| Summary: | 碩士 === 淡江大學 === 資訊管理學系碩士班 === 104 === This study proposes a basic mandatory access control in cloud hierarchical structure. It considers not only user''s secret level higher than that of file but also the hierarchy levels that users belong to. In the proposed system, Key Derivation Center (KDC) was used for making the first initial private keys generation and their distribution for each group. After that, a table called RAI (Relation-And-ID) associated with related parameters is open. Users can used RAI and hash function to derive the keys that been authorized.
The user are authorized by the two levels of secret attributes(naming the user level and the group hierarchy) . This study proposes a mandatory access control for organization of hierarchical structure, delivers a much fast operation in cloud hierarchical organization, and affects less parameters when the hierarchical structure changes. The proposed mechanism is also compared with AKL, Lo-Hwang-Liu, and Chia-Hsun Tsai. Besides differences in dealing with the comparison among the parameters, the procedure, and the various hierarchical structures, our mechanism use the hash function as a core calculation, while the other three researches use the modular exponentiation operation. As indicated in (BruceSchneier ,1986), hash function, in the same security level, is faster than modular exponentiation operation by thousands of times. Therefore, our system can attains both a fast hierarchical authorized and basic mandatory access control to secure the authorized information in most business organization.
|
|---|
