公安综合信息系统访问控制的研究与应用
|
摘要
随着Internet和信息化技术的发展,企业信息系统得到了更多的关注和应用。公安系统信息化的建设为公安各部门用户实现信息共享提供了快捷、方便的渠道。在信息化建设的道路上,信息系统的访问控制策略和机制是一个关键问题,特别对一些用户和信息资源数量巨大的信息系统。访问控制策略是避免信息系统内部信息被非法获取、修改、破坏和避免系统被未授权使用的重要手段之一。由于公安综合信息系统涉及到数据的保密性和敏感性,实现严格的安全访问控制是十分关键的。
本文首先对几种目前比较传统的访问控制模型及其特点进行了简单的介绍,主要包括以下三种:自主访问控制,强制访问控制和基于角色的访问控制。而其中又以基于角色的访问控制RBAC(Role-Base Access Control)应用最为广泛。其基本思想是通过角色来实现用户与权限之间的逻辑隔离,从而简化对访问控制的管理。但是,随着人们对数据安全性要求的提高,以及对访问控制灵活性的进一步提高,传统的访问控制模型逐渐显现出其诸多不足之处,并在许多实际应用中显现出了他们的局限性。人们迫切需要一种功能更为强大的访问控制模型,来达到实际应用中更加复杂的要求。
随着密码学技术的不断发展,属性基密码系统的研究在近四年来受到了广泛的关注。它可以有效地解决访问控制中一直以来难解的问题,同时提供消息的私密性和访问控制的灵活性。本文结合属性基密码的特性,提出了一种全新的基于属性的访问控制模型,它是由一个在标准模型下选择树CPA安全的属性基加密方案改进而来。与传统的访问控制模型相比,它不仅使得密文资源能够被有效的利用,既增强了访问控制的灵活性,又增加了访问控制的模糊性,而且消息始终以密文形式存储也放宽了对服务器和访问存储器的安全限制。
最后,对基于属性的访问控制模块进行了实现,并在公安综合系统中加以应用。其中基于属性的加密模块部分采用了C语言独立实现,因为C语言有着计算效率高的特点,而基于属性的加密模块又是该系统的底层核心算法,因此很有必要对其效率加以控制。另外单独实现也增强了该模块的可重用性。
With the development of the Internet and information technology, the information systems have gotten more attention and are being used more as applications. The construction of information system for police makes users of all apartments of police can share information conveniently and effectively. Access control mode is very important on the way of informationization, especially for some information system that has large amount of users and resource. Access control is important to prevent inner information is lawlessly obtained, modified and destroyed and to prevent the system is unauthorized use. The strict security access control of the Police integrated system is critical to its implementation due to confidentiality and sensitivity of the data involved.
We firstly described three kinds of traditional access control models recently used: discretionary access control, mandatory access control and role-base access control. And among them, role-base access control (RBAC) is the most widely used one. The basic idea of RBAC is to achieve logical isolation between User and Privilege through Role, thus simplifying the access control management. From the view of application,this thesis researches systematically on the access control technology, RBAC models, summarize characteristics, advantages and disadvantages of them. Think over the character of the police, it expends the common RBAC model. The new model makes the access control more convenient and flexible. With the improvement of requirement of flexibility of access control and security of data, the traditional access control models were unveiling their shortage and appeared their localization in lots of applications. People exigently recommend a stronger new access control model, in order to deal with the more complex requirements.
As the development of cryptography, attribute based cryptosystem draws large attention from the researchers in this community recently. It is an efficient way to solve open problems in access control scenarios, such as how to provide data confidentiality and expressive control at the same time. By combining the techniques of attribute based cryptosystem, we provided a totally new Attribute-Base Access Control model. It is extended from an attribute-based encrypt scheme of selection tree CPA security under standard model. Compared with the traditional access control models, the new model makes use of ciphertext more effectively, improves the flexibility of access control, adds some illegibility of access control, and relaxes the security limitation of server and access control system by storing the data in the form of ciphertext.
At last, we realized the attribute-based access control model, and used it in the police integrated information system. The attribute-based encryption model in it was realized in C language independently. Since the encryption model is the core algorithm of the system and we know codes in C language can run more effectively. And realize it independently can let the model reusable in other applications.
