[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN115514536A - A method for secure sharing of traceable data in a cloud-assisted Internet of Things environment - Google Patents

A method for secure sharing of traceable data in a cloud-assisted Internet of Things environment Download PDF

Info

Publication number
CN115514536A
CN115514536A CN202211067416.6A CN202211067416A CN115514536A CN 115514536 A CN115514536 A CN 115514536A CN 202211067416 A CN202211067416 A CN 202211067416A CN 115514536 A CN115514536 A CN 115514536A
Authority
CN
China
Prior art keywords
data
cloud
owner
label
trusted authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211067416.6A
Other languages
Chinese (zh)
Inventor
金舒原
鲁金钿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sun Yat Sen University
Original Assignee
Sun Yat Sen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sun Yat Sen University filed Critical Sun Yat Sen University
Priority to CN202211067416.6A priority Critical patent/CN115514536A/en
Publication of CN115514536A publication Critical patent/CN115514536A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Automation & Control Theory (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a safe sharing method of traceable data in a cloud-assisted Internet of things environment, which comprises the following steps: constructing a fine-grained distributed information flow control model supporting identity traceability; based on a trusted authority center, a data owner marks data and uploads the data to a cloud; based on the label and the label distributed by the trusted authority center, the data user sends the received label and the label to the cloud end as a part of data request parameters to request the required data; based on a fine-grained distributed information flow control model supporting identity traceability, the cloud end carries out data sharing decision on a data request of a data user; when the data sharing decision is true, the trusted authority center performs identity verification on the data user; and when the identity verification result is true, the cloud delivers the data to the data user. By using the invention, traceability of the identity of the data user in the data sharing process can be realized.

Description

一种云辅助的物联网环境下可追溯的数据的安全共享方法A method for secure sharing of traceable data in a cloud-assisted Internet of Things environment

技术领域technical field

本发明涉及数据安全共享领域,尤其涉及一种云辅助的物联网环境下可追溯的数据的安全共享方法。The invention relates to the field of data security sharing, in particular to a method for security sharing of traceable data in a cloud-assisted Internet of Things environment.

背景技术Background technique

物联网是一个物理客体组成的网络,这些物理客体可以是传感器、摄像机及智能设备等,这些客体间相互连接并频繁发生数据交换;在过去的十几年里,云计算、移动边缘计算、无线通信技术及物联网等信息技术迅猛发展,使得智能设备及传感器数量呈爆炸式增长,彻底革新了人们的生活方式、认知观念及思维模式;然而,由于物联网设备计算、存储及网络资源均有限,数据的存储和处理无疑是一个巨大的挑战;因此,云辅助的物联网模式应运而生,在该模式下海量数据均被上传到云中进行计算、处理及管理,这在极大程度减少了物联网设备在数据处理等方面的开销;但是由于云本身特有的不完全可信特性,也带来了一些列如数据机密性和完整性、数据泄露、数据恶意访问等安全问题。The Internet of Things is a network composed of physical objects. These physical objects can be sensors, cameras, and smart devices. These objects are connected to each other and frequently exchange data. In the past ten years, cloud computing, mobile edge computing, wireless The rapid development of information technologies such as communication technology and the Internet of Things has led to an explosive growth in the number of smart devices and sensors, which has completely revolutionized people's lifestyles, cognitive concepts and thinking patterns; however, due to the computing, storage and network resources of IoT devices limited, data storage and processing is undoubtedly a huge challenge; therefore, the cloud-assisted Internet of Things model emerged as the times require, in which massive data are uploaded to the cloud for calculation, processing and management, which to a great extent It reduces the overhead of IoT devices in data processing; however, due to the incomplete trustworthiness unique to the cloud itself, it also brings some security issues such as data confidentiality and integrity, data leakage, and malicious access to data.

中国专利文献号CN110990858A公开了一种基于分布式信息流控制的跨云资源共享系统及方法,该系统包括:注册管理模块、数据管理模块、身份认证模块、信息流控制模块、日志数据库和日志审计模块。该方法包括:资源请求云发起注册请求,请求消息通过网络平台转发到注册管理模块,注册管理模块执行注册操作并将请求云包含的资源信息存储到数据管理模块;数据管理模块存储的请求云的资源信息以一定的数据结构存储并发送身份认证模块对所属资源请求云进行身份认证;当资源请求云的请求消息通过网络平台发送至身份认证模块,解析请求消息并根据解析结果对资源请求云进行验证;信息流控制模块对接收到的的资源或者服务数据进行认证,保证数据的合法性;日志审计模块对日志数据库中的日志信息进行审计,进行行为安全预警和检测。通过使用本发明可以实现对云数据资源的细粒度跟踪及控制,从保密性和完整性方面严格保护共享数据的过程安全,系统开销小且不会造成额外的存储开销,但是当数据在数据所有者和数据用户之间发生共享时,无法确定数据用户的身份。Chinese patent document number CN110990858A discloses a cross-cloud resource sharing system and method based on distributed information flow control, the system includes: registration management module, data management module, identity authentication module, information flow control module, log database and log audit module. The method includes: the resource request cloud initiates a registration request, the request message is forwarded to the registration management module through the network platform, the registration management module performs the registration operation and stores the resource information contained in the request cloud into the data management module; the request cloud stored by the data management module The resource information is stored in a certain data structure and sent to the identity authentication module to authenticate the resource request cloud; when the request message of the resource request cloud is sent to the identity authentication module through the network platform, the request message is parsed and the resource request cloud is processed according to the analysis result. Verification; the information flow control module authenticates the received resource or service data to ensure the legitimacy of the data; the log audit module audits the log information in the log database, and conducts behavioral security warning and detection. By using the present invention, fine-grained tracking and control of cloud data resources can be realized, the process security of shared data can be strictly protected from the aspects of confidentiality and integrity, the system overhead is small and no additional storage overhead will be caused, but when the data is in the data When sharing occurs between the author and the data user, the identity of the data user cannot be determined.

发明内容Contents of the invention

为了解决上述技术问题,本发明的目的是提供一种云辅助的物联网环境下可追溯的数据的安全共享方法,能够实现数据共享过程中数据用户身份的可追溯。In order to solve the above technical problems, the object of the present invention is to provide a method for securely sharing traceable data in a cloud-assisted Internet of Things environment, which can realize the traceability of data user identities during the data sharing process.

