首页 | 本学科首页   官方微博 | 高级检索  
     

基于区块链的策略隐藏大数据访问控制方法
引用本文:林莉, 储振兴, 刘子萌, 郭馥宾, 解晓宇, 张建标. 基于区块链的策略隐藏大数据访问控制方法. 自动化学报, 2023, 49(5): 1031−1049 doi: 10.16383/j.aas.c211178
作者姓名:林莉  储振兴  刘子萌  郭馥宾  解晓宇  张建标
作者单位:1.北京工业大学信息学部 北京 100124;;2.北京工业大学可信计算北京市重点实验室 北京 100124
基金项目:国家自然科学基金(61502017);;北京市自然科学基金(M21039)资助~~;
摘    要:针对大数据应用中用户共享数据的访问控制由半可信云服务商实施所带来的隐私泄露、策略和访问日志易被篡改等问题, 提出一种基于区块链的策略隐藏大数据访问控制方法 (A policy-hidden big data access control method based on blockchain, PHAC). 该方法采用区块链技术实施访问控制以减少对服务商的信任依赖, 引入属性基加密(Attribute-based encryption, ABE)以及双线性映射技术, 实现在不泄露访问控制策略的前提下, 通过智能合约正确执行访问控制策略. 同时, 解耦访问控制策略, 简化用户策略的发布、更新和执行. 并应用链上和链下存储相结合方式, 解决智能合约和访问控制策略占用区块链节点资源不断增大的问题. 最后, 对该方法进行了理论分析和HyperLedger Fabric环境下的实验评估, 结果表明该方法能在策略隐藏情况下有效实现访问控制, 但不会给数据拥有者、区块链节点增加过多额外计算和存储开销.

关 键 词:数据共享   访问控制   区块链   策略隐藏   智能合约
收稿时间:2021-12-09

A Policy-hidden Big Data Access Control Method Based on Blockchain
Lin Li, Chu Zhen-Xing, Liu Zi-Meng, Guo Fu-Bin, Xie Xiao-Yu, Zhang Jian-Biao. A policy-hidden big data access control method based on blockchain. Acta Automatica Sinica, 2023, 49(5): 1031−1049 doi: 10.16383/j.aas.c211178
Authors:LIN Li  CHU Zhen-Xing  LIU Zi-Meng  GUO Fu-Bin  XIE Xiao-Yu  ZHANG Jian-Biao
Affiliation:1. Faculty of Information Technology, Beijing University of Technology, Beijing 100124;;2. Beijing Key Laboratory of Trusted Computing, Beijing University of Technology, Beijing 100124
Abstract:In the current big data application, the access control of user shared data is implemented by the incomplete trusted cloud service provider, which brings problems such as privacy disclosure, policy and access log easy to be tampered. To solve this problem, this paper presents a policy-hidden big data access control method based on blockchain (PHAC), which exploits blockchain technology to implement access control to reduce the reliance of data owners on cloud servers. Attribute-based encryption (ABE) and bilinear mapping are introduced to implement access control policies correctly through smart contracts without disclosing access control policies. Meanwhile, access control policies are decoupled to simplify their release, update and execution. The combination of on-chain and off-chain storage is applied to solve the problem that smart contracts and access control policies occupy too much blockchain node resources. Finally, theoretical analysis and comprehensive experiments in the HyperLedger Fabric environment have been conducted, which demonstrate the effectiveness of the proposed method. It can effectively implement access control while supporting access control policies hidden, however it does not impose too much extra computing and storage overhead on data owners and blockchain nodes.
Keywords:Data sharing  access control  blockchain  policy-hidden  smart contract
点击此处可从《自动化学报》浏览原始摘要信息
点击此处可从《自动化学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号