Research On Attribute Based Encryption Mandatory Access Control In Cloud

With the rapid development of computer technology and information technology,information security has become a research focus in Internet industry,and the protection of information resources has become a top priority in the research work.The main objectives of information security are confidentiality,integrity,and availability.Mandatory access control is one of the means to achieve these goals.In the information security level protection systems of our country,the important government,military and commercial system must implement the mandatory access control.Moreover,the flexibility of the mandatory access control mechanism is insufficient,and the existing mandatory access control scheme relies on the local trusted server to execute the access control policy,which is difficult to directly apply in the outsourcing environment.The attribute-based encryption mechanism embeds an access control policy into a ciphertext or a key,which more securely encrypts the protected data and better protects the secure storage of the information resource on the cloud server.a mandatory access control scheme suitable for outsourcing environments is designed,aiming at the security protection of information resources in the cloud environment in the thesis,which is based on the classic mandatory access control model and attribute-based encryption mechanism.First of all,the existing attribute-based encryption scheme is improved in this thesis,a fine-grained confidentiality mandatory access control scheme is designed,which combines the BLP mandatory access control model,and uses a hierarchical attribute-based encryption scheme.This method can achieve a single file hierarchy.The fine-grained enforced access control on the cloud is particularly suitable for enforcement of enforced access control policies on untrusted cloud storage servers in outsourced environments.In addition,the light-weight end users and timely user rights revocation are considered in this scheme.Secondly,the above-mentioned scheme is improved in this thesis,combined with the classic Biba mandatory access control model,an integrated mandatory access control scheme is designed in the outsourcing environment,which greatly enhanced the integrity of the information,and also realized the timely user revocation of authority.In order to analyze the feasibility and efficiency of the proposed scheme,simulation experiments and performance analysis are performed in the same experimental environment.The highefficiency of the scheme is proved,and can be applied to different actual information systems.Finally,the security of the two schemes are analyzed in this thesis,and the security can be proved in the generic group model.