本发明所采用的技术方案是:一种云辅助的物联网环境下可追溯的数据的安全共享方法,包括以下步骤:The technical solution adopted in the present invention is: a method for safely sharing traceable data under a cloud-assisted Internet of Things environment, comprising the following steps:

构建支持身份可追溯的细粒度分布式信息流控制模型,所述支持身份可追溯的细粒度分布式信息流控制模型包括实体、标签、标记、安全环境、安全域、物主标签、分布式权限、安全信息流动规则和支持身份可追溯的安全信息流动规则;Build a fine-grained distributed information flow control model that supports traceable identities. The fine-grained distributed information flow control model that supports traceable identities includes entities, tags, tags, security environments, security domains, owner tags, and distributed permissions. , security information flow rules and security information flow rules that support identity traceability;

基于可信权威中心,数据所有者对数据进行标记并上传云端,同时将数据访问权限委托给可信权威中心管理;Based on the trusted authority center, the data owner marks the data and uploads it to the cloud, and at the same time entrusts the data access authority to the trusted authority center for management;

基于可信权威中心分发的标记和标签,数据用户将收到的标签和标记作为数据请求参数的一部分发送到云端中以请求其所需的数据;Based on the tags and labels distributed by the trusted authority center, data users send the received tags and tags as part of the data request parameters to the cloud to request the data they need;

基于支持身份可追溯的细粒度分布式信息流控制模型的安全信息流动规则,云端对数据用户的数据请求进行数据共享决策;Based on the security information flow rules of the fine-grained distributed information flow control model that supports identity traceability, the cloud makes data sharing decisions on the data requests of data users;

当数据共享决策为真时,可信权威中心对数据用户进行身份核验;When the data sharing decision is true, the trusted authority center verifies the identity of the data user;

当身份核验结果为真时,可信权威中心将数据访问权限授予数据用户,同时云端将数据交付给数据用户。When the identity verification result is true, the trusted authority center grants data access rights to the data user, and the cloud delivers the data to the data user.

进一步,所述支持身份可追溯的细粒度分布式信息流控制模型还包括:实体创建规则、基于特权的标记变化规则和权限授予规则。Further, the fine-grained distributed information flow control model supporting identity traceability further includes: entity creation rules, privilege-based tag change rules, and authority grant rules.

进一步,所述实体创建规则具体如下:Further, the entity creation rules are as follows:

Figure BDA0003828353380000021
Figure BDA0003828353380000021

上式中,

Figure BDA0003828353380000022
表示主体A可以创建实体A′,LX表示机密性标记或完整性标记,tO表示物主标签,LX(A′):=LX(A)表示被创建的实体A′继承了主体A的机密性标记或完整性标记,tO(A′):=tO(A)表示被创建的实体A′继承了主体A的物主标签,
Figure BDA0003828353380000023
表示主体A为其创建的实体A′分配相应的权限。In the above formula,
Figure BDA0003828353380000022
Indicates that subject A can create entity A′, L X represents the confidentiality mark or integrity mark, t O represents the owner label, L X (A′):=L X (A) represents that the created entity A′ inherits the subject A’s confidentiality mark or integrity mark, t O (A′):=t O (A) means that the created entity A’ inherits the owner tag of subject A,
Figure BDA0003828353380000023
Indicates that subject A assigns corresponding permissions to the entity A' it creates.

进一步,所述基于可信权威中心,数据所有者对数据进行标记并上传云端,同时将数据访问权限委托给可信权威中心管理这一步骤,具体包括:Further, based on the trusted authority center, the data owner marks the data and uploads it to the cloud, and at the same time entrusts the data access authority to the trusted authority center for management, which specifically includes:

数据所有者生成共享列表并将其发送给可信权威中心以请求标记;The data owner generates a shared list and sends it to a trusted authority to request labeling;

可信权威中心根据共享列表生成标签并将其分发给数据所有者;The trusted authority center generates tags based on the shared list and distributes them to data owners;

数据所有者在网关中分别使用机密性标记、完整性标记及物主标签标记需要上传的数据;The data owner uses the confidentiality mark, the integrity mark and the owner mark to mark the data to be uploaded in the gateway;

数据所有者将标记的数据上传到云端,同时将数据访问权限委托给可信权威中心管理。The data owner uploads the marked data to the cloud, and at the same time entrusts the data access authority to the trusted authority center for management.

进一步,所述当数据共享决策为真时,可信权威中心对数据用户进行身份核验这一步骤,具体包括:Further, when the data sharing decision is true, the step of verifying the identity of the data user by the trusted authority center specifically includes:

当数据共享决策为真时,云端将数据共享决策反馈至可信权威中心,同时将基于数据所有者和数据用户的物主标签生成的轨迹数据发送到可信权威中心进行存储;When the data sharing decision is true, the cloud will feed back the data sharing decision to the trusted authority center, and at the same time send the trajectory data generated based on the owner tags of the data owner and data user to the trusted authority center for storage;

可信权威中心根据轨迹数据和维护的白名单对数据用户进行身份核验。The trusted authority center verifies the identity of the data user based on the trajectory data and the maintained white list.

进一步,还包括:Further, it also includes:

当数据共享决策为假时,结束数据用户的数据请求,云端将数据共享决策反馈至可信权威中心,同时将基于数据所有者和数据用户的物主标签生成的轨迹数据发送到可信权威中心进行存储。When the data sharing decision is false, the data request of the data user is ended, and the cloud will feed back the data sharing decision to the trusted authority center, and at the same time send the trajectory data generated based on the owner tags of the data owner and data user to the trusted authority center to store.

进一步,所述当身份核验结果为真时,可信权威中心将数据访问权限授予数据用户,同时云端将数据交付给数据用户这一步骤,具体包括:Further, when the identity verification result is true, the trusted authority center grants the data access right to the data user, and at the same time, the cloud delivers the data to the data user, which specifically includes:

当身份核验结果为真时,可信权威中心将数据访问权限授予数据用户,同时将身份核验为真的结果反馈给云端;When the identity verification result is true, the trusted authority center grants data access rights to the data user, and at the same time feeds back the identity verification result to the cloud;

云端根据身份核验为真的结果将数据交付给数据用户;The cloud delivers the data to the data user according to the result of identity verification;

数据用户根据授予的访问权限对数据进行访问。Data users access data according to the granted access rights.

进一步,还包括:Further, it also includes:

当身份核验结果为假时,可信权威中心终止授予数据访问权限,同时将身份核验为假的结果反馈给云端;When the identity verification result is false, the trusted authority center terminates the grant of data access rights, and at the same time feeds back the result of identity verification to the cloud;

云端根据身份核验为假的结果终止数据共享。The cloud terminates data sharing based on the result of the identity verification being false.

进一步,还包括:Further, it also includes:

数据所有者使用其物主标签标记上传的数据;The data owner tags the uploaded data with its owning tag;

数据用户基于其物主标签向云端请求数据;Data users request data from the cloud based on their owner tags;

基于支持身份可追溯的细粒度分布式信息流控制模型的支持身份可追溯的安全信息流动规则,根据物主标签得到数据在主体间的流向。Based on the fine-grained distributed information flow control model that supports identity traceability and the security information flow rules that support identity traceability, the flow of data between subjects is obtained according to the owner label.

