| 摘要: | 本論文將基礎的強制型存取控制機制,推展到雲端企業階層式組織型態中。不只資源取用者機密等級要高,而且取用者在階層式組織中也要高於被取用資源。以一個金鑰轉換中心(KDC)做為初始各個階層與使用者的金鑰分配,並公布組織結構表,之後各個使用者便可藉由組織結構表與雜湊運算的方式進行機密等級與階層式授權金鑰的快速推導。
被授權者必須從兩個層次的機密屬性中得到最後的解密金鑰完成授權。本論文提出一個強化強制型存取控制(MACH)機制,擁有速度極快、強制型與階層式的保護、結構變化少的優點。我們將會與AKL, Lo-Hwang-Liu和蔡佳勳等學者的機制進行比較,我們的機制使用雜湊運算與其他學者所使用的模指數運算在相同安全等級的運算過程中速度差距可達數千倍(BruceSchneier, 1986),以快速的階層授權結合基礎的強制型存取控制來對企業組織的內部完成資訊分級授權。
This study proposes a basic mandatory access control in cloud hierarchical structure. It considers not only user''s secret level higher than that of file but also the hierarchy levels that users belong to. In the proposed system, Key Derivation Center (KDC) was used for making the first initial private keys generation and their distribution for each group. After that, a table called RAI (Relation-And-ID) associated with related parameters is open. Users can used RAI and hash function to derive the keys that been authorized.
The user are authorized by the two levels of secret attributes(naming the user level and the group hierarchy) . This study proposes a mandatory access control for organization of hierarchical structure, delivers a much fast operation in cloud hierarchical organization, and affects less parameters when the hierarchical structure changes. The proposed mechanism is also compared with AKL, Lo-Hwang-Liu, and Chia-Hsun Tsai. Besides differences in dealing with the comparison among the parameters, the procedure, and the various hierarchical structures, our mechanism use the hash function as a core calculation, while the other three researches use the modular exponentiation operation. As indicated in (BruceSchneier, 1986), hash function, in the same security level, is faster than modular exponentiation operation by thousands of times. Therefore, our system can attains both a fast hierarchical authorized and basic mandatory access control to secure the authorized information in most business organization. |
