一种面向发布订阅系统的访问控制机制

针对发布订阅系统的安全攻击频频出现，为了保护其系统安全和用户隐私，提出一种基于全同态加密算法的访问控制机制（ACHO）。ACHO保证了发布订阅系统中用户交互去耦性和异步通信的特点，同时还能保护系统数据机密性和支持系统可扩展性。ACHO使用全同态加密算法对系统中发布的数据进行加密，同时在密文中嵌入访问控制结构和属性信息来达到控制访问的目的。理论分析了ACHO机制的正确性和安全性。实验结果表明，ACHO在保证安全开销的前提下，达到了发布订阅系统高效运行的性能要求。

ACHO: An Access Control Scheme Based on Full Homomorphic Encryption for Publish-Subscribe System

Due to the complex application scenarios, the publish-subscribe (PS) system suffers from masses of security attacks. In order to protect the system security and users privacy, an access control scheme based on full homomorphic encryption (FHE) for PS system, named access control scheme based on full homomorphic encryption (ACHO), has been proposed in this article. ACHO can guarantee the features of decoupling users' interactions and asynchronous communications for PS system. Meanwhile, ACHO can protect the confidentiality of system data and support the system scalability. Specifically, 1) ACHO utilizes the FHE to encrypt the data published in the PS system, 2) it embeds the access control structure and the access attributes to achieve the aim of access control. Security analysis shows that the ACHO can guarantee the correctness and security in theory. Moreover, the experimental results show that ACHO can efficiently achieve the trade-off between the system cost and the security demand.