进一步,所述支持身份可追溯的安全信息流动规则具体如下:Further, the details of the security information flow rules that support identity traceability are as follows:

Figure BDA0003828353380000031
Figure BDA0003828353380000031

上式中,LS(A)表示主体A的机密性标记,LI(A)表示主体A的完整性标记,LS(B)表示主体B的机密性标记,LI(B)表示主体B的完整性标记,

Figure BDA0003828353380000032
表示安全信息流动规则,A→B表示主体A到主体B的信息流向,tO(A)表示主体A的物主标签,tO(B)表示主体B的物主标签,
Figure BDA0003828353380000041
表示记录信息流动的轨迹数据,
Figure BDA0003828353380000042
表示无论当主体A和主体B间的信息流动是否遵循安全信息流动规则均生成
Figure BDA0003828353380000043
In the above formula, L S (A) represents the confidentiality mark of subject A, L I (A) represents the integrity mark of subject A, L S (B) represents the confidentiality mark of subject B, and L I (B) represents the B's integrity mark,
Figure BDA0003828353380000032
Indicates the security information flow rules, A→B indicates the information flow direction from subject A to subject B, t O (A) indicates the owner label of subject A, t O (B) indicates the owner label of subject B,
Figure BDA0003828353380000041
Represents the track data that records the flow of information,
Figure BDA0003828353380000042
means that no matter when the information flow between subject A and subject B complies with the rules of safe information flow, it will generate
Figure BDA0003828353380000043

本发明方法的有益效果是:本发明首先构建支持身份可追溯的细粒度分布式信息流控制模型;其次数据所有者向可信权威中心请求标签对数据进行标记并上传云端,同时将数据访问权限委托给可信权威中心管理;然后数据用户根据可信权威中心分发的标记和标签作为数据请求参数的一部分发送到云端中以请求其所需的数据;再然后云端基于上述模型的安全信息流动规则做出数据共享决策,判定数据共享决策为真时,可信权威中心对数据用户进行身份核验,进一步,身份核验结果为真时,云端将数据交付给数据用户,实现了数据共享的安全;再进一步,数据所有者使用其物主标签标记上传的数据,数据用户基于其物主标签向云端请求数据,基于上述模型的支持身份可追溯的安全信息流动规则,根据物主标签得到数据在主体间的流向,从而实现数据共享过程中数据用户身份的可追溯。The beneficial effects of the method of the present invention are: firstly, the present invention builds a fine-grained distributed information flow control model that supports identity traceability; secondly, the data owner requests a label from the trusted authority center to mark the data and upload it to the cloud, and at the same time, the data access authority Entrusted to the trusted authority center for management; then data users send to the cloud according to the tags and labels distributed by the trusted authority center as part of the data request parameters to request the data they need; and then the cloud based on the above-mentioned safe information flow rules of the model Make a data sharing decision, and when it is determined that the data sharing decision is true, the trusted authority center will verify the identity of the data user. Further, when the identity verification result is true, the cloud will deliver the data to the data user, realizing the security of data sharing; Furthermore, data owners use their owner tags to mark the uploaded data, and data users request data from the cloud based on their owner tags. Based on the security information flow rules that support identity traceability in the above model, data transfer between subjects is obtained according to the owner tags. In order to realize the traceability of the identity of data users in the process of data sharing.

附图说明Description of drawings

图1是本发明一种云辅助的物联网环境下可追溯的数据的安全共享方法的步骤流程图;Fig. 1 is a flow chart of steps of a method for safe sharing of traceable data under a cloud-assisted Internet of Things environment of the present invention;

图2是本发明具体实施例同一安全域及安全域间信息流动示意图;FIG. 2 is a schematic diagram of the same security domain and information flow between security domains according to a specific embodiment of the present invention;

图3是本发明具体实施例安全的信息流动示意图;Fig. 3 is a schematic diagram of safe information flow in a specific embodiment of the present invention;

图4是本发明具体实施例云辅助的物联网环境下可追溯的数据安全共享流程示意图。FIG. 4 is a schematic diagram of a traceable data security sharing process in a cloud-assisted Internet of Things environment according to a specific embodiment of the present invention.

具体实施方式detailed description

下面结合附图和具体实施例对本发明做进一步的详细说明。对于以下实施例中的步骤编号,其仅为了便于阐述说明而设置,对步骤之间的顺序不做任何限定,实施例中的各步骤的执行顺序均可根据本领域技术人员的理解来进行适应性调整。The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. For the step numbers in the following embodiments, it is only set for the convenience of illustration and description, and the order between the steps is not limited in any way. The execution order of each step in the embodiments can be adapted according to the understanding of those skilled in the art sexual adjustment.

参照图1和图4,本发明提供了一种云辅助的物联网环境下可追溯的数据的安全共享方法,该方法包括以下步骤:With reference to Fig. 1 and Fig. 4, the present invention provides a kind of safe sharing method of traceable data under the Internet of Things environment assisted by the cloud, and this method comprises the following steps:

S1、构建支持身份可追溯的细粒度分布式信息流控制模型;S1. Build a fine-grained distributed information flow control model that supports identity traceability;

具体的,支持身份可追溯的细粒度分布式信息流控制模型包括实体、标签、标记、安全环境、安全域、物主标签、分布式权限、安全信息流动规则、实体创建规则、支持身份可追溯的安全信息流动规则、基于特权的标记变化规则和权限授予规则。Specifically, the fine-grained distributed information flow control model that supports identity traceability includes entities, labels, tags, security environments, security domains, owner tags, distributed permissions, security information flow rules, entity creation rules, and supports identity traceability. Security information flow rules, privilege-based token change rules, and authority grant rules.

其中,实体分为主体和客体,主体表示信息流动的对象,客体表示具体流动的信息,该信息可以是文件或具体数据等;譬如在一个医疗数据共享系统中,患者疾病信息在医生和医疗研究者之间流动共享,则该医生和医疗研究者称为主体,而被共享的数据称之为客体;另外,主体可以根据实际应用需要创建新的主体和改变自身安全环境,其也可以对自己拥有的数据等资源进行安全标记以达到安全性保护的目的。Among them, entities are divided into subject and object. The subject represents the object of information flow, and the object represents the specific flow of information. The information can be files or specific data. If the flow and sharing between the doctors and medical researchers is called the subject, the shared data is called the object; in addition, the subject can create a new subject and change its own security environment according to the actual application needs, and it can also control its own Resources such as owned data are marked securely to achieve the purpose of security protection.