本文首先对几种目前比较传统的访问控制模型及其特点进行了简单的介绍,主要包括以下三种:自主访问控制,强制访问控制和基于角色的访问控制。而其中又以基于角色的访问控制RBAC(Role-Base Access Control)应用最为广泛。其基本思想是通过角色来实现用户与权限之间的逻辑隔离,从而简化对访问控制的管理。但是,随着人们对数据安全性要求的提高,以及对访问控制灵活性的进一步提高,传统的访问控制模型逐渐显现出其诸多不足之处,并在许多实际应用中显现出了他们的局限性。人们迫切需要一种功能更为强大的访问控制模型,来达到实际应用中更加复杂的要求。
随着密码学技术的不断发展,属性基密码系统的研究在近四年来受到了广泛的关注。它可以有效地解决访问控制中一直以来难解的问题,同时提供消息的私密性和访问控制的灵活性。本文结合属性基密码的特性,提出了一种全新的基于属性的访问控制模型,它是由一个在标准模型下选择树CPA安全的属性基加密方案改进而来。与传统的访问控制模型相比,它不仅使得密文资源能够被有效的利用,既增强了访问控制的灵活性,又增加了访问控制的模糊性,而且消息始终以密文形式存储也放宽了对服务器和访问存储器的安全限制。
最后,对基于属性的访问控制模块进行了实现,并在公安综合系统中加以应用。其中基于属性的加密模块部分采用了C语言独立实现,因为C语言有着计算效率高的特点,而基于属性的加密模块又是该系统的底层核心算法,因此很有必要对其效率加以控制。另外单独实现也增强了该模块的可重用性。
With the development of the Internet and information technology, the information systems have gotten more attention and are being used more as applications. The construction of information system for police makes users of all apartments of police can share information conveniently and effectively. Access control mode is very important on the way of informationization, especially for some information system that has large amount of users and resource. Access control is important to prevent inner information is lawlessly obtained, modified and destroyed and to prevent the system is unauthorized use. The strict security access control of the Police integrated system is critical to its implementation due to confidentiality and sensitivity of the data involved.
We firstly described three kinds of traditional access control models recently used: discretionary access control, mandatory access control and role-base access control. And among them, role-base access control (RBAC) is the most widely used one. The basic idea of RBAC is to achieve logical isolation between User and Privilege through Role, thus simplifying the access control management. From the view of application,this thesis researches systematically on the access control technology, RBAC models, summarize characteristics, advantages and disadvantages of them. Think over the character of the police, it expends the common RBAC model. The new model makes the access control more convenient and flexible. With the improvement of requirement of flexibility of access control and security of data, the traditional access control models were unveiling their shortage and appeared their localization in lots of applications. People exigently recommend a stronger new access control model, in order to deal with the more complex requirements.
As the development of cryptography, attribute based cryptosystem draws large attention from the researchers in this community recently. It is an efficient way to solve open problems in access control scenarios, such as how to provide data confidentiality and expressive control at the same time. By combining the techniques of attribute based cryptosystem, we provided a totally new Attribute-Base Access Control model. It is extended from an attribute-based encrypt scheme of selection tree CPA security under standard model. Compared with the traditional access control models, the new model makes use of ciphertext more effectively, improves the flexibility of access control, adds some illegibility of access control, and relaxes the security limitation of server and access control system by storing the data in the form of ciphertext.
At last, we realized the attribute-based access control model, and used it in the police integrated information system. The attribute-based encryption model in it was realized in C language independently. Since the encryption model is the core algorithm of the system and we know codes in C language can run more effectively. And realize it independently can let the model reusable in other applications.
引文
[1]. S.Osborn, Ravi, S.Sandhu, Q.Munawer.Configuring, role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and Systems Security, 2000, 3(2):85~106
[2].王亚民.基于RBAC的信息系统访问控制模型.情报杂志,2006,(10):43~45
[3]. D.Ferraiolo, R.Kuhn. Role-Based Access Controls. In Proceedings of 15th NIST–NCSC National Computer Security Conference,Baltimore,MD,1992:554~563
[4]. R.Sandhu, E.J.Coyne, H.L.Feinstein. Role-Based Access Control Models. IEEE Computer, 1996, 29(2):38~47
[5]. R.Sandhu, V.Bhamidipati, E.Coyne. The ARBAC97 Model for Role-Based Administration of Roles: Preliminary Description and Outline. In Proceedings of Second ACM Workshop on Role-Based Access Control, Fairfax, Virginia, 1997:41~49
[6].王振江,刘强.基于RBAC的扩展访问控制模型.计算机应用研究,2005,41(35):23~25
[7]. R.Sandhu, Q.Munawer.The ARBAC99 Model for Administration of Roles. In 15th Annual Computer Security Applications Conference, Phoenix, Arizona, USA, December, 1999:229~240
[8]. S.Oh, R.Sandhu.A Model for Role Administration Using Organization Structure. In Proceedings of 7th ACM Symposium on Access Control Models and Technologies, Monterey, California, 2002:155~162
[9]. R.Sandhu,D.Ferraiolo,R.Kuhn. The NIST Model for Role Based Access Control: Towards a Unified Standard, In Proceedings of 5th ACM Workshop on Role-Base Access Control. New York, 2000:47~63
[10]. D.Ferraiolo,R.Sandhu,S.Gavrila. A Proposed Standard for Role Based Access Control. ACM Transactions on Information and System Security,2001,4(3):224~274
[11]. S.L.Gavrila,J.F.Barkley.Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management. In Proceedings of Third ACM Workshop on Role-Based Access Control,Fairfax,Virginia,1998:81~90
[12].叶春晓,符云清,吴中福.RBAC中权限扩展的实现.计算机工程,2005,31(9):141~142,172
[13].丁仲.用于RBAC访问控制的面向对象框架.中国科学院软件研究所硕士论文,2004,6:6~12
[14].程玉松.基于规则的用户-角色分配模型及web实现的研究.山东大学硕士论文,2005,12:6~28
[15].徐仁义,李益发.一个RBAC的改进模型.计算机工程与应用,2005,41(34):39~41,45
[16].钟华,冯玉琳,姜洪安.扩充角色层次关系模型及其应用.软件学报,2000,11(6):779~784
[17]. E.Bertino,P.Bonatti,E.Ferrari.TRBAC:A Temporal Role-Based Access Control Model. ACM Transactions on Information and System Security,2001,4(3):191~223.
[18]. E.Freudenthal,T.Pesin,L.Port.DRBAC:Distributed Role-Based Access Control for Dynamic Coalition Environments.In Proceedings of The 22nd International Conference on Distributed Computing Systems,July,2001:411~420
[19]. E.Cohen,R.K.Thomas,W.Winsborough.Models for Coalition Based Access Control. In Proceedings of The Seventh ACM Symposium on Access Control Models and Technologies,Monterey,California,USA,2002:97~106
[20].肖军模,刘军,周海刚.网络信息安全.机械工业出版社,2006:37~90
[21].马水平.基于角色安全访问控制机制的研究.中国海洋大学,2005.7
[22].张维.基于角色的访问控制的研究及其在法院系统中的应用.西南交通大学,2003.6
[23].张世永主编,网络安全原理与应用技术.科学出版社,2003:193~205
[24].冯登国著,网络安全原理与技术.科学出版社,2003:92~106
[25].丁胜,陈建勋.基于RBAC模型的安全访问机制建模研究.计算机应用与软件,2005,22(11):115~117
[26]. P.M.Aneta. Role Engineering of Information System Using Extended RBAC Model. In Proceedings of The Fourteenth IEEE International Workshops on Enabling Technologies Infrastructure for Collaborative Enterprises, 2005:154~159
[27].刘宏月,马建峰等.一种RBAC建议标准的分析与应用.信息安全与通信保密,2002,(4):36~39.
