云制造中策略可更新的去中心化访问控制机制  被引量：3

作　　者：李龙[1] 古天龙[2] 常亮[2] 李晶晶[3] 钱俊彦[2] LI Long;GU Tianlong;CHANG Liang;LI Jingjing;QIAN Junyan(School of Electromechanical Engineering,Guilin University of Electronic Technology,Guilin 541004,China;Guangxi Key Laboratory of Trusted Software,Guilin University of Electronic Technology,Guilin 541004,China;School of Information and Communication,Guilin University of Electronic Technology,Guilin 541004,China)

机构地区：[1]桂林电子科技大学机电工程学院,广西桂林541004 [2]桂林电子科技大学广西可信软件重点实验室,广西桂林541004 [3]桂林电子科技大学信息与通信学院,广西桂林541004

出　　处：《计算机集成制造系统》2019年第9期2280-2290,共11页Computer Integrated Manufacturing Systems

基　　金：国家自然科学基金资助项目（U1501252,61572146,61562015,U1711263）;广西自然科学基金资助项目（2016GXNSFDA380006,2017GXNSFAA198283）;广西高等学校高水平创新团队及卓越学者计划资助项目;桂林电子科技大学创新团队资助项目~~

摘　　要：针对传统访问控制难以高效应对云制造因实体规模大、种类多引发的安全问题,提出一种基于属性基加密的访问控制机制。借助于通用属性和数据加密,该机制能够实现对大规模用户及潜在未知用户的批量访问控制。在该机制中,通过部署功能相同且协作支撑的多个授权机构,实现了具备可靠、稳定、高效等特点的去中心化系统框架;基于二叉决策图构造了功能完善的访问结构,以此为基础提出了具备快速解密、策略更新等功能的属性基加密方案,并进一步设计实现了相应的细粒度访问控制系统。理论分析表明,上述机制在安全性、功能实现及算法效率等方面表现理想。Aiming at the problem that the traditional access control schemes can t solve the security issues caused by huge of number and types of entities in cloud manufacturing,a new access control scheme was proposed based on Attribute-Based Encryption(ABE).With the help of generic attributes and data encryption,the proposed scheme could realize batch access control of large-scale users,even potentially unknown users.In the new scheme,multiple authorities of same function were deployed to collaborate with each other,and thus a decentralized system framework of characteristics such as reliable,stable and efficient was implemented.Based on binary decision diagrams,a functional access structure was designed,and an ABE scheme with functions such as fast decryption and policy updating was further proposed.A fine-grained access control system was implemented based on above-mentioned decentralized framework and ABE scheme.Theoretical analysis showed that the above design performed well in security,functionality and efficiency.

关 键 词：云制造 访问控制 属性基加密 二叉决策图 

分 类 号：TH166[机械工程—机械制造及自动化] TP309[自动化与计算机技术—计算机系统结构]