A composite document model (ComDoc) and its fine-grained access control scheme (ICDAC) are proposed to address the actualities of lack of effective composite document model and multilevel security protection for document elements in cloud computing. The model combines the idea of multilevel security with an identity-based encryption (IBE) algorithm. In ComDoc composite document consists of a ciphertext part and a key-map part. The former stores the ciphertexts of document elements with security level. The element names and corresponding keys constitute map pairs and map records, and the records are then encrypted by the IBE and stored in the latter. The ICDAC achieves fine-grained access control with multilevel security protection for document elements by the following strategy. Authorized user decrypts the corresponding map records to get map pairs under the IBE in terms of the identity, and to extract the decryption keys to obtain the plaintext of the document elements. Comprehensive analysis shows that ComDoc satisfies the composite document characteristics and security requirements in cloud computing. Experimental results show that both the key numbers and the computational overheads of ICDAC are superior to existing scheme on the premise of encrypting the same composite documents.

• 出版日期2014
• 单位西安电子科技大学