Data access control method of DDS distributed system

A data access control and distributed system technology, applied in digital data authentication, digital data protection, electronic digital data processing, etc., can solve the problem of high message complexity

Pending Publication Date: 2021-09-10
SOUTHEAST UNIV
View PDF0 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, traditional DDS access control often implements one-to-one authority control between entities in the data domain based on identity. On the one hand, the identity of the legal publisher or subscriber needs to be determined in advance; For different subscribers, the data needs to be encrypted separately for different subscribers, and then sent to subscribers one-to-one, resulting in high message complexity

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data access control method of DDS distributed system
  • Data access control method of DDS distributed system
  • Data access control method of DDS distributed system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0036] Example: such as figure 1 Shown, a kind of data access control method of DDS distributed system, comprises the following steps:

[0037] First, the access control policy of the DDS data management center for a single topic (Topic1) in the system data resources (see Table 1, where 1 / 2 means that only one of the two attributes is satisfied, and 1 / 1 means that there is only one attribute and requires Satisfied) to analyze and generate the release access control structure T of topic Topic1 p1 and subscribe to the access control structure T s1 Respectively as figure 2 and image 3 shown. At the same time, the DDS data management center generates a signature authentication key pair {GK1 , VK 1}.

[0038] Table 1 Topicl access control policy

[0039]

[0040] Secondly, DDS users user1, user2 (publisher), user3, user4 (subscriber) in the distributed system submit user attribute sets to the data management center, as shown in Table 2. The DDS data management center g...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a data access control method for a DDS distributed system, which is used for performing theme-level fine-grained access control on data publishing and subscribing processes. The method comprises the following steps: firstly, decomposing an access control permission of theme data into a publishing permission and a subscribing permission from the perspective of data resources; secondly, distributing permission key pairs according to the correlation between the theme access control permission and user attributes; then adding release permission signature authentication in the DDS discovery matching process; and finally, limiting a theme subscription range by utilizing a CP-ABE technology in a DDS publishing and subscribing process to form a flexibly-defined one-to-many data sharing authority control scheme. According to the invention, a DDS communication process is combined with attribute-based encryption and signature authentication technologies, a secure communication scheme which is matched with loose coupling and one-to-many characteristics of DDS publishing/subscribing and ensures confidentiality and authenticity of a data distribution service is designed, and the security problem of unauthorized publishing and unauthorized subscribing between components in the message publishing/subscribing process is solved.

Description

technical field [0001] The invention relates to access control technology in the field of information security, in particular to a data access control method of a DDS distributed system. Background technique [0002] In a distributed system based on DDS (Data Distribution Service), each component transmits data in real time through topic-based publish / subscribe. Due to the loosely coupled nature of DDS, the data transfer relationship between components becomes flexible, but it also brings The security issues of data interaction come, such as unauthorized publishing and unauthorized subscription, which seriously threaten the security of communication middleware and its upper-layer applications. Therefore, it is necessary to control data access in the DDS system. [0003] Traditional DDS access control methods often only implement user-level access control, and the configuration of access control permissions is also complicated and cumbersome. It is necessary to define the ac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/62G06F21/64G06F21/60G06F21/44
CPCG06F21/6218G06F21/64G06F21/602G06F21/44
Inventor 沈卓炜高鹏余锐
Owner SOUTHEAST UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap