基于物联网的云数据存储访问和隐私保护机制研究

针对物联网环境下云数据的可信存储、用户隐私信息的可靠保护和访问控制的有效性等问题,提出基于物联网的云数据存储访问与隐私保护机制。在该机制中,首先对云数据库中的数据信息进行基于关系模式的最小属性分解,针对单独属性或属性子集对象进行动态交换加密,生成满足隐私约束规则的最小粒度的密钥,然后针对用户隐私信息从预处理和在线查询两个方面进行保护,当用户进行数据信息访问时,依据授权进行密钥获取,并依据解密算法进行明文解析,当用户授权被撤销时,依据数据库代理服务器更新算法进行信息更新。实验证明,该机制具有良好的执行效率,当资源规模较大时,该访问机制更具有优势。     

访问时间自调节的终端隐私数据保护方法

人们依赖智能终端获取网络服务以满足生活需求,智能终端也因此获得了用户隐私数据的长期使用权,若这些智能设备超出用户可控范围,用户隐私信息也随之泄漏,因此保证终端获取的隐私数据的安全尤其重要。针对以上需求,本文提出了一种访问时间自调节的终端隐私数据保护方法。该方法提供了一种基于滑动时间窗口的细粒度访问控制方法,应用了基于临时参数的动态有限授权规则,并使用临时参数对用户进行身份认证和访问控制,采用数据脱敏对敏感数据进行安全保护,可满足客户端获取的数据的安全性,同时满足了数据的可用性。将本文提出的基于访问控制、授权时间和数据脱敏的方法与现有的数据保护方法进行了对比,结果表明了本方法的可行性和有效性。     

基于上下文和角色的云计算访问控制模型

云计算环境的开放性和动态性容易引发安全问题,数据资源的安全和用户的隐私保护面临严峻考验。针对云计算中用户和数据资源动态变化的特性,提出了一种基于上下文和角色的访问控制模型。该模型综合考虑云计算环境中的上下文信息和上下文约束,将用户的访问请求和服务器中的授权策略集进行评估验证,能够动态地授予用户权限。给出用户访问资源的具体实现过程,经分析比较,进一步阐明该模型在访问控制方面具有较为突出的优点。该方案不仅能够降低管理的复杂性,而且能限制云服务提供商的特权,从而有效地保证云资源的安全。     

社交网络中具有可传递性的细粒度访问控制方案

针对社交网络中隐私保护的需求,基于属性基加密(ABE)算法,提出了一种权限可传递性的细粒度访问控制方案。在方案中通过属性的设置实现了社交网络成员不同粒度的刻画,为细粒度加密和访问提供了基础;同时在方案中引入了代理服务器,对非授权成员与授权成员之间的关系进行分析,从而判定非授权成员的访问权限。若该成员可以获得访问权限,密钥生成中心依据授权成员的属性为其生成解密密钥,进而实现访问权限的传递性。与其他基于访问控制或加密技术的隐私保护方案相比,所提方案将对数据的访问控制和加密保护相统一,在实现数据加密的同时,提供细粒度的访问控制;并结合社交网络的特点实现了访问权限的传递性。     

基于目的和上下文推理的数据库访问控制模型

在信息技术高速发展的今天,作为存储数据最有效的工具,数据库存储了大量与用户个人隐私相关的数据。由于每个人对于隐私信息的保护程度不同,传统数据库访问控制无法保证隐私数据的安全,从而产生了基于目的的访问控制模型。现有的基于目的访问控制模型主要针对数据与允许目的的动态绑定方式进行研究,考虑用户与访问目的的动态分配的研究较少。在过去研究的基础上,提出了一种基于目的和上下文的访问控制模型,模型使用规则推理机制,以用户的上下文信息作为规则触发条件,动态地为用户分配访问目的。实验结果表明,该模型不仅弥补了现有模型的缺点,而且能够高效地控制用户对数据库中隐私数据的访问行为。     

一种面向社交网络的细粒度密文访问控制方案

针对社交网络的隐私保护问题,采用属性基加密算法,提出一种安全、高效、细粒度的社交网络访问控制方案,并建立社交网络体系结构。通过引入线性秘密共享方案构造访问控制策略,实现灵活的访问控制结构,利用重加密技术,将部分重加密工作转移给社交网络平台执行,在保证用户数据安全的前提下,降低用户的计算代价,通过分析非授权成员与授权成员之间的关系,判定非授权成员的访问权限,进而实现访问权限的传递,并分析方案的安全性和有效性。分析结果表明,与现有基于加密技术的隐私保护方案相比,该方案能提高访问结构的表达能力和解密效率。     

安全数据库隐私保护和访问控制集成研究*

数据库数据的合法使用和隐私保护是现代安全数据库系统面临的新挑战。针对目前单方面考虑隐私保护或访问控制技术难以同时满足数据库信息安全和处理性能需求的不足,提出一种集成访问控制和隐私保护技术的安全数据库模型,通过建立查询审计隐私保护模型中的查询可疑性与授权视图访问控制模型中查询有效性之间的关系,形成统一的查询判断方法,并给出多项式时间复杂度的审计算法和集成的安全检查框架,以同时实现数据库系统隐私保护和访问控制的安全功能。     

基于加密技术的外包数据库服务集成安全

针对目前外包数据库服务中单方面考虑某种保护技术难以同时满足外包数据库安全需求的不足,提出一种集成数据机密性、数据隐私、用户隐私和访问控制保护的外包数据库服务模型,采用属性分解和部分属性加密技术,基于结合准标识集自动检测技术的近似算法实现外包数据的最小加密属性分解,同时把密码学应用于辅助随机服务器协议,以实现数据库访问时的用户隐私保护和访问控制。理论分析表明,该模型可以提供有效的数据隐私保护和查询处理,较好的用户隐私保护计算复杂度。     

基于服务商再加密机制的DaaS访问控制方案

为增强DaaS的隐私保护,给出了DaaS中数据隐私的定义并将其作为授权的基本单位,基于数据隐私定义对关系数据表进行了形式化定义,基于DaaS服务框架提出了一种基于双线性映射的DaaS提供商再加密机制,将该机制与访问控制策略结合,设计了DaaS下保护隐私的访问控制方案,并分析了该方案的正确性与安全性.新方案不仅实现了服务提供者对委托密文数据细粒度、灵活的访问控制管理,还可有效地防止用户与服务提供商的合谋攻击.     

网络用户行为的隐私保护数据挖掘方法

隐私保护的数据挖掘近年来已经为数据挖掘的研究热点,Web网站的服务器日志保存了用户访问页面的信息,如果不加以保护会导致用户隐私数据的泄漏。针对这个问题,讨论了在Web数据挖掘中用户行为的隐私保护问题,进而提出一种将Web服务器日志信息转换成关系数据表的方法,并通过随机化回答方法产生干扰数据表项中信息,再以此为基础,提供给数据使用者进行频繁项集以及强关联规则的发现算法,从而得到真实保密的网上购物篮商品间的关联规则。经实验证明,提出的Web使用挖掘中的隐私保护关联规则挖掘算法隐私性较好,具有一定的适用性。     

在线社交网络中延伸访问控制机制研究

针对社交网络中用户发布的数据延伸不可控的问题,提出了一种基于隐私标签的延伸控制机制。该机制基于用户关系跳数和资源转发跳数给用户和数据分配不同类型的隐私标签,以实现对数据的细粒度延伸访问控制。提出了隐私标签的生成算法和分配方法,设计了隐私标签约束规则并对可能出现的策略冲突进行分析。最后通过测试,表明了该机制可以实现社交网络中细粒度延伸控制,同时证明了该机制的安全性和有效性。     

An energy efficient privacy-preserving content sharing scheme in mobile social networks

The rising popularity of mobile social media enables personalization of various content sharing and subscribing services. These two types of services entail serious privacy concerns not only to the confidentiality of shared content, but also to the privacy of end users such as their identities, interests and social relationships. Previous works established on the attribute-based encryption (ABE) can provide fine-grained access control of content. However, practical privacy-preserving content sharing in mobile social networks either incurs great risk of information leaking to unauthorized third parties or suffers from high energy consumption for decrypting privacy-preserving content. Motivated by these issues, this paper proposes a publish–subscribe system with secure proxy decryption (PSSPD) in mobile social networks. First, an effective self-contained privacy-preserving access control method is introduced to protect the confidentiality of the content and the credentials of users. This method is based on ciphertext-policy ABE and public-key encryption with keyword search. After that, a secure proxy decryption mechanism is proposed to reduce the heavy burdens of energy consumption on performing ciphertext decryption at end users. The experimental results demonstrate the efficiency and privacy preservation effectiveness of PSSPD.     

基于蓝牙技术的近距离移动SNS设计与实现

由于手机中GPS系统定位精度低和室内环境中卫星信号弱,造成移动SNS在室内和近距离环境中社交网络扩展性能差。针对这种情况,提出了基于蓝牙技术的近距离社交网络扩展算法。算法首先在服务器端保存SNS用户手机蓝牙地址与用户的对应信息,然后按照同一区域内"一台蓝牙手机搜索到另一台蓝牙手机"的蔓延模式找到直接相邻的周边用户列表,再在服务器端对周边用户列表按照深度优先算法进行社交网络的深度搜索,找到尽可能多的周边用户并建立社交网络。实验结果表明,移动SNS系统采用该算法比采用现有技术能更加有效、快速地扩展近距离范围内的社交网络。     

社交网络中用户隐私推理与保护研究综述

如今微博和Twitter等社交网络平台被广泛地用于交流、创建在线社区并进行社交活动。用户所发布的内容可以被推理出大量隐私信息,这导致社交网络中针对用户的隐私推理技术的兴起。利用用户的文本内容及在线行为等知识可以对用户进行推理攻击,社交关系推理和属性推理是对社交网络用户隐私的两种基本攻击。针对推理攻击保护机制和方法的研究也在日益增加,对隐私推理和保护技术相关的研究和文献进行了分类并总结,最后进行了探讨和展望。     

