{"title":"面向网络存储系统的安全细粒度访问控制机制","authors":"Hsiao-Ying Lin, J. Kubiatowicz, Wen-Guey Tzeng","doi":"10.1109/SERE.2012.35","DOIUrl":null,"url":null,"abstract":"Networked storage systems provide storage services for users over networks. Secure networked storage systems store encrypted data to guarantee data confidentiality. However, using encryption schemes somehow restricts the access control function over stored data. We address the access control function for a secure networked storage system by proposing a fine-grained access control mechanism. In our mechanism, a user cannot only read or write data but also grant the reading permissions of a single file or a whole directory of files to others with low cost. Moreover, these functions are supported in a confidential way against honest-but-curious storage servers. Our technical contribution is to propose a hybrid encryption scheme for a typical structure of a file system by integrating a hierarchical proxy re-encryption scheme and a hierarchical key assignment scheme. We measure the computation overhead for reading, writing, and granting operations by experiments. Our experimental results show that getting a finer access control mechanism does not cost much.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"53 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"A Secure Fine-Grained Access Control Mechanism for Networked Storage Systems\",\"authors\":\"Hsiao-Ying Lin, J. Kubiatowicz, Wen-Guey Tzeng\",\"doi\":\"10.1109/SERE.2012.35\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Networked storage systems provide storage services for users over networks. Secure networked storage systems store encrypted data to guarantee data confidentiality. However, using encryption schemes somehow restricts the access control function over stored data. We address the access control function for a secure networked storage system by proposing a fine-grained access control mechanism. In our mechanism, a user cannot only read or write data but also grant the reading permissions of a single file or a whole directory of files to others with low cost. Moreover, these functions are supported in a confidential way against honest-but-curious storage servers. Our technical contribution is to propose a hybrid encryption scheme for a typical structure of a file system by integrating a hierarchical proxy re-encryption scheme and a hierarchical key assignment scheme. We measure the computation overhead for reading, writing, and granting operations by experiments. Our experimental results show that getting a finer access control mechanism does not cost much.\",\"PeriodicalId\":191716,\"journal\":{\"name\":\"2012 IEEE Sixth International Conference on Software Security and Reliability\",\"volume\":\"53 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE Sixth International Conference on Software Security and Reliability\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SERE.2012.35\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE Sixth International Conference on Software Security and Reliability","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERE.2012.35","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Secure Fine-Grained Access Control Mechanism for Networked Storage Systems
Networked storage systems provide storage services for users over networks. Secure networked storage systems store encrypted data to guarantee data confidentiality. However, using encryption schemes somehow restricts the access control function over stored data. We address the access control function for a secure networked storage system by proposing a fine-grained access control mechanism. In our mechanism, a user cannot only read or write data but also grant the reading permissions of a single file or a whole directory of files to others with low cost. Moreover, these functions are supported in a confidential way against honest-but-curious storage servers. Our technical contribution is to propose a hybrid encryption scheme for a typical structure of a file system by integrating a hierarchical proxy re-encryption scheme and a hierarchical key assignment scheme. We measure the computation overhead for reading, writing, and granting operations by experiments. Our experimental results show that getting a finer access control mechanism does not cost much.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
