支持权限管理的高效属性撤销机制  

An Efficient Attribute Revocation Scheme of Supporting Rights Management

在线阅读下载全文

作  者:刘雪贞 崔艳[1] 邓小飞[1] 彭杰 LIU Xue-zhen;CUI Yan;DENG Xiao-fei;PENG Jie(School of Information Engineering,Jiaozuo University,Jiaozuo 454000,China)

机构地区:[1]焦作大学信息工程学院,河南焦作454000

出  处:《计算机与现代化》2021年第7期95-101,共7页Computer and Modernization

基  金:河南省科技厅重大科技攻关项目(202102310204)。

摘  要:针对基于属性的访问控制模型中存在属性撤销后权限确定的问题,本文提出一种支持权限管理的高效属性撤销机制。该方案通过在访问控制机制中引入基于密文策略的属性加密机制CP-ABE来实现密文访问控制,将访问树用主析取范式来表示,主析取范式的每个子集即为访问主体访问资源所需满足的限定条件最小属性集。因此,当属性撤销时,通过判断最小属性集与被撤销属性的关系,来确定被撤销属性对主体的访问是否有影响,进而确定主体的访问权限。性能分析表明,该方案具有较高的安全性,不仅能够实现属性撤销后权限的确定,而且能够抵抗共谋攻击等。Aiming at the problem of permission determination after attributes revocation existing in the attribute based access control model,the paper proposes an efficient attribute revocation scheme supporting rights management.The scheme implements ciphertext access control by introducing attribute encryption mechanism CP-ABE based on ciphertext policy.On the basis of that,the scheme uses the main disjunctive normal form to express the access tree.Every subset in the main disjunctive normal form is called the minimum attribute set of the restrictive condition that the access subject needs to satisfy to access resource.Once occurring attribute revocation,the scheme considers the relationship between the minimum attribute set and the revoked attributes to determine whether the subject’s access permission is changed.The performance analysis shows that the scheme has high security,which not only can determine the authority after the attribute is revoked,but also can resist collusion attacks.

关 键 词:访问控制 属性撤销 CP-ABE 最小属性集 权限 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象