Research On Multi-granularity Access Control For CAD Models In Intelligent Manufacturing Environment

As an important part of intelligent manufacturing,CAD model faces the information security problems brought by the new generation of cloud-based collaborative product development(CPD):(1)On the basis of storage and network access provided by the cloud platform,how to achieve secure access control of files under multi-party sharing and collaboration;(2)During the CPD process,how to effectively control the co-designers’ access control to each feature of the model,and protect the intellectual property(IP)information of the model from being disclosed.Role-based and attribute-based access control methods are the two most important methods for file layer access control,but there are some problems such as role explosion and high computational cost.There are also some problems in content-based access control methods such as watermarking,encryption and multi-resolution.: these methods cannot protect the IP information in the feature layer,or lack of flexibility.In order to improve the deficiencies of the existing scheme from two aspects of file layer and feature layer,this paper focuses on the multi-granularity access control methods of CAD model in intelligent manufacturing environment,mainly from the following two aspects:File layer access control.This paper proposes a multi-authority CP-ABE(MA-CP-ABE)access control scheme based on the shortest and most effective path:(1)Encryption and decryption algorithm is constructed based on the shortest effective paths extracted from the CP-ABE(ciphertext-policy attribute-based encryption)access structure,which will reduce the computational complexity of the encryption and decryption algorithm,and achieve fast decryption and access control;(2)Through the adoption of the certificate authority(CA)and the attribute authorities(AA),the multi-authority scheme suitable for cloud storage is realized;(3)Ciphertext updating is implemented by adopting policy update mechanism;(4)Implementation of that one access policy to manage the access control of multiple files through the multi-file access mechanism.Theoretical analysis and simulation experiments have shown that our scheme can achieve flexible and secure file access control on the cloud platform and reduce the computing cost.Feature layer access control.This paper proposes a fine-grained access control scheme based on features:(1)Security classification of model features is depended on feature classification authorization requirements;(2)Key features extraction before sharing is realized through the model features division algorithm and model features matching algorithm;(3)Model encryption deformation is realized through features encryption algorithm,which will complete IP information hiding of the CAD model;(4)Feature-based fine-grained access control is implemented through the authorization of the CAD model owner.Theoretical analysis and experiments have shown that the scheme can accurately carry out features division and features matching before collaboration,the features of CAD model can be encrypted flexibly,the security of IP information is guaranteed,and the access control of model feature layer is realized.