A Study Of Document Composite And Document Security For Ubiquitous Computing Mode

The Internet makes it possible to easily combine new documents using informationfrom many disparate sources. As a result, these documents, which we call compositedocuments, play an increasingly important role in service providing, resource sharing,predictive parsing and information interaction. Some research results on the usage andsecurity management ofproprietarycomposite documents have been proposed. However,not only the theory and method of document composite is rarelycovered, but also lack ofthe research on data security and private preserve during composite process. Therefore,it’s especially important to study the topics of this dissertation. In addition, theapplicability and practicalness are quite vital.The dissertation mainly concerns with the model and method of networkeddocument composite, the security requirement analysis anf security managementmechanism for ubiquitous computing mode. Its major contributions are outlined asfollows:1. The feasibility of document generation by compositing autonomously anddynamically hasbeenstudied. Wehasproposed aconception named networked documentcomposite(abbreviated to NDC), a novel scaleable scheduling technology to enablegenerating new document by composite components from web under collaboration andinteraction. The conception of networked document composite determines the tasks andrelations among NDC’s paradigm, domain engineering and application engineering.Further, we has proposed both a network access architecture of user and a scheme ofdocument compsite. In this scheme, when one user connects network brokers, a set ofagents of each broker execute document components searching and informationexchanging to form composite document driven by user composite requirement.2. As a key technology for the quality control of cloud services, secure access tocomposite document has been studied. We describe the “live” characteristics ofstructureddocument and tenants’ diverse action patterns to access structured document in cloudcomputing. And then, we systematically present the access control requirements forstructured document in cloud computing from the following aspects: action-based,control tenants’ access actions, tenants’ privacy protection, fine-grained, multilevelsecurity, and self-adaptive policies. Finally, we present the Action-based MultilevelAccess Control model (ABMAC) framework to implement the access controlrequirements. Meanwhile the privacy preserve issue has also been studied. We analyzethe suitability of attribe-based encryption and integrity verification, the necessity to distinguishing composite operation from synthetic attack and the maneuverability byactive deletion with copy retroaction at composite document expiration time for storedcomposite documents.3. When agents areorganized asdigital communties, both thetrust levelofagent andthe cooperation among agents inside and outside of community fields in digitalcommunity have been studied. A novel community field-centric trust-based accesscontrolmodel(referred to astheCTBAC) wasdeveloped. Therearetwo novelingredients.First, A community field was established in terms of agent’s own contexts and trustcertificate. Thus, the trust level could be dynamically adjusted based on the sessions.Secondly, the activation and use of access control permissions according to the matchrelationship between the trust level of agents and trust threshold. We compare ourproposed CTBAC model to several access control models and its effectiveness in bothdynamic permission control and security protection is demonstrated.4. Both the timed-released principle and the privacy leakage risk of electronicdocuments stored in cloud servers have been studied. To overcome this problem, wedevelop a novel two-step scheme for self-destructing electronic document by usingidentity-based timed-release encryption(referred to as ITE). In the first step, we usesymmetric key to encrypt the electronic document. Thus, we can obtain an extractedciphertext and an encapsulated ciphertext by using an extraction algorithm. Secondly, weuse ITE algorithm to encrypts the symmetric key. On one hand, we get the ciphertextshares and distribute it into the distributed Hash table (DHT) networkbycombining key’sciphertext and the extracted ciphertext. On the other hand, the encapsulated ciphertext isstored in cloud servers after encapsulated into a self-destructing object. There are twoadvantages for the proposed scheme. First, we can only access the protected electronicdocument when the desired release time arrived. Second, the original decryption keycannot be recovered after a certain period of time. The reason is that DHT network willdiscard the stored ciphertext shares automatically, so the function of self-destruction isimplemented safely. Security analysis shows that our proposed ESITE scheme is able toresist against cryptanalysis attacks from the cloud servers and the Sybil attacks from theDHT network. Experimental results demonstrate that the computational overheads of theproposed scheme is much lower than existing schemes.