[28].苏军,薛顺利,李尊朝.基于RBAC中用户角色继承的权限控制方式.西安工程科技学院学报,2006,20(20):195~198
[29].肖道举,郑涛,陈晓芬.URA97模型的实现研究.华中科技大学学报,2002,30(3):7~9
[30]. R.Sandhu, V.Bhamidipati. Role-Based Administration of User-Role Assignment: The URA97 Model and Its Oracle Implementation. The Journal of Computer Security, 1999,7(4):317~323
[31].电信科学技术第十研究所.公安技侦综合应用系统总体方案.公安部十二局,2005.1
[32]. Gail-Joon Ahn.Role-based access control in DCOM.Journal of Systems Architecture:the EUROMICRO Journal,2000,46(13):157~162
[33].王兴伟,王宇.Web信息系统中基于RBAC模型的访问控制模块设计与实现.大连理工大学学报,2005,45(增刊):284~286
[34].徐宗民.基于Browser/Server模式的新型企业MIS的研究设计.计算机工程与应用,2003,135(6):15~16
[35].冯文龙.基于MVC2的Web应用.海南大学学报自然科学版,2006,24(2):156~160,173
[36]. C.W.Ryan,Breidenbach. Spring in Action.李磊,程立,周悦红.人民邮电出版社,2006:30~35
[37].史胜辉,王春明.Struts+Spring+Hibernate三种架构在管理信息系统中的应用.中国管理信息化,2006,9(12):17~19
[38]. W. Diffie, M.E. Hellman,“New directions in cryptography”, IEEE Trans. Inf. Theory, 22(6), pages 644-654, 1976
[39]. R.L.Rivest, A. Shamir and L.Adleman,“A method for obtaining digital signatures and public key cryptosystem”, Comm. ACM., 21, pages 120-126, 1978
[40]. L. M. Kohnfelder,“Towards a practical public-key cryptosystem”, B.S. Thesis, supervised by L. Adleman, MIT, Cambridge, MA, May 1978
[41]. A.Shamir,“Identity-based cryptosystems and signature schemes”, InCRYPTO’84, LNCS vol. 196, pages 47–53. Springer, 1984
[42]. Dan Boneh and Matthew K. Franklin,“Identity-based encryption from the weil pairing”, In CRYPTO, pages 213-229, 2001
[43]. Clifford Cocks,“An identity based encryption scheme based on quadratic residues”, In IMA Int. Conf., pages 360-363, 2001
[44]. D. Boneh, C. Gentry, and M. Hamburg,“Space-Efficient Identity Based Encryption Without Pairings”, In proceedings of FOCS 2007, pages 647-657, 2007
[45]. John Bethencourt, Amit Sahai, and Brent Waters,“Ciphertext-policy attribute-based encryption”, In IEEE Symposium on Security and Privacy, pages 321-334, 2007
[46]. Melissa Chase,“Multi-authority attribute-based encryption”, In TCC, pages 515-534, 2007
[47]. Ling Cheung and Calvin Newport,“Provably secure ciphertext policy abe”, In ACM Conference on Computer and Communications Security, pages 456-465, 2007
[48]. Vipul Goyal, Abhishek Jain, Omkant Pandey, and Amit Sahai,“Bounded ciphertext policy attribute based encryption”, In ICALP (2), pages 579-591, 2008
[49]. Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters,“Attribute-based encryption for fine-grained access control of encrypted data”, In ACM Conference on Computer and Communications Security, pages 89-98, 2006
[50]. Jonathan Katz, Amit Sahai and Brent Waters,“Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products”, In EUROCRYPT, pages 146-162, 2008
[51]. Rafail Ostrovsky, Amit Sahai, and Brent Waters,“Attribute-based encryption with non-monotonic access structures”, In ACM Conference on Computer and Communications Security, pages 195-203, 2007
[52]. Matthew Pirretti, Patrick Traynor, Patrick McDaniel, and Brent Waters,“Secure attribute-based systems”, In ACM Conference on Computer and Communications Security, pages 99-112, 2006
[53]. Amit Sahai and Brent Waters,“Fuzzy identity-based encryption”, In EUROCRYPT, pages 457-473, 2005
