MLDP-oriented multi-party access control method and system based on SGX

Abstract

The invention belongs to the technical field of cloud computing, and discloses an MLDP-oriented multi-party access control method and system based on SGX. A lightweight key management algorithm basedon the SGX supports multi-party access control of a data result in an MLDP scene, solves the key revocation problem of the SGX, and is responsible for encryption key generation of a data owner and authorization generation, data encryption and decryption of a user. Based on the secret key management scheme, an efficient, safe and flexible multi-party access control framework is designed, the framework is called an EMPAC framework for short, and the framework supports safe data processing and multi-party access control of data results; the invention also provides a data protection method based on the game theory, and the reward and punishment of the behaviors of the non-root data owners are performed through setting the convenience police, and all non-root data owners are driven to be executed honest according to the protocol of the EMPAC framework. According to the method, the problem that a non-root data owner privately leaks data to seek benefits is finally solved.

Description

technical field [0001] The invention belongs to the technical field of cloud computing, and in particular relates to an SGX-based MLDP-oriented multi-party access control method and system. Background technique [0002] At present, because the cloud has abundant storage resources and powerful computing power, both individuals and enterprises tend to outsource data to the cloud for processing and storage. In this way, cloud users break the constraints of computing and storage resources. However, the cloud cannot be fully trusted, and it may leak users' private data to unauthorized entities. In order to protect user privacy, cloud service providers usually use access control mechanisms and secure data computing technologies to ensure safe storage and processing of data. The access control mechanism can prevent unauthorized access to the private data of the data owner. With the continuous refinement of the social division of labor and the continuous strengthening of cooperat...

AI Technical Summary

Problems solved by technology

Existing solutions mostly use encryption to achieve secure data analysis, which increases the complexity of data calculation and analysis, and introduces higher computational overhead

[0016] (2) The existing MPAC scheme does not consider the issue of user revocation

In multi-party access control in MLDP scenarios, user revocation is more complicated, so it is necessary to implement lightweight user revocation

[0017] (3) Using SGX technology to design MPAC in MLDP scenarios can reduce computing overhead, but there is a key revocation problem in SGX

[0021] (2) In the MLDP scenario, user revocation is more complicated than the traditional one-to-many access control mechanism

[0022] (3) The problem of data leakage by non-root data owners is unique to the multi-party control mechanism in the MLDP scenario

In the multi-layer data processing mode, the format of the data is not fixed, so the data watermark is not applicable to the multi-layer data processing mode

Images