基于属性加密的 DDS 访问控制方案. (Chinese)

Data distribution service (DDS) is a reliable real-time data communication middleware standard. It is oriented to a distributed environment based on the publish/subscribe model. It has been widely used in various fields. However, there are few achievements in existing research involving DDS security technology. There are many security threats to the publishing and subscribing system in practice. In order to establish a flexible and reliable security mechanism to ensure the security of publishing and subscribing information, a data-centric access control scheme is proposed. On the basis of attribute encryption, the access tree structure is optimized, and the attribute trust mechanism is added in combination with the publishing and subscribing environment. Afterwards, the publicating and subscripting information is encrypted and matched by formulating attribute connection and authorization strategies, and a DDS access control model is established to control the interaction of information in the publicating and subscripting system and realize the safe distribution of data. The experimental verification shows the solution can deal with several security threats in DDS, guarantee the confidentiality of publishing and subscribing information, as well as realize the system’s access control to specific information, and publishers and subscribers do not need to share keys, reducing the overhead of key management. [ABSTRACT FROM AUTHOR]

数据分发服务（Data distribution service, DDS）是一种可靠的实时数据通信中间件标准, 它是面 向基于发布/订阅模型的分布式环境, 在各个领域得到了广泛应用, 但现有研究涉及 DDS 安全技术的成 果较少, 而在实际应用中发布订阅系统存在多种安全威胁。为了建立灵活可靠的安全机制来确保发布 订阅信息的安全性, 提出一种以数据为中心的访问控制方案。在属性加密的基础上, 对访问树结构进 行优化处理, 结合发布订阅环境增加属性信任机制。之后采用制定属性连接式与授权策略的方式对发 布订阅信息进行加密匹配, 并建立 DDS 访问控制模型来控制发布订阅系统内信息的交互, 实现数据的 安全分发。经过实验验证, 该方案既能够应对 DDS 存在的几种安全威胁, 保障发布订阅信息的机密性, 也能够实现系统对特定信息的访问控制, 并且发布者订阅者不需要共享密钥, 减少了密钥管理的开销。 [ABSTRACT FROM AUTHOR]

Copyright of Journal of Data Acquisition & Processing / Shu Ju Cai Ji Yu Chu Li is the property of Editorial Department of Journal of Nanjing University of Aeronautics & Astronautics and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)