[54]. Brent Waters,“Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization”, Cryptology ePrint Archive 2008/290
[55]. Xiaohui Liang, Zhenfu Cao, Huang Lin and Dongsheng Xing, Provably Secure and Efficient Bounded Ciphertext Policy Attribute Based Encryption, ASIACCS 2009, Sydney, Australia, 10-12 March 2009
[2].王亚民.基于RBAC的信息系统访问控制模型.情报杂志,2006,(10):43~45
[3]. D.Ferraiolo, R.Kuhn. Role-Based Access Controls. In Proceedings of 15th NIST–NCSC National Computer Security Conference,Baltimore,MD,1992:554~563
[4]. R.Sandhu, E.J.Coyne, H.L.Feinstein. Role-Based Access Control Models. IEEE Computer, 1996, 29(2):38~47
[5]. R.Sandhu, V.Bhamidipati, E.Coyne. The ARBAC97 Model for Role-Based Administration of Roles: Preliminary Description and Outline. In Proceedings of Second ACM Workshop on Role-Based Access Control, Fairfax, Virginia, 1997:41~49
[6].王振江,刘强.基于RBAC的扩展访问控制模型.计算机应用研究,2005,41(35):23~25
[7]. R.Sandhu, Q.Munawer.The ARBAC99 Model for Administration of Roles. In 15th Annual Computer Security Applications Conference, Phoenix, Arizona, USA, December, 1999:229~240
[8]. S.Oh, R.Sandhu.A Model for Role Administration Using Organization Structure. In Proceedings of 7th ACM Symposium on Access Control Models and Technologies, Monterey, California, 2002:155~162
[9]. R.Sandhu,D.Ferraiolo,R.Kuhn. The NIST Model for Role Based Access Control: Towards a Unified Standard, In Proceedings of 5th ACM Workshop on Role-Base Access Control. New York, 2000:47~63
[10]. D.Ferraiolo,R.Sandhu,S.Gavrila. A Proposed Standard for Role Based Access Control. ACM Transactions on Information and System Security,2001,4(3):224~274
[11]. S.L.Gavrila,J.F.Barkley.Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management. In Proceedings of Third ACM Workshop on Role-Based Access Control,Fairfax,Virginia,1998:81~90
[12].叶春晓,符云清,吴中福.RBAC中权限扩展的实现.计算机工程,2005,31(9):141~142,172
[13].丁仲.用于RBAC访问控制的面向对象框架.中国科学院软件研究所硕士论文,2004,6:6~12
[14].程玉松.基于规则的用户-角色分配模型及web实现的研究.山东大学硕士论文,2005,12:6~28
[15].徐仁义,李益发.一个RBAC的改进模型.计算机工程与应用,2005,41(34):39~41,45
[16].钟华,冯玉琳,姜洪安.扩充角色层次关系模型及其应用.软件学报,2000,11(6):779~784
[17]. E.Bertino,P.Bonatti,E.Ferrari.TRBAC:A Temporal Role-Based Access Control Model. ACM Transactions on Information and System Security,2001,4(3):191~223.
[18]. E.Freudenthal,T.Pesin,L.Port.DRBAC:Distributed Role-Based Access Control for Dynamic Coalition Environments.In Proceedings of The 22nd International Conference on Distributed Computing Systems,July,2001:411~420
[19]. E.Cohen,R.K.Thomas,W.Winsborough.Models for Coalition Based Access Control. In Proceedings of The Seventh ACM Symposium on Access Control Models and Technologies,Monterey,California,USA,2002:97~106
[20].肖军模,刘军,周海刚.网络信息安全.机械工业出版社,2006:37~90
[21].马水平.基于角色安全访问控制机制的研究.中国海洋大学,2005.7
[22].张维.基于角色的访问控制的研究及其在法院系统中的应用.西南交通大学,2003.6
[23].张世永主编,网络安全原理与应用技术.科学出版社,2003:193~205
[24].冯登国著,网络安全原理与技术.科学出版社,2003:92~106
[25].丁胜,陈建勋.基于RBAC模型的安全访问机制建模研究.计算机应用与软件,2005,22(11):115~117
[26]. P.M.Aneta. Role Engineering of Information System Using Extended RBAC Model. In Proceedings of The Fourteenth IEEE International Workshops on Enabling Technologies Infrastructure for Collaborative Enterprises, 2005:154~159
[27].刘宏月,马建峰等.一种RBAC建议标准的分析与应用.信息安全与通信保密,2002,(4):36~39.
[28].苏军,薛顺利,李尊朝.基于RBAC中用户角色继承的权限控制方式.西安工程科技学院学报,2006,20(20):195~198
[29].肖道举,郑涛,陈晓芬.URA97模型的实现研究.华中科技大学学报,2002,30(3):7~9
[30]. R.Sandhu, V.Bhamidipati. Role-Based Administration of User-Role Assignment: The URA97 Model and Its Oracle Implementation. The Journal of Computer Security, 1999,7(4):317~323
[31].电信科学技术第十研究所.公安技侦综合应用系统总体方案.公安部十二局,2005.1
[32]. Gail-Joon Ahn.Role-based access control in DCOM.Journal of Systems Architecture:the EUROMICRO Journal,2000,46(13):157~162
[33].王兴伟,王宇.Web信息系统中基于RBAC模型的访问控制模块设计与实现.大连理工大学学报,2005,45(增刊):284~286
[34].徐宗民.基于Browser/Server模式的新型企业MIS的研究设计.计算机工程与应用,2003,135(6):15~16
[35].冯文龙.基于MVC2的Web应用.海南大学学报自然科学版,2006,24(2):156~160,173
[36]. C.W.Ryan,Breidenbach. Spring in Action.李磊,程立,周悦红.人民邮电出版社,2006:30~35
[37].史胜辉,王春明.Struts+Spring+Hibernate三种架构在管理信息系统中的应用.中国管理信息化,2006,9(12):17~19
[38]. W. Diffie, M.E. Hellman,“New directions in cryptography”, IEEE Trans. Inf. Theory, 22(6), pages 644-654, 1976
[39]. R.L.Rivest, A. Shamir and L.Adleman,“A method for obtaining digital signatures and public key cryptosystem”, Comm. ACM., 21, pages 120-126, 1978
[40]. L. M. Kohnfelder,“Towards a practical public-key cryptosystem”, B.S. Thesis, supervised by L. Adleman, MIT, Cambridge, MA, May 1978
[41]. A.Shamir,“Identity-based cryptosystems and signature schemes”, InCRYPTO’84, LNCS vol. 196, pages 47–53. Springer, 1984
[42]. Dan Boneh and Matthew K. Franklin,“Identity-based encryption from the weil pairing”, In CRYPTO, pages 213-229, 2001
[43]. Clifford Cocks,“An identity based encryption scheme based on quadratic residues”, In IMA Int. Conf., pages 360-363, 2001
[44]. D. Boneh, C. Gentry, and M. Hamburg,“Space-Efficient Identity Based Encryption Without Pairings”, In proceedings of FOCS 2007, pages 647-657, 2007
[45]. John Bethencourt, Amit Sahai, and Brent Waters,“Ciphertext-policy attribute-based encryption”, In IEEE Symposium on Security and Privacy, pages 321-334, 2007
[46]. Melissa Chase,“Multi-authority attribute-based encryption”, In TCC, pages 515-534, 2007
[47]. Ling Cheung and Calvin Newport,“Provably secure ciphertext policy abe”, In ACM Conference on Computer and Communications Security, pages 456-465, 2007
[48]. Vipul Goyal, Abhishek Jain, Omkant Pandey, and Amit Sahai,“Bounded ciphertext policy attribute based encryption”, In ICALP (2), pages 579-591, 2008
[49]. Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters,“Attribute-based encryption for fine-grained access control of encrypted data”, In ACM Conference on Computer and Communications Security, pages 89-98, 2006
[50]. Jonathan Katz, Amit Sahai and Brent Waters,“Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products”, In EUROCRYPT, pages 146-162, 2008
[51]. Rafail Ostrovsky, Amit Sahai, and Brent Waters,“Attribute-based encryption with non-monotonic access structures”, In ACM Conference on Computer and Communications Security, pages 195-203, 2007
[52]. Matthew Pirretti, Patrick Traynor, Patrick McDaniel, and Brent Waters,“Secure attribute-based systems”, In ACM Conference on Computer and Communications Security, pages 99-112, 2006
[53]. Amit Sahai and Brent Waters,“Fuzzy identity-based encryption”, In EUROCRYPT, pages 457-473, 2005
[54]. Brent Waters,“Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization”, Cryptology ePrint Archive 2008/290
[55]. Xiaohui Liang, Zhenfu Cao, Huang Lin and Dongsheng Xing, Provably Secure and Efficient Bounded Ciphertext Policy Attribute Based Encryption, ASIACCS 2009, Sydney, Australia, 10-12 March 2009