共查询到10条相似文献,搜索用时 156 毫秒
1.
The sharing of Personal Health Records (PHR) in cloud computing is a promising platform of health information exchange. However, the storage of personal medical and health information is usually outsourced to some third parties which may result in the exposure of patients’ privacy to unauthorized individuals or organizations. In order to address this security loophole, we suggest a promising solution. We propose a new approach for fine-grained access control and secure sharing of signcrypted (sign-then-encrypt) data. We call our new primitive Ciphertext-Policy Attribute-Based Signcryption (CP-ABSC) which satisfies the requirements of cloud computing scenarios for PHR. CP-ABSC combines the merits of digital signature and encryption to provide confidentiality, authenticity, unforgeability, anonymity and collusion resistance. The correctness, security and efficiency of this scheme are also proven. 相似文献
2.
3.
随着新冠疫情的持续发展, 许多国家和地区都对确诊患者及密接者的个人信息数据和位置数据进行了严密的监管。与此同时, 如何在共享患者必要信息的同时, 确保患者及密接者的个人隐私不被泄露, 访问过程透明化、可溯源、数据不被篡改, 已成为当今亟需解决的关键问题。基于此, 本文提出了一种可追责的医疗属性通行证(AMAP)访问控制方案, 方案首先将区块链与基于属性的访问控制模型相结合, 在引入区块链对访问过程进行溯源的同时, 将访问控制策略和访问时系统中的关键步骤以智能合约的形式部署到区块链上, 使整个系统既能保障用户对数据的安全访问, 又能够对整个访问过程进行溯源。特别地, 方案引入了医疗属性通行证模块, 用户以通行证的方式申请访问, 避免了传统访问控制模型中主体属性与访问控制策略的多次匹配,在实现医疗数据细粒度访问控制的同时, 一定程度上提高了访问效率。最后, 通过安全性分析表明本方案可以抵抗拒绝服务攻击、恶意篡改攻击、单点失效攻击、主体伪装攻击、重放攻击等。实验及性能分析表明本方案与其他方案相比, 在相同访问控制策略的情况下访问次数越多, 本方案的优势越明显; 在相同访问次数情况下访问控制策略个数越多, 本方案的优势越明显。 相似文献
4.
Autonomic computing and communication has become a new paradigm for dynamic service integration and resource sharing in today's
ambient networks. Devices and systems need to dynamically collaborate and federate with little known or even unknown parties
in order to perform everyday tasks. Those devices and systems act as independent nodes that autonomously manage and enforce
their own security policies.
Thus in autonomic pervasive communications clients may not know a priori what access rights they need in order to execute
a service nor service providers know a priori what credentials and privacy requirements clients have so that they can take
appropriate access decisions.
To solve this problem we propose a negotiation scheme that protects security and privacy interests with respect to information
disclosure while still providing effective access control to services. The scheme proposes a negotiation protocol that allows
entities in a network to mutually establish sufficient access rights needed to grant a service.
相似文献
相似文献
5.
The increasing availability of information about people’s context makes it possible to deploy context-sensitive services, where access to resources provided or managed by a service is limited depending on a person’s context. For example, a location-based service can require Alice to be at a particular location in order to let her use a printer or learn her friends’ location. However, constraining access to a resource based on confidential information about a person’s context can result in privacy violations. For instance, if access is constrained based on Bob’s location, granting or rejecting access will provide information about Bob’s location and can violate Bob’s privacy. We introduce an access-control algorithm that avoids privacy violations caused by context-sensitive services. Our algorithm exploits the concept of access-rights graphs, which represent all the information that needs to be collected in order to make a context-sensitive access decision. Moreover, we introduce hidden constraints, which keep some of this information secret and thus allow for more flexible access control. We present a distributed, certificate-based access-control architecture for context-sensitive services that avoids privacy violations, two sample implementations, and a performance evaluation. 相似文献
6.
The web services used on desktop can be accessed through a smartphone due to the development of smart devices. As the usage of smartphones increases, the importance of personal information security inside the smartphone is emphasized. The openness features of Android platform make a lot easier to develop an application and also deploying malicious codes into application is an easy task for hackers. The security practices are also growing rapidly as the number of malicious code increases exponentially. According to these circumstances, new methods for detecting and protecting the behavior of leaked personal information are needed to manage the personal information within a smartphone.In this paper, we study the permission access category in order to detect the malicious code, which discloses the personal information on Android environment such as equipment and location information, address book and messages, and solve the problem related to Resource access of Random Access Control method in conventional Android file system to detect the new malware or malicious code via the context ontology reasoning of permission access and API resource information which the personal information are leaked through. Then we propose an inference-based access control model, which can be enabled to access the proactive security. There is more improvement accuracy than existing malicious detecting techniques and effectiveness of access control model is verified through the proposal of inference-based access control model. 相似文献
7.
Various miniaturized computing devices that store our identity information are emerging rapidly and are likely to become ubiquitous in the future. They allow private information to be exposed and accessed easily via wireless networks. When identity and context information is gathered by pervasive computing devices, personal privacy might be sacrificed to a greater extent than ever before. People whose information is targeted may have different privacy protection skills, awareness, and privacy preferences. In this research, we studied the following issues and their relations: (a) identity information that people think is important to keep private; (b) actions that people claim to take to protect their identities and privacy; (c) privacy concerns; (d) how people expose their identity information in pervasive computing environments; and (e) how our RationalExposure model can help minimize unnecessary identity exposure. We conducted the research in three stages, a comprehensive survey and two in-lab experiments. We built a simulated pervasive computing shopping system, called InfoSource. It consisted of two applications and our RationalExposure model. Our data show that identity exposure decisions depended on participants’ attitudes about maintaining privacy, but did not depend on participants’ concerns or security actions that they claimed to have taken. Our RationalExposure model did help the participants reduce unnecessary disclosures. 相似文献
8.
云计算环境的开放性和动态性容易引发安全问题,数据资源的安全和用户的隐私保护面临严峻考验。针对云计算中用户和数据资源动态变化的特性,提出了一种基于上下文和角色的访问控制模型。该模型综合考虑云计算环境中的上下文信息和上下文约束,将用户的访问请求和服务器中的授权策略集进行评估验证,能够动态地授予用户权限。给出用户访问资源的具体实现过程,经分析比较,进一步阐明该模型在访问控制方面具有较为突出的优点。该方案不仅能够降低管理的复杂性,而且能限制云服务提供商的特权,从而有效地保证云资源的安全。 相似文献
9.