大数据环境下多源异构数据的访问控制模型

doi:10.11959/j.issn.2096-109x.2019009

Abstract

Abstract:

The big data platform is open and shared,but with the increasing amount of data and the complex and variable user access context,the RBAC model is difficult to meet the fine-grained and flexible access control in big data environment.To solve this problem,an access control model for multi-source heterogeneous data in big data platform is proposed.The model dynamically determines role permissions based on attributes and builds a hierarchical structure based on data groups to achieve simple management of data attributes.The model is formally defined,and the implementation and workflow in Hadoop platform are described.The experimental results show that the performance overhead of the proposed scheme is relatively small.

Key words: big data platform, access control, dynamic authorization, data group hierarchy

CLC Number:

TP309.2

Qiuyue SU, Xingshu CHEN, Yonggang LUO. Access control model for multi-source heterogeneous data in big data environment[J]. Chinese Journal of Network and Information Security, 2019, 5(1): 78-86.

Figures/Tables 4

References 15

[1]	WHITE T , . Hadoop-the definitive guide 4e[M]// Hadoop:The Definitive Guide.O'Reilly Media,Inc. 2015: 1-4.
[2]	刘驰, 胡柏青, 谢一 . 大数据治理与安全:从理论到开源实践[M]. 北京: 机械工业出版社, 2017.
	LIU C , ZHOU B Q , XIE Y . Big data governance and security:from theory to open source practice[M]. Beijing: China Machine PressPress, 2017.
[3]	SPIVEY B , ECHEVERRIA J . Hadoop security:protecting your big data platform[M]. O'Reilly Media,Inc., 2015.
[4]	SANDHU R S , COYNE E J , FEINSTEIN H L ,et al. Role-based access control models[J]. IEEE Computer, 2002,29(2): 38-47.
[5]	GUPTA M , PATWA F , BENSON J ,et al. Multi-layer authorization framework for a representative Hadoop ecosystem deployment[C]// ACM on Symposium on Access Control MODELS and Technologies. 2017: 183-190.
[6]	GUPTA M , PATWA F , SANDHU R . POSTER:access control model for the Hadoop ecosystem[C]// ACM on Symposium on Access Control MODELS and Technologies. ACM, 2017: 125-127.
[7]	陈垚坤, 刘文丽 . 一种适用于Hadoop平台的基于属性访问控制模型[J]. 河南师范大学学报(自然版), 2016(5): 146-153.
	CHEN Y K , LIU W L . Attribute-based access control model for Hadoop[J]. Journal of Henan Normal University (Natural Edition), 2016(5): 146-153.
[8]	GUPTA M , PATWA F , SANDHU R . An attribute-based access control model for secure big data processing in Hadoop ecosystem[C]// ACM Workshop. 2018: 13-24.
[9]	HU V , FERRAIOLO D , KUHN R ,et al. Guide to attribute based access control (ABAC) definition and considerations[J]. NIST Special Publication, 2013,800(162).
[10]	沈晴霓, 杨雅辉, 禹熹 ,等. 一种面向多租户云存储平台的访问控制策略[J]. 小型微型计算机系统, 2011,32(11): 2223-2229.
	SHEN Q N , YANG Y H , YU X ,et al. An access control policy for multi-tenancy cloud storage platform[J]. Small Microcomputer System, 2011,32(11): 2223-2229.
[11]	LO N W , YANG T C , GUO M H . An attribute-role based access control mechanism for multi-tenancy cloud environment[J]. Wireless Personal Communications, 2015,84(3): 2119-2134.
[12]	NGO C , DEMCHENKO Y , LAAT C D . Multi-tenant attribute-based access control for cloud infrastructure services[J]. Journal of Information Security ＆ Applications, 2016,27-28(C): 65-84.
[13]	BHATT S , PATWA F , SANDHU R . An attribute-based access control extension for openstack and its enforcement utilizing the policy machine[C]// IEEE,International Conference on Collaboration and Internet Computing. 2017: 37-45.
[14]	王于丁, 杨家海 . 一种基于角色和属性的云计算数据访问控制模型[J]. 清华大学学报(自然科学版), 2017,57(11): 1150-1158.
	WANG Y D , YANG J H . Data access control model based on data’s role and attributes for cloud computing[J]. Journal of Tsinghua University (Natural Science Edition) , 2017,57(11): 1150-1158.
[15]	GUPTA M , PATWA F , SANDHU R . Object-tagged RBAC model for the Hadoop ecosystem[C]// IFIP Conference on Data and Applications Security and Privacy. 2017: 63-81.

