ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2017, Vol. 54 ›› Issue (7): 1603-1616.doi: 10.7544/issn1000-1239.2017.20151135

• 软件技术 • 上一篇    下一篇

支持多用户协同编辑的云存储访问控制方法

史姣丽1,2,黄传河1,何凯1,沈燮阳1,华超1   

  1. 1(武汉大学计算机学院 武汉 430072);2(九江学院 江西九江 332005) (shijiaoli@whu.edu.cn)
  • 出版日期: 2017-07-01
  • 基金资助: 
    国家自然科学基金项目(61373040,61572370)

An Access Control Method Supporting Multi-User Collaborative Edit in Cloud Storage

Shi Jiaoli1,2, Huang Chuanhe1, He Kai1, Shen Xieyang1, Hua Chao1   

  1. 1(School of Computer Science, Wuhan University, Wuhan 430072);2(Jiujiang University, Jiujiang, Jiangxi 332005)
  • Online: 2017-07-01

摘要: 以往的云存储属性基访问控制研究大多数是对外包数据的读权限进行控制,很少考虑多个用户协同编辑云端同一个外包数据时的写权限控制.多用户协同编辑控制存在挑战:1)资源有限的数据拥有者希望云辅助自己对外包数据的写权限进行控制,但不希望云获得数据内容,也不希望云感知匹配内容,甚至不希望云能够预测用户的写权限;2)布尔公式的访问结构无法表达写权限控制策略;3)双线性映射运算计算代价大,不适合多用户协同编辑控制.提出一个支持多用户协同编辑的云存储访问控制方法:数据拥有者采用表达能力更丰富的circuit定义写权限访问控制策略,委托半可信云采用矩阵运算快速判断用户提交的修改数据是否应该接受,并且云不可预测每个用户是否具有写权限.分析与实验表明:该方法具有多用户协同编辑的访问控制能力,并且在读权限控制时,利用云辅助解密方法使得用户端存储量和加解密计算量是较小的.

关键词: 云存储, 访问控制, 属性加密, 多用户协同编辑, 云辅助写权限控制

Abstract: As for attribute-based access control in cloud storage, most of researches focus on reading permission control when multiple users read the same out-sourced data simultaneously. They dot’t consider writing permission control when multiple users modify the same data simultaneously. In multi-user collaborative edit scene, challenges have emerged: 1) A data owner with limited capabilities of computation, storage and communication, would like cloud to aid him with writing permission control, but would not like it to know the content of data, or get what is matched, or even predict the users’ writing permission either. 2) Boolean formula cannot describe writing permission policy. 3) Bilinear pairing operations bring great computational costs. In this work, a collaborative edit access control method is presented in cloud storage. That is, a data owner defines writing permission policy represented by a circuit, and semi-trusted cloud decides whether or not the writing succeeds by matching writing policy without the prediction of acceptability of the next edit request. Analyses and simulations show that our method is provided with the ability of multi-user collaborative access control for cloud storage, and the storage cost and the computation cost of encrypting and decrypting are both lesser at user end in reading permission control with cloud-aided decryption.

Key words: cloud storage, access control, attribute-based encryption (ABE), multi-user collaborative edit, cloud-aided writing permission control

中图分类号: