A new access control scheme based on protection of sensitive attributes

摘要

Based on IBE/ABE's Web security technology, an improved ABE scheme is proposed in this paper, which can represent any key by using "and", "or" logic and the threshold monotony of the access rules. In order to resist the collusion attack, multiple users use a combination of their keys to decrypt the ciphertext, it virtually eliminates the possibility of a conspiracy to know the key. In hidden the ABE certificate extended model, since each user only has a certificate, it needs only one chance to decrypt the information; it increases the efficiency of the system Because XACML model lacks protection of sensitive attribute and sensitive strategy, hidden credentials technology is used to extend the attribute-based access control model to provide both the cross protection of sensitive attributes and strategies to achieve attribute-based access control, automated trust negotiation model to hide the certificate technology is integrated into the attribute-based access control model.