The decryption costs of most Attribute-Based Encryption (ABE) schemes go linearly with the number of attributes used in decryption. Attribute-Based Encryption scheme with Fast decryption (FABE) was used to solve this problem where cipher texts could be decrypted with a constant number of pairings. To solve the problem of existing adaptively secure FABE suffered from superfluous computation overhead because it was designed on composite order groups, an adaptively secure key-policy ABE scheme with fast decryption on prime order groups named PFKP-ABE was proposed. Firstly, based on dual pairing vector space and Linear Secret-Sharing Scheme (LSSS) technology, PFKP-ABE was constructed on prime order groups. Then, a sequence of attacking games indistinguishable from each other was designed to prove that this scheme is adaptively secure in the standard mode when dual system encryption approach was employed. Performance analysis indicates that in comparison with another adaptively secure key-policy ABE scheme with fast decryption on composite order groups (FKP-ABE), the speed of decryption has increased by roughly 15 times.

Since previous Multi-Authority Attribute-Based Encryption (MA-ABE) schemes limit each attribute to appear only once in the access structure, and suffer from superfluous computation overhead on repetitive encoding technique, an adaptively secure and unrestricted Multi-Authority Ciphertext-Policy ABE (MA-CP-ABE) scheme was proposed on prime order groups. Firstly, based on dual pairing vector space and linear secret-sharing schemes technology, an MA-CP-ABE scheme was constructed on prime order groups. Then, q-Parallel BDHE (Bilinear Diffie-Hellman Exponent) assumption was introduced to solve the problem that classical dual system encryption depends on a statistical hypothesis which requires each attribute to appear only once in the access structure, and a series of attacking games indistinguishable from each other was designed to prove that this scheme was adaptively secure in the standard model. Finally, performance analysis indicated that in comparison with another two adaptively secure MA-CP-ABE schemes on prime order groups, the speed of decryption was obviously improved by nearly 20%-40% and 0%-50% respectively as the number of participating attributes increasing, without considering the attribute repetition. This scheme is more efficient in real applications.

In view of the problem that verifying the conformance of e-government network structure, a conformance verification method for e-government network based on graph approximate matching was proposed. The method firstly abstracted the graph model of e-government network, then used the modular characteristic of network structure and k-hop neighboring relationship of vertices to realize extendible approximate graph matching which got all the similar structures between the two graphs. And then it proposed an improved graph similarity measure function by introducing the node importance factor and path distance attenuation factor so as to make the conformity assessment results more accurate. The experimental result shows that the method can accurately evaluate the conformance degree of e-government network structure, and fine-grainedly reflect the similarities or differences between the network structures which include all kinds of violations in the network topology and system deployment.

It is difficult to express diversity policy by traditional RBAC (Role-based Access Control) management model. In order to solve the problem, an Attribute based User-Role assignment (ABURA) model was proposed. Attributes were adopted as prerequisite conditions to provide richer semantics for RBAC management policy. In distributed systems, user-role reachability analysis is an important mechanism to verify the correctness of authorization management policy. The definition of user-role reachability analysis problem for ABURA model was given. According to the characteristics of state transition in ABURA model, some reduction theorems for policy were given. Based on these theorems, user-role reachability analysis algorithm was proposed, and the algorithm got verified through examples.

Protocol state machine can describe the behavior of a protocol, which can help to understand the behavior logic of protocol. Oriented towards text protocols, a statistical method was firstly used to extract the semantic keyword of representative message type, and an adjacency matrix was used to describe the sequential relationship between the message types, based on which the protocol states were labeled and a state transition diagram was built. The experimental results show that the method can accurately describe the sequential relationship between the message types and abstract state machine model accurately.

With regard to the singleness of the role establishment method in the traditional cross-domain authorization management models, and the problems such as implicit promotion of privilege and the separation of duties conflict, a new cross-domain authorization management model based on two-tier role mapping was proposed. The two-tier role architecture met the practical needs of role establishment and management. On this basis, unidirectional role mapping can avoid the role mapping rings. By introducing attribute and condition, dynamic adjustment of permissions was realized. The model was formalized by dynamic description logic, including concepts, relations and management actions. In the end, the security of the model was analyzed.

To improve the correctness and feasibility of the implementation of multilevel security in the distributed environment, a distributed multilevel security core architecture — Distributed Trusted Computing Base (DTCB) was proposed. DTCB was divided into three layers, TCB of System layer, TCB of Module layer and TCB of Partition layer, finer multilevel control granularity was realized step by step, greatly reducing the complexity of the implementation of multilevel security in the distributed environment. At last, based on the composable noninterference model, the security of DTCB was formally proved. The result shows that DTCB assures the multilevel security of distributed system as a whole.