Metrics

Recommended 0

No Suggested Reading articles found!

名称	定义及描述
U	用户集合：U={U₁,U₂,…,U_n}，U_i表示Hadoop平台中的某一用户
R	角色集合：R={R₁,R₂,…,R_n}，R_i表示Hadoop平台中的某一角色
S	会话集合：S={S₁,S₂,…,S_n}，S_i表示用户的一次访问请求，与激活角色之间的某种映射
D	数据集合：D＝{D ₁,D₂,…,D_n}，D_i表示Hadoop平台中的某一数据
G	数据组集合：G={ G₁,G₂,…,G_n}，G_i表示平台中具有相同属性的某一数据集合
OP	操作集合：OP={OP₁,OP₂,…,OP_n}，表示对数据的操作集合
DATT	数据属性集合：对Hadoop平台中数据的特征描述，如数据的标识、类型、拥有者等
EATT	环境属性集合：表示Hadoop平台中执行访问操作的上下文信息，如时间、位置等
OPATT	操作属性集合：表示用户对多源异构数据执行具体行为的描述，如读/写，创建/删除等

Access control model for multi-source heterogeneous data in big data environment

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 4

References 15

Related Articles 13

Metrics

Recommended 0

[1]	Dibin SHAN, Xuehui DU, Wenjuan WANG, Aodi LIU, Na WANG. Access control relationship prediction method based on GNN dual source learning [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 40-55.
[2]	Zhensheng GAO, Lifeng CAO, Xuehui DU. Research progress of access control based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 68-87.
[3]	Guanqun YANG, Yin LIU, Hao XU, Hongwei XING, Jianhui ZHANG, Entang LI. Credible distributed identity authentication system of microgrid based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 88-98.
[4]	Fuyuan SONG, Zheng QIN, Jixin ZHANG, Yu LIU. Efficient and secure multi-user outsourced image retrieval scheme with access control [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 29-39.
[5]	Wenchao WU, Zhiyu REN, Xuehui DU. Permission clustering-based attribute value optimization [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 175-182.
[6]	Tianyi ZHU, Fenghua LI, Lin CHENG, Yunchuan GUO. Research on cross-domain access control technology [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 20-27.
[7]	Yunxiang QIU,Hongxia ZHANG,Qi CAO,Jiancong ZHANG,Xingshu CHEN,Hongjian JIN. Blockchain data access control scheme based on CP-ABE algorithm [J]. Chinese Journal of Network and Information Security, 2020, 6(3): 88-98.
[8]	Yukun NIU,Lingbo WEI,Chi ZHANG,Xia ZHANG,Vejarano Gustavo. Privacy-preserving access control for public wireless LAN utilizing the bitcoin blockchain [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 56-66.
[9]	Tian-zhu CHEN,Yun-chuan GUO,Ben NIU,Feng-hua LI. Research progress of access control model and policy in online social networks [J]. Chinese Journal of Network and Information Security, 2016, 2(8): 1-9.
[10]	Li LI,Guo-zhen SHI,Xuan WANG,Yun-fei CI. Implementation of shared file encrypted storage hierarchical access control scheme [J]. Chinese Journal of Network and Information Security, 2016, 2(7): 26-32.
[11]	Rui-xin YAO,Hui LI,Jin CAO. Overview of privacy preserving in social network [J]. Chinese Journal of Network and Information Security, 2016, 2(4): 33-43.
[12]	Liang-xuan ZHANG,Hui LI. Multi-authority attribute-based encryption with efficient user revocation in cloud computing [J]. Chinese Journal of Network and Information Security, 2016, 2(2): 62-74.
[13]	Jia-shuai LI,Chang-gen PENG,Yi-jie ZHU,Hai-feng MA. Risk access control model for Hadoop [J]. Chinese Journal of Network and Information Security, 2016, 2(1): 46-52.