支持属性撤销的策略隐藏与层次化访问控制.pdf

Computer Engineering and Applications 计算机工程与应用 2017 ，53（4 ） 51 支持属性撤销的策略隐藏与层次化访问控制 张 赛，杨 庚，韩亚梅，屠袁飞 ZHANG Sai, YANG Geng, HAN Yamei, TU Yuanfei 南京邮电大学 计算机学院，南京 210003 College of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210003, China ZHANG Sai, YANG Geng, HAN Yamei, et al. Attribute-based hierarchical access control with hidden policy sup- porting attribute revocation. Computer Engineering and Applications, 2017, 53 （4 ）：51-58. Abstract ：In attribute-based encryption schemes, access policy may contain some sensitive information, how to achieve policy hidden and have abundant expressive ability of access policy at the same time is one of the urgent problems in the cloud computing environment. Users ’attributes often change in the system, so attribute revocation has become a hot spot of research in recent years. In this paper, a hierarchical access control scheme with hidden policy is proposed. To solve the problem of attribute revocation, the technique of proxy re-encryption is integrated into CP-ABE scheme. Compared with the previous schemes, the scheme both protect the policy and has flexible access control capability. Furthermore, the hierarchical authorization structure which reduces the burden and risk in the case of one single authority making the scheme secure. Key words ：cloud computing; CP-ABE; access control; hidden policy; attribute revocation 摘 要：在属性加密方案中，访问策略中可能包含一些敏感信息，如何在具备丰富的策略表示能力的同时实现访问 策略的隐藏已成为云计算环境中亟待解决的问题之一。另外，考虑到在系统中用户的属性会有经常性的变更，属性 撤销也成为近年来研究的一个热点。提出一种基于属性策略隐藏的层次化访问控制方案，融合代理重加密技术和 CP-ABE 方案，解决属性撤销的问题。与之前的方案相比，既保护了策略的隐私，又具有较灵活的访问控制能力，并 且引入层次化授权结构，减少了单一授权的负担和风险，提高了安全性。 关键词：云计算；CP-ABE ；访问控制；隐藏策略；属性撤销 文献标志码：A 中图分类号：TP393.08 doi ：10.3778/j.issn. 1002-8331.1506-0162 1 引言 基于属性的加密机制（ABE ），自提出以来受到了越 作为一种新型计算模式，云计算以资源租用、服务 来越多的关注，并且得到了广泛的应用。Cheung 等人[1] 外包