无线物联网安全管理机制研究

为了保证无线物联网中的终端和服务器系统安全、平稳运行,保障用户隐私不被泄露、篡改和用户身份不被假冒,文章采用数据加密、身份认证、入侵检测、访问控制等技术,提出了包括终端、传输、服务器安全机制的无线物联网安全管理机制,从而为无线物联网面临的数据截获、篡改、非法访问和攻击等安全威胁提供了解决方案。     

Privacy as information access and illusory control: The case of the Facebook News Feed privacy outcry

Increasingly, millions of people, especially youth, post personal information in online social networks (OSNs). In September 2006, one of the most popular sites—Facebook.com—introduced the features of News Feed and Mini Feed, revealing no more information than before, but resulting in immediate criticism from users. To investigate the privacy controversy, we conducted a survey among 172 current Facebook users in a large US university to explore their usage behaviors and privacy attitudes toward the introduction of the controversial News Feed and Mini Feed features. We examined the degree to which users were upset by the changes, explored the reasons as to why, and examined the influences of the News Feed privacy outcry on user behavior changes. The results have demonstrated how an easier information access and an “illusory” loss of control prompted by the introduction of News Feed features, triggered users’ privacy concerns. In addition to enhancing our theoretical understanding of privacy issues in the online social networks, this research is also potentially useful to privacy advocates, regulatory bodies, service providers, and marketers to help shape or justify their decisions concerning the online social networks.     

Open Wireless Networks on University Campuses

Open wireless networks raise privacy issues and entail increased risk of malicious attacks and illegal downloading activities. Such networks are nonetheless attractive—particularly to universities—because they enhance usability and thus expand access to nonsensitive system resources. At universities, such access brings numerous benefits to students, faculty, and the surrounding community alike. Here, the authors describe the challenges of removing individual user authentication requirements at the perimeter of a university network in which mobile device users access system resources over wireless links to the wired infrastructure. The authors discuss how to mitigate the security and privacy risks entailed in an open network of this sort, and also describe how IT departments can vary the network's degree of openness.     

LotusNet: Tunable privacy for distributed online social network services

The evolution of the role of online social networks in the Web has led to a collision between private, public and commercial spheres that have been inevitably connected together in social networking services since their beginning. The growing awareness on the opaque data management operated by many providers reveals that a privacy-aware service that protects user information from privacy leaks would be very attractive for a consistent portion of users. In order to meet this need we propose LotusNet, a framework for the development of social network services relying on a peer-to-peer paradigm which supports strong user authentication. We tackle the trade-off problem between security, privacy and services in distributed social networks by providing the users the possibility to tune their privacy settings through a very flexible and fine-grained access control system. Moreover, our architecture is provided with a powerful suite of high-level services that greatly facilitates custom application development and mash up.     

Cyclic stable matching for three-sided networking services

Three-sided relationship is very common in the social and economic area, e.g., the supplier–firm–buyer relationship, kidney exchange problem. The three-sided relationship can also be found in many scenarios of computer networking systems involving three types of agents, which we regard as three-sided networks. For example, in sensor networks, data are retrieved from data sources (sensors) and forwarded to users through a group of servers. In such three-sided networks, users always prefer to receive the best data services from data sources, data sources would choose servers that are more efficient to deliver their data, and servers try to satisfy more users. Such preferences form a specific cyclic relationship and how to optimally allocate network resources to satisfy preferences of all parties becomes a great challenge. In this paper, inspired by the three-sided stable matching, we model the Three-sided Matching with Size and Cyclic preference (TMSC) problem for data sources, servers and users, aiming to find a stable matching for them, where all their preferences are satisfied. TMSC is different from the traditional three-sided matching models, as each server may normally serve more than one users. We show that the problem of seeking an optimal stable matching with maximum cardinality is NP-hard and propose efficient algorithms for the restricted model of TMSC problem to find a stable matching. The effectiveness of the proposed algorithms is validated through extensive simulations.     

A privacy self-assessment framework for online social networks

During our digital social life, we share terabytes of information that can potentially reveal private facts and personality traits to unexpected strangers. Despite the research efforts aiming at providing efficient solutions for the anonymization of huge databases (including networked data), in online social networks the most powerful privacy protection “weapons” are the users themselves. However, most users are not aware of the risks derived by the indiscriminate disclosure of their personal data. Moreover, even when social networking platforms allow their participants to control the privacy level of every published item, adopting a correct privacy policy is often an annoying and frustrating task and many users prefer to adopt simple but extreme strategies such as “visible-to-all” (exposing themselves to the highest risk), or “hidden-to-all” (wasting the positive social and economic potential of social networking websites). In this paper we propose a theoretical framework to i) measure the privacy risk of the users and alert them whenever their privacy is compromised and ii) help the users customize semi-automatically their privacy settings by limiting the number of manual operations. By investigating the relationship between the privacy measure and privacy preferences of real Facebook users, we show the effectiveness of our framework.