云计算环境中数据分布式强制访问控制算法研究

在云计算环境中,用户把敏感数据外包在云端,所以数据强制访问控制成为目前云计算研究中亟需解决的问题。当前常用的解决算法是加密数据密钥,但这种算法因密钥分发及数据管理导致计算开销大。因此,提出一种新的云计算环境中数据分布式强制访问控制算法,介绍了云计算环境中数据访问流程,分析基于密文策略和属性的加密算法,利用属性集合对云计算环境中的用户身份进行描述,通过访问控制树表示数据分布式强制访问控制结构,在用户属性集符合既定访问控制结构的情况下,用户才能够完成对数据的解密。通过属性私钥申请、文件上传和文件下载三个过程实现数据分布式强制访问控制。实验结果表明,所提算法在效率、安全性、内存消耗和控制精度四个方面均显示出了很大的优势。

Research on distributed mandatory access control algorithm in cloud computing environment

In cloud computing environment, the user is sensitive to the data in the cloud, so the data mandatory access control has become an urgent problem to be solved in the research of cloud computing. At present, the most commonly used algorithm is to encrypt the data key, but the algorithm has high computational cost due to the key distribution and data management. Therefore, a new cloud computing environment data distributed mandatory access control algorithm, this paper introduces the process of data access in the cloud computing environment, encryption algorithm analysis and ciphertext policy attribute based on the attribute set, using cloud computing environment to describe the identity of the user, through the access control tree data distributed mandatory access control structure. In accordance with established user attribute set access control structure, the user can complete the decryption of data. Data distributed mandatory access control is implemented through three processes: attribute private key application, file upload and file download. The experimental results show that the proposed algorithm has great advantages in four aspects: efficiency, security, memory consumption and control accuracy.