Research On Sensitive Data Access Control Based On Browser Plug-in And CP-ABE

The feature that easily transfer, copy and restore the regenerative of electronic resource is the biggest thread to data security. Currently, encryption technology is the mainly method for the secure storage of sensitive data. Data encryption technology is precautions beforehand, now wildly used to mange sensitive data in some national defense science and industry unit. However, data encryption will not solve the security problems of the whole life cycle of the sensitive data. Security called whole life cycle refers to the secure of storage, dissemination and sharing process.This paper analyzes the security risks of sensitive data existing its whole life cycle, as well as security solutions. Based on the local browser plug-in technology come up with a common resource access control model using CP-ABE and for example of PDF, this paper implemented a prototype system. Access control model Combining with CP-ABE encryption technology and access control technology, user fits the access control tree can view the protected resources, and users that lack of authority cannot get the plaintext. When data landing, the data are re-encrypted and the key associated with current unique machine ID and user unique identity information, so that only on the machine can view the data with user's operation, it can ensure that the data is safe in user's machine. At the same time, the introduction of private key seq and index server in this paper make changes of user's attributes and resources access control strategy take effect in real time to solve the issues of attribute revoked and access control policy change.Finally, the paper did the security analysis for the access control model from three aspects, and usability testing of the prototype system. Experiments show that recender process time for normal file size remained at a relatively low level, the absolute value of the time caused by the access control overhead is not high, The model can be a good solution of the security requirements of sensitive data on storage, dissemination and shar-ing.