网络与信息安全学报 ›› 2016, Vol. 2 ›› Issue (1): 46-52.doi: 10.11959/j.issn.2096-109x.2016.00015

• 学术论文 • 上一篇    下一篇

面向Hadoop的风险访问控制模型

李甲帅1,2,彭长根2,3,朱义杰1,2,马海峰1,2   

  1. 1 贵州大学计算机科学与技术学院,贵州 贵阳 550025
    2 贵州大学密码学与数据安全研究所,贵州 贵阳 550025
    3 贵州大学理学院,贵州 贵阳 550025
  • 修回日期:2015-12-02 出版日期:2016-01-01 发布日期:2016-02-16
  • 作者简介:李甲帅(1989-),男,山西运城人,贵州大学硕士生,主要研究方向为密码学与可信计算。|彭长根(1963-),男,侗族,贵州锦屏人,博士,贵州大学教授、博士生导师,主要研究方向为密码学、信息安全。|朱义杰(1989-),男,山东临沂人,贵州大学硕士生,主要研究方向为密码学与可信计算。|马海峰(1990-),男,四川乐山人,贵州大学硕士生,主要研究方向为密码学与可信计算。
  • 基金资助:
    国家自然科学基金资助项目(61262073);国家自然科学基金资助项目(61363068);全国统计科学研究计划基金资助项目(2013LZ46);贵州省统计科学研究课题基金资助项目(201511)

Risk access control model for Hadoop

Jia-shuai LI1,2,Chang-gen PENG2,3,Yi-jie ZHU1,2,Hai-feng MA1,2   

  1. 1 School of Electronic Engineering and Automation, Guilin University of Electronic Technology, Guilin 541004, China
    2 China Electronics Standardization Institute, Beijing 100007, China
    3 School of Computer Science and Engineering, Guilin University of Electronic Technology, Guilin 541004, China
  • Revised:2015-12-02 Online:2016-01-01 Published:2016-02-16
  • Supported by:
    The National Natural Science Foundation of China(61262073);The National Natural Science Foundation of China(61363068);The National Statistical Scientific Research Project(2013LZ46);The Guizhou Province Statistical Scientific Research Project(201511)

在线阅读

6

pdf下载

2282

被引次数

4

摘要:

摘要:传统的访问控制机制难以约束授权用户的恶意行为,使得采用这种访问控制机制的Hadoop 平台面临着大数据隐私泄露的风险。提出了一种基于风险的访问控制模型,该模型通过对主体和客体标签的设定,根据用户的历史行为记录构造信息熵风险值计算函数,并进一步建立风险值波动的追踪链,通过风险值及其波动幅度动态调整用户的访问权限。将该模型应用于Hadoop的Kerberos认证协议的改进,结合访问令牌及风险监测实现大数据隐私保护风险访问控制机制。最后,针对医疗大数据进行应用仿真,实验表明该模型可以有效约束大数据应用平台中授权用户的访问行为。

关键词: 风险访问控制, Hadoop, 隐私保护, 信息熵, 大数据

Abstract:

Traditional access control models are hard to restrain the malicious behavior of authorized users. Accord-ingly, Hadoop platform with this access control model is difficult to prevent the risk of privacy disclosure. A model of access control based on risk was proposed. A risk function of information entropy was designed from users’ his-torical behavior based on setting the tags of subject and object. Furthermore, the tracking chain of risk was built, which could adjust the users’ access authority dynamically according to the risk value and its volatility. Combining with access token and risk supervision, the risk access control mechanism for big data privacy protection was real-ized, which could be applied to enhance the security of Hadoop Kerberos protocol. Finally, the experiment result shows that the model can constrain the authorized users’ access behavior effectively.

Key words: risk access control, Hadoop, privacy protection, information entropy, big data

中图分类号: 

No Suggested Reading articles found!