| 扩展角色的密文数据访问控制模型 |
| |
| 引用本文: | 彭维平,周亚建,平源,宋成,王枞,杨义先. 扩展角色的密文数据访问控制模型[J]. 北京邮电大学学报, 2011, 34(5): 19-24 |
| |
| 作者姓名: | 彭维平 周亚建 平源 宋成 王枞 杨义先 |
| |
| 作者单位: | 北京邮电大学信息安全中心,北京100876;河南理工大学计算机科学与技术学院,河南焦作454003;北京邮电大学可信分布式计算与服务教育部重点实验室,北京100876;中国电子科技集团公司第二十九研究所电子信息控制重点实验室,成都610036;北京邮电大学信息安全中心,北京100876;北京邮电大学可信分布式计算与服务教育部重点实验室,北京100876;中国电子科技集团公司第二十九研究所电子信息控制重点实验室,成都610036;北京邮电大学信息安全中心,北京100876;北京邮电大学可信分布式计算与服务教育部重点实验室,北京100876 |
| |
| 基金项目: | 国家高技术研究发展计划项目(2009AA01Z430);国家自然科学基金项目(60972077,60973146);北京市自然科学基金项目(9092009);电子信息控制重点实验室资助 |
| |
| 摘 要: | 提出了一种将分级密钥授权融入角色管理的密文数据访问控制(KRBAC)模型,并基于该模型提出了一种元素级的细粒度数据保护方案. KRBAC模型通过划分独立的密钥控制域,将传统的角色扩展为由角色、角色控制域和密钥控制域构成的具有偏序集继承关系和安全约束性质的三元组;在密钥分级的基础上,通过主密钥及数据的特征信息产生元素级的加解密密钥. 分析结果表明,该模型能减少角色数量,降低访问控制的复杂度,提高权限分配的合理性,并能为细粒度的数据保护提供安全基础.
|
| 关 键 词: | 扩展角色 访问控制模型 授权管理 密文数据库 |
| 收稿时间: | 2010-12-08 |
A Role-Extended RBAC for Encrypted Data |
| |
| PENG Wei-ping,ZHOU Ya-jian,PING Yuan,SONG Cheng,WANG Cong,YANG Yi-xian. A Role-Extended RBAC for Encrypted Data[J]. Journal of Beijing University of Posts and Telecommunications, 2011, 34(5): 19-24 |
| |
| Authors: | PENG Wei-ping ZHOU Ya-jian PING Yuan SONG Cheng WANG Cong YANG Yi-xian |
| |
| Affiliation: | 1,3(1.Misnistry of Education Information Security Center,Beijing University of Posts and Telecommunications,Beijing 100876,China; 2.School of Computer Science and Technology,Henan Polytechnic University,Henan Jiaozuo 454003,China; 3.Key Laboratory of Trustuorthy Distributed Computing and Service(BUPT),Ministry of Education,Beijing 100876,China; 4.Science and Technology on Electronic Control Laboratory,Southwest China Research Institute of Electronic Equipment,Chengdu 610036,China) |
| |
| Abstract: | A role extended by key based on role based access control (KRBAC) for encrypted data which integrates the hierarchical keys into the role management is proposed. The traditional role is extended here to a triple through dividing the independent control domain of the key, which consists of the role as well as the control domain of role and key, with partially ordered set relations and security constraints. In addition, an element level fine grained data protection is proposed based on the above model. Analysis shows that the working mode of extended role can reduce the number of roles and the complexity of access control and improve the rationality of distribution of privileges, besides, it can provide security infrastructure for the fine grained data protection. |
| |
| Keywords: | role extended access control model permission authorization encrypted database |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《北京邮电大学学报》浏览原始摘要信息 |
|
点击此处可从《北京邮电大学学报》下载全文 |
|
