术、计算机技术

项目作者： 谭跃生

作者单位： 内蒙古科技大学

项目金额： 44万元

中文摘要： 云计算环境下的数据安全问题日益突出，特别是隐私数据保护是云用户最为关心的问题。访问控制是保护用户隐私数据的有效措施，而云计算访问控制的核心问题是密钥管理和加密机制。本研究拟在以往研究工作的基础上，提出一个云计算环境下的新型访问控制模型，并从性能和安全性等多个角度提出适合云计算环境下的访问控制模型的算法。该模型将采用多个授权中心，将属性划分成多个不相交的不同属性子集，把访问结构融入到属性集合中，每个属性集合都有不同的授权中心进行分散协调管理，降低风险，既能减轻单个授权中心工作量，又能容忍多个授权机构合谋获取用户身份等隐私信息。设计了一个无需在线服务器支持的属性加密叛逆者追踪方案，研究提出基于属性的匿名云数据访问控制方案，扩展访问结构树为访问权限树，隐藏访问策略，适应云计算复杂多变的特点，建立动态的属性密钥分配机制和撤销机制，尽量减少密钥分发带来的复杂性，能实现细粒度访问控制和保护隐私。

中文关键词： 云计算；隐私保护；访问控制

英文摘要： As the continuous development of cloud computing technology, cloud data security issues have become increasingly prominent.Especially the protection of data privacy is among the most concerning problem. Access control in cloud computing is the effective measures to protect the user's privacy data,whose core is key management and encryption mechanism. Based on our previous work，a innovative access control model is proposed for a cloud computing environment. This model can not only provide efficient and flexible access control strategy in a complex and changing environment of cloud computiong,but also can provide privacy data protection. the algorithms which suitable for access control model are proposed from mulit-angle of performance and security in cloud computing. Multi-authorities are used in the model. the attributes are divided into many not-intersact attributes subsets and the access structure is integrated into attribute sets. the attribute sets are managered by multiple authorities in order to reduce risk.Also,it lighten the workload of a single authority and prevent authorities from collision attack. We introduce the traitor tracing mechanism of broadcast encryption into attribute based encryption,and design a concrete attribute based traitor tracing scheme within formal definition and securitymodels.Additionally,our scheme does not need such an online server. The anonymous cloud data access control scheme is proposed based on attribute. the scheme extends access structure tree as access privilege tree and hides access policy . in order to adapt to the complex characteristics of cloud computering enviroment,dynamic access control strategy,the dynamic attribute key distribution mechanism and revocation mechanism is established. the scheme can protect user's privacy data and implement fine-grained access control .

英文关键词： cloud computing;privacy preserving;access control