扩展角色的密文数据访问控制模型

doi:10.13190/jbupt.201105.19.pengwp

北京邮电大学学报 ›› 2011, Vol. 34 ›› Issue (5): 19-24.doi: 10.13190/jbupt.201105.19.pengwp

扩展角色的密文数据访问控制模型

彭维平^1,2,3,4,周亚建^1,3,4,平源^1,3,宋成^1,3,王枞1,3,杨义先^1,3

1.北京邮电大学信息安全中心, 北京 100876; 2.河南理工大学计算机科学与技术学院, 河南焦作 454003;  3.北京邮电大学可信分布式计算与服务教育部重点实验室, 北京 100876;  4.中国电子科技集团公司第二十九研究所电子信息控制重点实验室，成都 610036

收稿日期:2010-12-08 修回日期:2011-06-21 出版日期:2011-10-28 发布日期:2011-08-26
通讯作者: 彭维平 E-mail:pwp9999@hpu.edu.cn
基金资助:
国家高技术研究发展计划项目(2009AA01Z430)；国家自然科学基金项目（60972077, 60973146)；北京市自然科学基金项目(9092009); 电子信息控制重点实验室资助

A RoleExtended RBAC for Encrypted Data

Received:2010-12-08 Revised:2011-06-21 Online:2011-10-28 Published:2011-08-26
Contact: Wei-Ping PENG E-mail:pwp9999@hpu.edu.cn
Supported by:
National Hi-Tech Research and Development Program (863 Program) of China;National Natural Science Foundation of China

摘要/Abstract

摘要：

提出了一种将分级密钥授权融入角色管理的密文数据访问控制（KRBAC）模型，并基于该模型提出了一种元素级的细粒度数据保护方案. KRBAC模型通过划分独立的密钥控制域，将传统的角色扩展为由角色、角色控制域和密钥控制域构成的具有偏序集继承关系和安全约束性质的三元组；在密钥分级的基础上，通过主密钥及数据的特征信息产生元素级的加解密密钥. 分析结果表明，该模型能减少角色数量，降低访问控制的复杂度，提高权限分配的合理性，并能为细粒度的数据保护提供安全基础.

关键词: 扩展角色, 访问控制模型, 授权管理, 密文数据库

Abstract:

A roleextended by key based on rolebased access control (KRBAC) for encrypted data which integrates the hierarchical keys into the role management is proposed. The traditional role is extended here to a triple through dividing the independent control domain of the key, which consists of the role as well as the control domain of role and key, with partially ordered set relations and security constraints. In addition, an elementlevel finegrained data protection is proposed based on the above model. Analysis shows that the working mode of extendedrole can reduce the number of roles and the complexity of access control and improve the rationality of distribution of privileges, besides, it can provide security infrastructure for the finegrained data protection. 

Key words: roleextended, access control model, permissionauthorization, encrypted database

中图分类号:

TP309.08

彭维平,周亚建,平源,宋成,王枞,杨义先. 扩展角色的密文数据访问控制模型[J]. 北京邮电大学学报, 2011, 34(5): 19-24.

参考文献

[1] Sandhu R, Coyne E. Role-based access control models [J]. IEEE Computer, 1996, 29(2): 38-47.
[2] Zhang Yue, Joshi J B D. A scoped administration model for RBAC with hybrid hierarchy [J]. Journal of Information Assurance and Security, 2008, 2: 128-139.
[3] Crampton J, Loizou G. Administrative scope: a foundation for role-based administrative models [J]. ACM Transactions on Information and System Security, 2003, 6(2): 201-231.
[4] Sejong Oh, Sandhu R. An effective role administration model using organization structure [J]. ACM Transactions on Information and System Security, 2006, 9(2): 113-137.
[5] 钟华, 冯玉琳, 姜洪安. 扩充角色层次关系模型及其应用[J]. 软件学报, 2000, 11(6): 779-784. Zhong Hua, Feng Yulin, Jiang Hongan. Role hierarchy model for role-based access control and its application [J]. Journal of Software, 2000, 11(6): 779-784.
[6] An Y A, Hu X H, Song I Y. Maintaining mappings between conceptual models and relational schemas [J]. Journal of Database Management, 2010, 21(3): 36-68. (上接第18页)
[2] Xu X, Sahni S. Approximation algorithms for sensor deployment[J]. IEEE Transactions on Mobile Computing, 2007, 56(12): 1681-1695.
[3] Lin F Y S, Chiu P L. A near-optimal sensor placement algorithm to achieve complete coverage/discrimination in sensor networks[J]. IEEE Comm Letters, 2005, 9(1): 43-45.
[4] 刘巍, 崔莉. 基于蚁群算法的传感器网络节点部署设计[J]. 通信学报, 2009, 30(10): 24-33. Liu Wei, Cui Li. Ant based approach to the optimal deployment in wireless sensor networks[J]. Journal of Communication, 2009, 30(10): 24-33.
[5] Jourdan B, Weck O L. Layout optimization for a wireless sensor network using a multi-objective genetic algorithm//Proceeding of IEEE Vehicular Technology Conference. Los Angeles: IEEE Press, 2004: 2466-2470.
[6] 何欣, 桂小林, 安健. 面向目标覆盖的无线传感器网络确定性部署方法[J]. 西安交通大学学报, 2010, 44(6): 6-10. He Xin, Gui Xiaolin, An Jian. A deterministic deployment approach of nodes in wireless sensor networks for target coverage[J]. Journal of Xian Jiaotong University, 2010, 44(6): 6-10.
[7] Xu Y, Yao X. A GA approach to the optimal placement of sensors in wireless sensor networks with obstacles and preferences//Proceedings of IEEE Conference on Consumer Communications and Networking (CCNC). Las Vegas: IEEE Press, 2006: 127-131.
[8] Hochbaum D S. Approximation algorithms for the set covering and vertex cover problems[J]. SIAM Journal on Computing, 1982, 11(3): 555-556.

扩展角色的密文数据访问控制模型

A RoleExtended RBAC for Encrypted Data

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics

本文评价