通信学报
通信學報
통신학보
JOURNAL OF CHINA INSTITUTE OF COMMUNICATIONS
2014年
4期
53-64
,共12页
陈波%于泠%强小辉%王岩
陳波%于泠%彊小輝%王巖
진파%우령%강소휘%왕암
属性加密%移动存储介质%隐藏访问结构%格安全模型%情境访问控制
屬性加密%移動存儲介質%隱藏訪問結構%格安全模型%情境訪問控製
속성가밀%이동존저개질%은장방문결구%격안전모형%정경방문공제
attribute-based encryption%removable storage media%hidden access structures%lattice security model%con-textual access control
研究了如何增强可信终端对移动存储介质的访问控制能力,以有效避免通过移动存储介质的敏感信息泄露。首先在隐含密文策略的属性加密方法的基础上,提出了基于格结构的属性策略描述方法。将每个属性构成线性格或子集格,属性集构造成一个乘积格,并利用基于格的多级信息流控制模型制定访问策略。证明了新方法的正确性和安全性。新方法在保持已有隐藏访问策略属性加密算法优点的同时,还能有效简化访问策略的表达,更符合多级安全中敏感信息的共享,能够实现细粒度的访问控制。进一步地,通过将移动存储设备和用户的使用情境作为属性构建访问策略,实现了动态的、细粒度的情境访问控制。最终设计了对移动存储介质进行接入认证、情境访问控制的分层安全管理方案。分析了方案的安全性和灵活性,并通过比较实验说明了应用情境访问控制的方案仍具有较好的处理效率。该方案同样适用于泛在环境下敏感信息的安全管理。
研究瞭如何增彊可信終耑對移動存儲介質的訪問控製能力,以有效避免通過移動存儲介質的敏感信息洩露。首先在隱含密文策略的屬性加密方法的基礎上,提齣瞭基于格結構的屬性策略描述方法。將每箇屬性構成線性格或子集格,屬性集構造成一箇乘積格,併利用基于格的多級信息流控製模型製定訪問策略。證明瞭新方法的正確性和安全性。新方法在保持已有隱藏訪問策略屬性加密算法優點的同時,還能有效簡化訪問策略的錶達,更符閤多級安全中敏感信息的共享,能夠實現細粒度的訪問控製。進一步地,通過將移動存儲設備和用戶的使用情境作為屬性構建訪問策略,實現瞭動態的、細粒度的情境訪問控製。最終設計瞭對移動存儲介質進行接入認證、情境訪問控製的分層安全管理方案。分析瞭方案的安全性和靈活性,併通過比較實驗說明瞭應用情境訪問控製的方案仍具有較好的處理效率。該方案同樣適用于汎在環境下敏感信息的安全管理。
연구료여하증강가신종단대이동존저개질적방문공제능력,이유효피면통과이동존저개질적민감신식설로。수선재은함밀문책략적속성가밀방법적기출상,제출료기우격결구적속성책략묘술방법。장매개속성구성선성격혹자집격,속성집구조성일개승적격,병이용기우격적다급신식류공제모형제정방문책략。증명료신방법적정학성화안전성。신방법재보지이유은장방문책략속성가밀산법우점적동시,환능유효간화방문책략적표체,경부합다급안전중민감신식적공향,능구실현세립도적방문공제。진일보지,통과장이동존저설비화용호적사용정경작위속성구건방문책략,실현료동태적、세립도적정경방문공제。최종설계료대이동존저개질진행접입인증、정경방문공제적분층안전관리방안。분석료방안적안전성화령활성,병통과비교실험설명료응용정경방문공제적방안잉구유교호적처리효솔。해방안동양괄용우범재배경하민감신식적안전관리。
To prevent data breaches via removable storage media, the way to enhance the access control capability of hosts within trusted zone with removable storage media attached was explored. Firstly, based on traditional Cipher-text-Policy hiding Attribute-Based Encryption (CP-ABE) schemes, an expression with lattice for attributes was proposed. Each attribute was described as a linear lattice or a subset lattice, and an attribute set was described as a product lattice. Furthermore, the lattice-based multi-level access control model was applied to construct access policies. The new scheme was proven fully secure under the standard model. It effectively simplifies the expression of access policies and satisfies fine-grained access control of sensitive information shared in the context of multi-level security. Secondly, considering the ubiquitous usage of removable storage media, some security attributes associating with the context of use were adopted to construct a lattice structure. Then a dynamic access control could be achieved. Finally, based on authorization and dynamic access control, a layered security solution providing multi-level protection for removable storage media was presented. Security and flexibility of proposed solution was analyzed, and a comparison experiment shows that it still has pretty good efficiency. It also can be applied to information security management in other ubiquitous environments.