中圖分類號：TP393.08;TP309文獻標識碼：ADOI:10.19358/j.issn.2097-1788.2024.10.004
引用格式：張綺文，袁凌云，王孜冉.支持數(shù)據(jù)敏感度分級的屬性訪問控制方案［J］.網(wǎng)絡安全與數(shù)據(jù)治理，2024，43（10）：20-27.

Attribute access control scheme supporting data sensitivity grading

Abstract： In the era of big data, heterogeneous data from multiple sources brings severe challenges to data security management. At the same time, the attributebased encryption scheme for traditional ciphertext strategies exhibits poor performance in terms of user attribute revocation. Aiming at these problems, an attribute access control scheme that classifies data sensitivity for sensitive data groups is proposed in the paper. Firstly, we establish a data sensitivity classification and grading strategy. Then, we accurately assess and classify data sensitivity and propose differentiated encryption strategies for data with varying sensitivities. Additionally, we achieve the revocability of CP-ABE encrypted user attributes based on the trapdoor collision feature of chameleon hash algorithm. The scheme is proven to satisfy IND-CPA security under the general group and random oracle models. Furthermore, performance analysis and experimental results show that the proposed scheme can improve the efficiency of data storage and encryption, reduce the burden of blockchain storage and computational costs when user attributes are revoked. As a result, this scheme dramatically improves the flexibility and security of data management.

Key words : data hierarchical classification; attribute-based encryption; attribute revocation; chameleon hashing; blockchain