面向Hadoop的风险访问控制模型

doi:10.11959/j.issn.2096-109x.2016.00015

Abstract

Abstract:

Traditional access control models are hard to restrain the malicious behavior of authorized users. Accord-ingly, Hadoop platform with this access control model is difficult to prevent the risk of privacy disclosure. A model of access control based on risk was proposed. A risk function of information entropy was designed from users’ his-torical behavior based on setting the tags of subject and object. Furthermore, the tracking chain of risk was built, which could adjust the users’ access authority dynamically according to the risk value and its volatility. Combining with access token and risk supervision, the risk access control mechanism for big data privacy protection was real-ized, which could be applied to enhance the security of Hadoop Kerberos protocol. Finally, the experiment result shows that the model can constrain the authorized users’ access behavior effectively.

Key words: risk access control, Hadoop, privacy protection, information entropy, big data

CLC Number:

TP309

Jia-shuai LI,Chang-gen PENG,Yi-jie ZHU,Hai-feng MA. Risk access control model for Hadoop[J]. Chinese Journal of Network and Information Security, 2016, 2(1): 46-52.

Figures/Tables 5

References 9

[1]	刘莎, 谭良 . Hadoop 云平台中基于信任的访问控制模型[J]. 计算机科学 2014,41(5): 155-163.
	LIU S , TAN L . A access control model based on trust in Hadoop cloud platform[J]. Journal of Computer Science, 2014,41(5): 155-163.
[2]	CHENG P C , ROHATGI P , KESER C , et al. Fuzzy multi-level security: an experiment on quantified risk-adaptive access control[C]// IEEE Symposium on Security and Privacy. c 2007: 222-230.
[3]	NI Q , BERTINO E , LOBO J . Risk-based access control systems built on fuzzy inferences[C]// The 5th ACM Symposium on Infor-mation, Computer and Communications Security. c 2010: 250-260.
[4]	KIRKPATRICK M S , GHINITA G , BERTINO E . Privacy-preserving enforcement of spatially aware RBAC[C]// IEEE Transactions on De-pendable and Secure Computing. c 2012: 627-640.
[5]	PASHALIDIS A , PRENEEL B . Evaluating tag-based preference obfuscation systems[C]// IEEE Transactions on Knowledge and Data Engineering. c 2012: 1613-1623.
[6]	冯登国, 张敏, 李昊 . 大数据安全与隐私保护[J]. 计算机学报, 2014,37(1): 246-258.
	FENG D G , ZHANG M , LI H . Big date security and privacy pro-tection[J]. Journal of Computers, 2014,37(1): 246-258.
[7]	WANG Q , JIN H . Quantified risk-adaptive access control for pa-tient privacy protection in health information systems[C]// The 6th ACM Symposium on Information, Computer and Communications Security. c 2011: 406-410.
[8]	李凤华, 苏铓, 史国振 , 等. 访问控制模型研究进展及发展趋势[J]. 电子学报 2012,40(4): 805-813.
	LI F H , SU M , SHI G Z , et al. Research progress and developing trends of access control model[J]. Journal of Electronics, 2012,40(4): 805-813.
[9]	刘逸敏, 周浩峰, 王智慧 , 等. Purpose 融合: 基于风险 purpose的隐私查询访问控制[J]. 计算机学报, 2010(8): 1339-1348.
	LIU Y M , ZHOU H F , WANG Z H , et al. The purpose convergence:privacy query access control based on risk purpose[J]. Journal of Computers, 2010(8): 1339-1348.

Metrics

Recommended 0

No Suggested Reading articles found!

科室	ICD10主类编码	ICD10子类编码	ICD10疾病编码	ICD10名称	拼音助剂码
神经科	G	70	1	重症肌无力	ZZJWL
神经科	G	70	101	中毒性肌神经疾患	ZDXJSJJH
神经科	G	70	201	先天性肌弛缓	XTXJCH
神经科	G	71	1	肌营养不良	JYYBL
眼科	H	02	506	眼睑闭锁	YJBS
眼科	H	02	601	眼睑黄斑瘤	YJHBL
眼科	H	04	505	泪道阻塞	LDZS
眼科	H	04	506	泪小管阻塞	LXGZS
眼科	H	04	601	泪囊瘘	LNL

医生比例/%	诚实医生平均风险值	恶意医生平均风险值
5	0.23	1.04
10	0.19	1.08
15	0.17	1.14
20	0.13	1.61

[1]	Jianlong XU, Jian LIN, Yusen LI, Zhi XIONG. Distributed user privacy preserving adjustable personalized QoS prediction model for cloud services [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 70-80.
[2]	Zhe SUN, Hong NING, Lihua YIN, Binxing FANG. Preliminary study on the construction of a data privacy protection course based on a teaching-in-practice range [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 178-188.
[3]	Xue BAI, Baodong QIN, Rui GUO, Dong ZHENG. Two-party cooperative blind signature based on SM2 [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 39-51.
[4]	Min XIAO, Tao YAO, Yuanni LIU, Yonghong HUANG. Dynamic and efficient vehicular cloud management scheme with privacy protection [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 70-83.
[5]	Dong LI, Yanni HAO, Shenghui PENG, Ruijie ZI, Ximeng LIU. Network security of the National Natural Science Foundation of China: today and prospects [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 92-101.
[6]	Chenxin LU, Bing CHEN, Ning DING, Liquan CHEN, Ge WU. Identity-based anonymous cloud auditing scheme with compact tags [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 156-168.
[7]	Shengzhi MING, Jianming ZHU, Zhiyuan SUI, Xian ZHANG. Online medical privacy protection strategy under information value-added mechanism [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 169-177.
[8]	Dibin SHAN, Xuehui DU, Wenjuan WANG, Aodi LIU, Na WANG. Access control relationship prediction method based on GNN dual source learning [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 40-55.
[9]	Chao MU, Xin WANG, Ming YANG, Heng ZHANG, Zhenya CHEN, Xiaoming WU. Hardcoded vulnerability detection approach for IoT device firmware [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 98-110.
[10]	Xian ZHANG, Jianming ZHU, Zhiyuan SUI, Shengzhi MING. Analysis on anonymity and regulation of digital currency transactions based on game theory [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 150-157.
[11]	Feng LIU, Jie YANG, Jiayin QI. Survey on blockchain privacy protection techniques in cryptography [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 29-44.
[12]	Lin JIN, Youliang TIAN. Multi-authority attribute hidden for electronic medical record sharing scheme based on blockchain [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 66-76.
[13]	Weicheng ZHANG, Hongquan WEI, Shuxin LIU, Liming PU. Fast handover authentication scheme in 5G mobile edge computing scenarios [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 154-168.
[14]	Zhensheng GAO, Lifeng CAO, Xuehui DU. Research progress of access control based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 68-87.
[15]	Jiashun ZHOU, Na WANG, Xuehui DU. Multi-party efficient audit mechanism for data integrity based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 113-125.

Risk access control model for Hadoop

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 5

References 9

Related Articles 15

Metrics

Recommended 0