高级检索
    史姣丽, 黄传河, 何凯, 沈燮阳, 华超. 支持多用户协同编辑的云存储访问控制方法[J]. 计算机研究与发展, 2017, 54(7): 1603-1616. DOI: 10.7544/issn1000-1239.2017.20151135
    引用本文: 史姣丽, 黄传河, 何凯, 沈燮阳, 华超. 支持多用户协同编辑的云存储访问控制方法[J]. 计算机研究与发展, 2017, 54(7): 1603-1616. DOI: 10.7544/issn1000-1239.2017.20151135
    Shi Jiaoli, Huang Chuanhe, He Kai, Shen Xieyang, Hua Chao. An Access Control Method Supporting Multi-User Collaborative Edit in Cloud Storage[J]. Journal of Computer Research and Development, 2017, 54(7): 1603-1616. DOI: 10.7544/issn1000-1239.2017.20151135
    Citation: Shi Jiaoli, Huang Chuanhe, He Kai, Shen Xieyang, Hua Chao. An Access Control Method Supporting Multi-User Collaborative Edit in Cloud Storage[J]. Journal of Computer Research and Development, 2017, 54(7): 1603-1616. DOI: 10.7544/issn1000-1239.2017.20151135

    支持多用户协同编辑的云存储访问控制方法

    An Access Control Method Supporting Multi-User Collaborative Edit in Cloud Storage

    • 摘要: 以往的云存储属性基访问控制研究大多数是对外包数据的读权限进行控制,很少考虑多个用户协同编辑云端同一个外包数据时的写权限控制.多用户协同编辑控制存在挑战:1)资源有限的数据拥有者希望云辅助自己对外包数据的写权限进行控制,但不希望云获得数据内容,也不希望云感知匹配内容,甚至不希望云能够预测用户的写权限;2)布尔公式的访问结构无法表达写权限控制策略;3)双线性映射运算计算代价大,不适合多用户协同编辑控制.提出一个支持多用户协同编辑的云存储访问控制方法:数据拥有者采用表达能力更丰富的circuit定义写权限访问控制策略,委托半可信云采用矩阵运算快速判断用户提交的修改数据是否应该接受,并且云不可预测每个用户是否具有写权限.分析与实验表明:该方法具有多用户协同编辑的访问控制能力,并且在读权限控制时,利用云辅助解密方法使得用户端存储量和加解密计算量是较小的.

       

      Abstract: As for attribute-based access control in cloud storage, most of researches focus on reading permission control when multiple users read the same out-sourced data simultaneously. They dot’t consider writing permission control when multiple users modify the same data simultaneously. In multi-user collaborative edit scene, challenges have emerged: 1) A data owner with limited capabilities of computation, storage and communication, would like cloud to aid him with writing permission control, but would not like it to know the content of data, or get what is matched, or even predict the users’ writing permission either. 2) Boolean formula cannot describe writing permission policy. 3) Bilinear pairing operations bring great computational costs. In this work, a collaborative edit access control method is presented in cloud storage. That is, a data owner defines writing permission policy represented by a circuit, and semi-trusted cloud decides whether or not the writing succeeds by matching writing policy without the prediction of acceptability of the next edit request. Analyses and simulations show that our method is provided with the ability of multi-user collaborative access control for cloud storage, and the storage cost and the computation cost of encrypting and decrypting are both lesser at user end in reading permission control with cloud-aided decryption.

       

    /

    返回文章
    返回