支持协作的基于属性访问控制

In this paper we introduce a cooperative attribute-based access control mechanism, which is specifically designed for enterprise computing system. In our system, users are divided into different groups and they are affiliated with different attributes. Only members from the same group can combine their signing keys to form the signing key of a larger union set of attributes, but users from different groups cannot make it. With the union of the attributes, users can generate a signature which can be used to grant access right to the enterprise cloud system. The applications range from private cloud of a small and medium enterprise (SME) to a large public cloud of electronic healthcare system. We give an efficient design of this mechanism, formally prove its security and implement the prototype of our scheme.