标签与标记,标签(Tag)简写为t,其本身是一个随机生成的一串字符,并没有任何安全性含义,即没有完整性及机密性含义,该标签的大小可以根据安全性需求来自定义设置,如其大小可以是128位,256位及512位等;标记(Label)简写为L,其含义为标签的集合,即t∈L,类似地,标记本身也不具备任何安全性含义,即没有完整性及机密性含义。只有被授予了相应的完整性和机密性特性之后,二者才具备对应的安全性含义;当一个标记L被授予了机密性特性,此实施例模型将其表示为LS,其中“S”意为机密性;当一个标签t被授予了机密性特性,此实施例模型将其表示为tS。类似地,LI表示完整性标记,tI表示完整性标签。Tags and tags, the tag (Tag) is abbreviated as t, which itself is a randomly generated string of characters, without any security meaning, that is, without integrity and confidentiality meaning, the size of the tag can be customized according to security requirements For example, its size can be 128 bits, 256 bits, and 512 bits, etc.; Label (Label) is abbreviated as L, which means a collection of labels, that is, t∈L. Similarly, the label itself does not have any security meaning, that is, Has no integrity and confidentiality implications. Only after being granted the corresponding integrity and confidentiality characteristics, the two have corresponding security meanings; when a label L is granted the confidentiality characteristics, this embodiment model expresses it as L S , where "S" means confidentiality; when a tag t is granted the confidentiality property, this embodiment model denote it as t S . Similarly, L I represents an integrity label, and t I represents an integrity label.

安全环境,每个主体的安全环境由该主体的机密性标记和完整性标记组成,在其安全环境中,该主体可以使用自身拥有的安全权限来改变其安全环境。Security environment. The security environment of each subject is composed of the subject's confidentiality mark and integrity mark. In its security environment, the subject can use its own security authority to change its security environment.

安全域,安全域指的是客体所处的安全环境,同一个安全域中可以存在一个或多个安全环境相同的主体;值得注意的是,不同安全域拥有不同的安全策略和限制,主要表现为机密性限制和完整性限制两方面;在此实施例模型中,客体只能在同一个安全域中流动或者从低安全域流向高安全域,其中低安全域指的是拥有低机密性和高完整性的安全域,高安全域指的是拥有高机密性和低完整性的安全域;常规情形下,客体在安全域或安全域间的流动严格遵循“禁止向上读,禁止向下写”的规则。Security domain, security domain refers to the security environment where the object is located, one or more subjects with the same security environment can exist in the same security domain; it is worth noting that different security domains have different security policies and restrictions, the main performance Confidentiality restrictions and integrity restrictions; in this embodiment model, objects can only flow in the same security domain or flow from a low security domain to a high security domain, where a low security domain refers to a domain with low confidentiality and A high-integrity security domain, a high-security domain refers to a security domain with high confidentiality and low integrity; under normal circumstances, the flow of objects in a security domain or between security domains strictly follows the "no reading up, writing down "the rule of.

其中,客体在安全域或安全域间的流动如图2所示,安全域1、安全域2及安全域3的安全限制表现为递增关系,实线箭头表明的允许的信息流动,虚线箭头所指为禁止的信息流动;图2表明,允许的信息流动有6种,分别为安全域1流向安全域2的信息流动,安全域1流向安全域3的信息流动,安全域2流向安全域3的信息流动及3个安全域各自中的信息流动。Among them, the flow of objects in security domains or between security domains is shown in Figure 2. The security restrictions of security domain 1, security domain 2, and security domain 3 show an increasing relationship. Refers to the prohibited information flow; Figure 2 shows that there are 6 types of allowed information flow, namely the information flow from security domain 1 to security domain 2, the information flow from security domain 1 to security domain 3, and the information flow from security domain 2 to security domain 3 and the information flow in each of the three security domains.

物主标签,物主标签表示为tO,其用来标识一个客体的物主,即该信息的所有者,该标签在此实施例模型中主要有两方面作用:其一,为用来指示客体在主体之间的流向,即某个客体从一个主体流向另一个主体的流向,譬如对于主体A来说,其物主标签表示为tO(A),对于主体B来说,其物主标签表示为tO(B),那么关于客体在主体A和主体B之间的流动,此实施例模型将其表示为A→B,相应地,基于物主标签记录的客体流向表示为tO(A)→tO(B);其二,物主标签用于揭露主体的身份信息,因为在此实施例模型中,物主标签指示的是客体的身份信息,当需要揭露客体的身份信息的时候只需通过对物主标签的查询即可揭露相应的客体身份,如在上述的流向tO(A)→tO(B)中,当需要知道客体在哪两个主体之间进行了传播,则只需要对tO(A)和tO(B)进行查询或者计算便可确定对应的主体A和主体B的身份,进而实现了信息在流动过程中的可追溯。Owner tag, the owner tag is denoted as t O , which is used to identify the owner of an object, that is, the owner of the information. The flow direction of objects between subjects, that is, the flow direction of an object from one subject to another. For example, for subject A, its owner tag is expressed as t O (A), and for subject B, its owner The label is denoted as t O (B), then the flow of the object between subject A and subject B is expressed as A→B in this embodiment model, and correspondingly, the flow direction of the object based on the owner label record is denoted as t O (A)→t O (B); Second, the owner tag is used to reveal the identity information of the subject, because in this embodiment model, the owner tag indicates the identity information of the object, when the identity information of the object needs to be revealed When , you only need to query the owner tag to reveal the corresponding object identity. For example, in the above-mentioned flow direction t O (A) → t O (B), when you need to know which two subjects the object is In order to disseminate, you only need to query or calculate t O (A) and t O (B) to determine the identity of the corresponding subject A and subject B, and then realize the traceability of information in the process of flow.

分布式权限,特权(Privilege)简写为P,其表示对标记操作的能力,即对标记添加或者删除标签的能力;例如,对于一个主体A来说,其具备对其机密性标记添加机密性标签的能力,此实施例模型将其表示为

Figure BDA0003828353380000061
相应地,
Figure BDA0003828353380000062
表示主体A自身具备移除其机密性标记上机密性标签的能力;类似地,
Figure BDA0003828353380000063
Figure BDA0003828353380000064
分别表示主体A具备对其完整性标记的标签添加和删除能力;此实施例模型中,每个主体均具备对其标记的相应操作权限。Distributed permissions, Privilege is abbreviated as P, which represents the ability to operate on tags, that is, the ability to add or delete tags to tags; for example, for a subject A, it has the ability to add confidentiality tags to its confidentiality tags capability, this example model expresses it as
Figure BDA0003828353380000061
Correspondingly,
Figure BDA0003828353380000062
Indicates that subject A itself has the ability to remove the confidentiality label on its confidentiality label; similarly,
Figure BDA0003828353380000063
and
Figure BDA0003828353380000064
Respectively indicate that the subject A has the ability to add and delete labels for its integrity marks; in the model of this embodiment, each subject has the corresponding operation authority for its marks.

安全信息流动规则,此实施例模型将信息从主体A流向主体B的信息流动表示为A→B,当且仅当满足以下规则时候,该信息流动是安全的。Security information flow rules, the model of this embodiment expresses the information flow from subject A to subject B as A→B, if and only when the following rules are satisfied, the information flow is safe.

Figure BDA0003828353380000065
Figure BDA0003828353380000065

上述规则从机密性和完整性两方面同时限制了信息的流动,其中主体A和主体B客体的机密性关系严格限制了信息的流出,而客体间完整性标记间的关系严格限制了信息的流入,当且仅当同时满足机密性标记间及完整性标记间的关系时,信息流动A→B是被允许且安全的;反之,则禁止信息流动。The above rules restrict the flow of information from two aspects of confidentiality and integrity at the same time. The confidentiality relationship between subject A and subject B strictly restricts the outflow of information, and the relationship between integrity marks between objects strictly restricts the inflow of information. , if and only if the relationship between the confidentiality tags and the integrity tags is satisfied at the same time, the information flow A→B is allowed and safe; otherwise, the information flow is prohibited.

如图3所示,LS(A)={tS1}及LI(A)={tI1,tI2,tI3}分别为主体A的机密性标记和完整性标记,LS(B)={tS1,tS2,tS3}及LI(B)={tI1}分别表示主体B的机密性标记和完整性标记,实线箭头表示允许且安全的信息流动,即从主体A到主体B的信息流向,虚线箭头为禁止的信息流向,即从主体B到主体A的信息流向;根据两个主体的机密性标记及完整性标记可知,信息从主体A到主体B的流向标记严格遵循了安全信息流动规则,因此该方向上的信息流动是允许且安全的。As shown in Figure 3, L S (A)={t S1 } and L I (A)={t I1 ,t I2 ,t I3 } are the confidentiality mark and integrity mark of subject A respectively, and L S (B )={t S1 ,t S2 ,t S3 } and L I (B)={t I1 } represent the confidentiality mark and integrity mark of subject B respectively, and the solid arrow represents the allowed and safe flow of information, that is, from the subject The information flow direction from A to subject B, the dotted arrow is the forbidden information flow direction, that is, the information flow direction from subject B to subject A; according to the confidentiality mark and integrity mark of the two subjects, the flow direction of information from subject A to subject B The flag strictly follows the safe information flow rules, so the information flow in this direction is allowed and safe.

实体创建规则,此实施例模型中,根据实际情况主体可以创建一个新的实体,如果主体A可以创建实体A′,表示为

Figure BDA0003828353380000066
相应的实体创建规则如下:Entity creation rules, in this embodiment model, the subject can create a new entity according to the actual situation, if subject A can create entity A', expressed as
Figure BDA0003828353380000066
The corresponding entity creation rules are as follows:

Figure BDA0003828353380000067
Figure BDA0003828353380000067

上式中,LX表示机密性标记或完整性标记,tO表示物主标签,LX(A′):=LX(A)表示被创建的实体A′继承了主体A的机密性标记或完整性标记,tO(A′):=tO(A)表示被创建的实体A′继承了主体A的物主标签,

Figure BDA0003828353380000071
表示主体A为其创建的实体A′分配相应的权限。In the above formula, L X represents the confidentiality mark or integrity mark, t O represents the owner label, L X (A′):=L X (A) means that the created entity A’ inherits the confidentiality mark of subject A or integrity mark, t O (A′):=t O (A) indicates that the created entity A′ inherits the owner label of subject A,
Figure BDA0003828353380000071
Indicates that subject A assigns corresponding permissions to the entity A' it creates.

支持身份可追溯的安全信息流动规则,上述安全的信息流动规则从机密性和完整性两方面严格限制了信息的流出与流入,以此确保信息从主体A流向主体B的安全性及合法性。但是,从可问责或可追溯方面来说,上述安全的信息流动规则并不能满足该安全性要求,故通过引入物主标签以实现身份可追溯特性;因此,针对主体A与主体B之间的信息流动,制定了以下支持身份可追溯的安全信息流动规则:Support traceable security information flow rules. The above-mentioned safe information flow rules strictly limit the outflow and inflow of information in terms of confidentiality and integrity, so as to ensure the security and legitimacy of information flow from subject A to subject B. However, from the perspective of accountability or traceability, the above-mentioned safe information flow rules cannot meet the security requirements, so the identity traceability is realized by introducing the owner tag; therefore, for the The following information flow rules are formulated to support the traceability of identities:

Figure BDA0003828353380000072
Figure BDA0003828353380000072

上式中,LS(A)表示主体A的机密性标记,LI(A)表示主体A的完整性标记,LS(B)表示主体B的机密性标记,LI(B)表示主体B的完整性标记,A→B表示主体A到主体B的信息流向,tO(A)表示主体A的物主标签,tO(B)表示主体B的物主标签。In the above formula, L S (A) represents the confidentiality mark of subject A, L I (A) represents the integrity mark of subject A, L S (B) represents the confidentiality mark of subject B, and L I (B) represents the The integrity mark of B, A→B indicates the information flow direction from subject A to subject B, t O (A) indicates the owner label of subject A, and t O (B) indicates the owner label of subject B.

该规则包含左右两部分,左边

Figure BDA0003828353380000073
表示安全信息流动规则,右边
Figure BDA0003828353380000074
表示记录信息流动的轨迹数据,
Figure BDA0003828353380000075
表示无论当主体A和主体B间的信息流动是否遵循安全信息流动规则
Figure BDA0003828353380000076
均生成
Figure BDA0003828353380000077
The rule consists of left and right parts, the left
Figure BDA0003828353380000073
Indicates safe information flow rules, right
Figure BDA0003828353380000074
Represents the track data that records the flow of information,
Figure BDA0003828353380000075
Indicates whether the information flow between subject A and subject B follows the security information flow rules
Figure BDA0003828353380000076
are generated
Figure BDA0003828353380000077

基于特权的标记变化规则,当主体对其自身标记执行标签添加或删除操作时,显然地,其标记会发生变化,此实施例模型将这个过程表示为

Figure BDA0003828353380000078
意为标记从LX变化为L′X,其中X可以为S或I,S表示机密性,I表示完整性;则
Figure BDA0003828353380000079
表示机密性标记的变化,
Figure BDA00038283533800000710
表示完整性标记的变化;对于一个主体来说,对标记执行添加或删除标签操作需要具备相应的特权,基于此制定了以下基于特权的安全标记变化规则:Based on the privileged label change rule, when the subject performs label addition or deletion operations on its own label, obviously, its label will change. This embodiment model expresses this process as
Figure BDA0003828353380000078
It means that the label changes from L X to L′ X , where X can be S or I, S means confidentiality, and I means integrity; then
Figure BDA0003828353380000079
Indicates a change in the confidentiality flag,
Figure BDA00038283533800000710
Indicates the change of the integrity tag; for a subject, the operation of adding or deleting tags on the tag requires corresponding privileges, based on this, the following privilege-based security tag change rules are formulated:

Figure BDA00038283533800000711
Figure BDA00038283533800000711

上式中,X可以是S或者I。In the above formula, X can be S or I.

在上述支持身份可追溯的安全信息流动规则中,对于主体A,其对自身不论机密性标记或者完整性标记执行标签添加需要遵循

Figure BDA00038283533800000712
规则,即当主体A拥有权限
Figure BDA0003828353380000081
时,才可在其现有的标记上添加相应标签t,使得其标记从LX(A)安全地变化到L′X(A);类似地,对于主体A,其对自身不论机密性标记或者完整性标记执行标签删除操作需要遵循
Figure BDA0003828353380000082
规则,即当主体A拥有权限
Figure BDA0003828353380000083
时,才能从其现有标记上删除相应标签t,使得其标记从LX(A)安全地变化到L′X(A)。In the above-mentioned security information flow rules that support identity traceability, for subject A, it needs to follow
Figure BDA00038283533800000712
rule, that is, when subject A has permission
Figure BDA0003828353380000081
Only when the corresponding label t can be added to its existing label, so that its label can be safely changed from L X (A) to L′ X (A); similarly, for subject A, it does not care about the confidentiality label or integrity flags to perform tag removal operations need to follow
Figure BDA0003828353380000082
rule, that is, when subject A has permission
Figure BDA0003828353380000083
, the corresponding label t can be deleted from its existing label, so that its label can safely change from L X (A) to L′ X (A).

权限授予规则,当且仅当一个实体(如实体E)拥有对其标记的所有权时,该实体能安全地向其他实体授予其权限,即当

Figure BDA0003828353380000084
其中X表示S和I,实体E对其他授权是安全的。Permission granting rules, if and only if an entity (such as entity E) has the ownership of its token, the entity can safely grant its permission to other entities, that is, when
Figure BDA0003828353380000084
where X denotes S and I, and entity E is secure to other authorizations.

S2、基于可信权威中心,数据所有者对数据进行标记并上传云端,同时将数据访问权限委托给可信权威中心管理;S2. Based on the trusted authority center, the data owner marks the data and uploads it to the cloud, and at the same time entrusts the data access authority to the trusted authority center for management;

具体的,数据所有者需在可信权威中心注册以合法请求标签来标记数据;数据所有者由物联网设备及相应物联网网关组成;物联网设备泛指物联网传感器及具数据收集功能的设备等,主要负责从现实物理世界搜集原始数据,并将该原始数据传输到物联网网关中;该网关结合数据信息及数据所有者生成的共享列表首先向可信权威中心请求机密性标记、完整性标记及物主标签;然后可信权威中心根据共享列表生成标签并将其分发给数据所有者;再然后数据所有者在网关中分别使用机密性标记、完整性标记及物主标签标记需要上传的数据;同时,数据所有者将数据访问权限委托给可信权威中心来管理并将标记的数据上传到云端。Specifically, the data owner needs to register with the trusted authority center to legally request tags to mark the data; the data owner is composed of IoT devices and corresponding IoT gateways; IoT devices generally refer to IoT sensors and devices with data collection functions etc., are mainly responsible for collecting raw data from the real physical world, and transmitting the raw data to the IoT gateway; the gateway first requests the confidentiality mark, integrity tag and owner tag; then the trusted authority center generates tags based on the shared list and distributes them to the data owner; then the data owner uses the confidentiality tag, integrity tag, and owner tag in the gateway to mark the files that need to be uploaded. At the same time, the data owner entrusts the data access authority to the trusted authority center to manage and upload the marked data to the cloud.

其中,数据所有者发布的共享列表主要包含了数据所有者愿意与之共享数据的数据用户的属性信息。Wherein, the sharing list released by the data owner mainly includes the attribute information of the data users with whom the data owner is willing to share data.

可信权威中心主要负责为参与者分配唯一的身份标识(ID)、标记的计算和分发、数据访问权限的托管、合法白名单的维护及轨迹数据安全存储,其是一个被其它参与者完全信任的实体;合法白名单的维护是指维护一个包含合法用户的安全且受信任的白名单列表。The trusted authority center is mainly responsible for assigning unique IDs to participants, calculating and distributing tags, hosting data access rights, maintaining legal whitelists, and securely storing track data. entity; the maintenance of the legitimate whitelist refers to maintaining a safe and trusted whitelist containing legitimate users.

云端主要用于存储数据所有者上传的数据、执行安全信息流规则及数据交付,这里所说的数据交付指的是将数据用户请求的数据交付给该用户。The cloud is mainly used to store data uploaded by data owners, implement security information flow rules, and deliver data. The data delivery mentioned here refers to delivering the data requested by the data user to the user.

S3、基于可信权威中心分发的标记和标签,数据用户将收到的标签和标记作为数据请求参数的一部分发送到云端中以请求其所需的数据;S3. Based on the tags and labels distributed by the trusted authority center, data users send the received tags and tags as part of the data request parameters to the cloud to request the data they need;

具体的,当请求数据的时候,数据用户首先在可信权威中心进行注册以合法请求数据,可信权威中心根据数据用户注册时提供的属性信息计算机密性标记、完整性标记及物主标签并将这些标签分发给数据用户,数据用户将接收的标签及标记作为数据请求参数的一部分发送到云中以请求其所需的数据。Specifically, when requesting data, the data user first registers with the trusted authority center to legally request the data, and the trusted authority center calculates the confidentiality mark, integrity mark, and owner label based on the attribute information provided by the data user when registering and These tags are distributed to data users, and data users send the received tags and tags as part of the data request parameters to the cloud to request the data they need.

其中,数据用户为数据请求者。Among them, the data user is the data requester.

S4、基于支持身份可追溯的细粒度分布式信息流控制模型的安全信息流动规则,云端对数据用户的数据请求进行数据共享决策;S4. Based on the security information flow rules of the fine-grained distributed information flow control model that supports identity traceability, the cloud makes data sharing decisions on the data requests of data users;

具体的,云端首先执行安全信息流动规则以决定是否将数据共享给该数据请求者。Specifically, the cloud first executes the security information flow rules to decide whether to share the data with the data requester.

另,云端执行安全信息流动规则的结果是布尔类型,其值分别为真和假,但是无论数据共享决策是真还是假,云端均将基于数据所有者及数据用户的物主标签生成的轨迹数据存储到可信权威中心。In addition, the result of the cloud executing the security information flow rules is a Boolean type, whose values are true and false respectively, but no matter whether the data sharing decision is true or false, the cloud will generate trajectory data based on the owner tags of the data owner and data user Stored in a trusted authority center.

S5、当数据共享决策为真时,可信权威中心对数据用户进行身份核验;S5. When the data sharing decision is true, the trusted authority center verifies the identity of the data user;

具体的,当安全信息流动规则执行结果为真的时候,即数据共享决策为真,云端将数据共享决策反馈至可信权威中心,同时将基于数据所有者和数据用户的物主标签生成的轨迹数据发送到可信权威中心进行存储;可信权威中心根据轨迹数据和维护的白名单对数据用户进行身份核验。Specifically, when the execution result of the security information flow rule is true, that is, the data sharing decision is true, the cloud will feed back the data sharing decision to the trusted authority center, and at the same time, the trajectory generated based on the owner tags of the data owner and data user The data is sent to the trusted authority center for storage; the trusted authority center verifies the identity of the data user according to the trajectory data and the maintained white list.

但是,当安全信息流动规则执行结果为假的时候,即数据共享决策为假,结束数据用户的数据请求,云端将数据共享决策反馈至可信权威中心,同时将基于数据所有者和数据用户的物主标签生成的轨迹数据发送到可信权威中心进行存储。However, when the execution result of the security information flow rule is false, that is, the data sharing decision is false, and the data request of the data user is ended, the cloud will feed back the data sharing decision to the trusted authority center, and at the same time, based on the data owner and data user's The trajectory data generated by the owner tag is sent to the trusted authority center for storage.

S6、当身份核验结果为真时,可信权威中心将数据访问权限授予数据用户,同时云端将数据交付给数据用户。S6. When the identity verification result is true, the trusted authority center grants the data access authority to the data user, and at the same time, the cloud delivers the data to the data user.

具体的,当身份核验结果为真时,可信权威中心将数据访问权限授予数据用户,同时将身份核验为真的结果反馈给云端;云端根据身份核验为真的结果将数据交付给数据用户;数据用户根据授予的访问权限对数据进行访问。Specifically, when the identity verification result is true, the trusted authority center grants the data access authority to the data user, and at the same time feeds back the identity verification result to the cloud; the cloud delivers the data to the data user according to the identity verification result; Data users access data according to the granted access rights.

但是,当身份核验结果为假时,可信权威中心终止授予权限,同时将身份核验为假的结果反馈给云端;云端根据身份核验为假的结果终止数据共享。However, when the identity verification result is false, the trusted authority center terminates the authorization and at the same time feeds back the false identity verification result to the cloud; the cloud terminates data sharing based on the false identity verification result.

因此,通过上述方法,数据所有者、数据用户、云端及可信权威中心可实现数据在共享过程中的机密性和完整性保护,并且可抵御合谋攻击及支持数据流向的可追溯即可跟踪数据请求者身份信息。Therefore, through the above method, data owners, data users, cloud and trusted authority centers can realize the confidentiality and integrity protection of data in the sharing process, and can resist collusion attacks and support traceability of data flow, that is, data can be tracked Requester identity information.

进一步作为本方法优选实施例,还包括数据所有者使用其物主标签标记上传的数据,数据用户基于其物主标签向云端请求数据,基于支持身份可追溯的细粒度分布式信息流控制模型的支持身份可追溯的安全信息流动规则,通过查询物主标签及轨迹数据即可追溯数据用户的身份。As a further preferred embodiment of this method, it also includes that the data owner uses its owner tag to mark the uploaded data, and the data user requests data from the cloud based on the owner tag, based on the fine-grained distributed information flow control model that supports identity traceability Supports security information flow rules with traceable identities, and the identity of data users can be traced by querying owner tags and track data.

本发明的有益效果具体包括:The beneficial effects of the present invention specifically include:

1)数据机密性,在数据共享过程中,云端中存储的数据所有者上传的数据不能被未授权的用户访问,其中未授权的用户包括了诚实但好奇的云端。1) Data confidentiality. During the data sharing process, the data uploaded by the data owner stored in the cloud cannot be accessed by unauthorized users, including the honest but curious cloud.

2)数据完整性,在数据共享过程中,被标记的数据的内容不能被未授权的实体破坏。2) Data integrity, during the data sharing process, the content of the marked data cannot be destroyed by unauthorized entities.

3)身份可追溯,当数据被恶意请求或访问时候,可信权威中心能及时揭露发起该请求或访问操作的用户身份ID。3) The identity can be traced. When the data is requested or accessed maliciously, the trusted authority center can promptly disclose the ID of the user who initiated the request or access operation.

以上是对本发明的较佳实施进行了具体说明,但本发明创造并不限于所述实施例,熟悉本领域的技术人员在不违背本发明精神的前提下还可做作出种种的等同变形或替换,这些等同的变形或替换均包含在本申请权利要求所限定的范围内。The above is a specific description of the preferred implementation of the present invention, but the invention is not limited to the described embodiments, and those skilled in the art can also make various equivalent deformations or replacements without violating the spirit of the present invention. , these equivalent modifications or replacements are all within the scope defined by the claims of the present application.

Claims (10)

1. A safe sharing method of traceable data under the environment of a cloud-assisted Internet of things is characterized by comprising the following steps:
constructing a fine-grained distributed information flow control model supporting identity traceability, wherein the fine-grained distributed information flow control model supporting identity traceability comprises an entity, a label, a mark, a security environment, a security domain, an owner label, a distributed authority, a security information flow rule and a security information flow rule supporting identity traceability;
based on the trusted authority center, the data owner marks the data and uploads the data to the cloud, and meanwhile, the data access authority is delegated to the trusted authority center for management;
based on the label and the label distributed by the trusted authority center, the data user sends the received label and the label to the cloud end as a part of data request parameters to request the required data;
based on a safety information flow rule of a fine-grained distributed information flow control model supporting identity traceability, a cloud carries out a data sharing decision on a data request of a data user;
when the data sharing decision is true, the trusted authority center checks the identity of the data user;
and when the identity verification result is true, the trusted authority center grants the data access authority to the data user, and meanwhile, the cloud delivers the data to the data user.
2. The method for secure sharing of traceable data in a cloud-assisted internet of things environment according to claim 1, wherein the fine-grained distributed information flow control model supporting identity traceability further comprises: entity creation rules, privilege-based flag change rules, and permission grant rules.
3. The method for safely sharing the traceable data in the cloud-assisted internet of things environment according to claim 2, wherein the entity creation rule is specifically as follows:
Figure FDA0003828353370000011
in the above formula, the first and second carbon atoms are,
Figure FDA0003828353370000013
the presentation agent A may create an entity A', L X Indicating a confidentiality or integrity marker, t O Denotes an owner label, L X (A′):=L X (A) Indicating that the entity A' being created inherits the confidentiality flag or the integrity flag of the subject A, t O (A′):=t O (A) Indicating that the created entity a' inherits the owner label of the subject a,
Figure FDA0003828353370000012
indicating that the entity a' for which the agent a created assigns corresponding rights.
4. The method for safely sharing the traceable data in the cloud-assisted internet-of-things environment according to claim 1, wherein the step of, based on the trusted authority center, a data owner marking and uploading the data to a cloud and delegating a data access right to the trusted authority center for management comprises:
the data owner generates a sharing list and sends the sharing list to the trusted authority center to request marking;
the trusted authority center generates a label according to the sharing list and distributes the label to the data owner;
a data owner marks data to be uploaded in a gateway by using a confidentiality mark, an integrity mark and an owner label respectively;
and uploading the marked data to the cloud end by the data owner, and delegating the data access authority to a trusted authority center for management.
5. The method for securely sharing traceable data in a cloud-assisted internet of things environment according to claim 1, wherein the step of verifying the identity of the data user by the trusted authority center when the data sharing decision is true specifically comprises:
when the data sharing decision is true, the cloud end feeds the data sharing decision back to the trusted authority center, and meanwhile, the track data generated based on the owner labels of the data owner and the data user are sent to the trusted authority center to be stored;
and the trusted authority center performs identity verification on the data user according to the track data and the maintained white list.
6. The method for secure sharing of traceable data in a cloud-assisted internet of things environment according to claim 5, further comprising:
and when the data sharing decision is false, finishing the data request of the data user, feeding the data sharing decision back to the trusted authority center by the cloud, and simultaneously sending the track data generated based on the owner labels of the data owner and the data user to the trusted authority center for storage.
7. The method according to claim 1, wherein the step of granting the data access right to the data user by the trusted authority center and delivering the data to the data user by the cloud end when the identity verification result is true includes:
when the identity verification result is true, the trusted authority center grants the data access authority to the data user, and meanwhile, the identity verification result is fed back to the cloud end;
the cloud delivers the data to the data user according to the result that the identity verification is true;
and the data user accesses the data according to the granted access authority.
8. The method for secure sharing of traceable data in a cloud-assisted internet of things environment according to claim 7, further comprising:
when the identity verification result is false, the trusted authority center stops granting the data access authority, and meanwhile, the result that the identity verification is false is fed back to the cloud end;
and the cloud end terminates the data sharing according to the result that the identity verification is false.
9. The method for secure sharing of traceable data in a cloud-assisted internet of things environment according to claim 1, further comprising:
the data owner marks the uploaded data by using the owner label;
the data user requests data from the cloud based on the owner tag;
and obtaining the flow direction of the data among the main bodies according to the owner label based on the identity traceability supporting safety information flow rule of the identity traceability supporting fine-grained distributed information flow control model.
10. The method according to claim 9, wherein the identity traceability supporting security information flow rule is specifically as follows:
Figure FDA0003828353370000031
in the above formula, L S (A) A confidentiality flag, L, indicating the subject A I (A) An integrity flag, L, representing the subject A S (B) Confidentiality flag, L, indicating subject B I (B0 represents the integrity flag of the body B,
Figure FDA0003828353370000032
denotes a safety information flow rule, A → B denotes an information flow direction from the body A to the body B, t O (A) Owner label, t, representing a subject A O (B) An owner label representing the body B,
Figure FDA0003828353370000033
track data indicating the flow of the recorded information,
Figure FDA0003828353370000034
indicating that the information flow between the agent A and the agent B is generated regardless of whether the information flow between the agent A and the agent B follows the safety information flow rule
Figure FDA0003828353370000035
CN202211067416.6A 2022-09-01 2022-09-01 A method for secure sharing of traceable data in a cloud-assisted Internet of Things environment Pending CN115514536A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211067416.6A CN115514536A (en) 2022-09-01 2022-09-01 A method for secure sharing of traceable data in a cloud-assisted Internet of Things environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211067416.6A CN115514536A (en) 2022-09-01 2022-09-01 A method for secure sharing of traceable data in a cloud-assisted Internet of Things environment

Publications (1)

Publication Number Publication Date
CN115514536A true CN115514536A (en) 2022-12-23

Family

ID=84502914

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211067416.6A Pending CN115514536A (en) 2022-09-01 2022-09-01 A method for secure sharing of traceable data in a cloud-assisted Internet of Things environment

Country Status (1)

Country Link
CN (1) CN115514536A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115934774A (en) * 2023-02-20 2023-04-07 成都天用唯勤科技股份有限公司 Flow control method, engine and medium for high-concurrency multi-dimensional distributed transaction system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110990858A (en) * 2019-12-11 2020-04-10 中山大学 A cross-cloud resource sharing system and method based on distributed information flow control
WO2022086616A1 (en) * 2020-10-22 2022-04-28 Microsoft Technology Licensing, Llc Data provenance tracking service

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110990858A (en) * 2019-12-11 2020-04-10 中山大学 A cross-cloud resource sharing system and method based on distributed information flow control
WO2022086616A1 (en) * 2020-10-22 2022-04-28 Microsoft Technology Licensing, Llc Data provenance tracking service

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JINTIAN LU等: "DIFCS: A Secure Cloud Data Sharing Approach Based on Decentralized Information Flow Control", 《COMPUTERS & SECURITY》, 11 March 2022 (2022-03-11), pages 1 - 17 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115934774A (en) * 2023-02-20 2023-04-07 成都天用唯勤科技股份有限公司 Flow control method, engine and medium for high-concurrency multi-dimensional distributed transaction system
CN115934774B (en) * 2023-02-20 2023-05-26 成都天用唯勤科技股份有限公司 High-concurrency multi-dimensional distributed transaction system flow control method, engine and medium

Similar Documents

Publication Publication Date Title
Zhu et al. Digital asset management with distributed permission over blockchain and attribute-based access control
US7827156B2 (en) Issuing a digital rights management (DRM) license for content based on cross-forest directory information
US6990502B2 (en) Reviewing cached user-group information in connection with issuing a digital rights management (DRM) license for content
JP4769304B2 (en) Operating system independent data management
US20240129124A1 (en) System for Improving Data Security
CN100490387C (en) Token-based fine granularity access control system and method for application server
CN116708037B (en) Cloud platform access right control method and system
EP3161704B1 (en) Composite document access
US11657181B2 (en) System for improving data security through key management
CN110809006A (en) A blockchain-based IoT access control architecture and method
CN109995791B (en) A data authorization method and system
KR101393159B1 (en) Method and apparatus for controlling access based on key in social network service
CN112565453A (en) Block chain access control strategy model and strategy protection scheme under Internet of things
WO2023179750A1 (en) Data processing method, system, device, and storage medium
CN1633085A (en) An access control method based on mapping between non-hierarchical roles
Zaghloul et al. $ d $ d-MABE: Distributed Multilevel Attribute-Based EMR Management and Applications
CN115514536A (en) A method for secure sharing of traceable data in a cloud-assisted Internet of Things environment
CN103581200B (en) A kind of realize the method and system that between multilevel security territory, structured document quickly circulates
Morelli et al. Audit-based access control with a distributed ledger: Applications to healthcare organizations
Zhang et al. Blockchain-based access control for dynamic device management in microgrid
CN114844702A (en) Access control method based on policy review and authorization extension
Liu et al. A Blockchain‐Based Personal Health Record System for Emergency Situation
CN115118465B (en) Cloud edge end cooperative zero trust access control method and system based on trusted label
EP4099203B1 (en) Data distribution management apparatus, data distribution management method, and program
Dhillon et al. Internet of Things attacks and countermeasure access control techniques: a review

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination