传统的信息流控制技术受限于其基于单机环境的研究,难以有效保护云计算中数据的安全性.为此,提出一种基于属性加密的信息流控制机制.将基于属性的加密技术与信息流控制技术相结合,通过对用户私钥和访问树的生成方法重新设计,在减少用户制定访问策略工作的同时,使得该机制能够对云中数据进行有效的信息流控制,从而消除安全隐患.性能测试结果表明,该机制能够抵抗基于共享内存的侧通道攻击,保护静态虚拟域中敏感数据安全性.%The traditional Information Flow Control (IFC) technology is limited by its stand-alone environment research,it is difficult to effectively protect the security of data in cloud computing.Therefore,this paper proposes an information flow control mechanism based on attribute encryption technology,which combines Attribute-Based Encryption(ABE) technology with IFC technology.By redesigning the user private key and access tree generation method,it reduces to access mechanism,making the mechanism to control the cloud data effective information flow,thus eliminates potential safety problems.Performance test results show that this mechanism can effectively resist the shared channel based attacks and protect the security of sensitive data in static virtual domains.
展开▼