通信学报 ›› 2022, Vol. 43 ›› Issue (9): 27-41.doi: 10.11959/j.issn.1000-436x.2022165
金伟1,2,3, 李凤华1,2, 余铭洁1,4, 郭云川1,2, 周紫妍1,2, 房梁1
修回日期:
2022-06-07
出版日期:
2022-09-25
发布日期:
2022-09-01
作者简介:
金伟(1994- ),女,北京人,中国科学院信息工程研究所博士生,主要研究方向为大数据访问控制与密钥管理基金资助:
Wei JIN1,2,3, Fenghua LI1,2, Mingjie YU1,4, Yunchuan GUO1,2, Ziyan ZHOU1,2, Liang FANG1
Revised:
2022-06-07
Online:
2022-09-25
Published:
2022-09-01
Supported by:
摘要:
大数据环境呈现多用户跨网交叉访问、多服务协同计算、数据跨服务流动、海量文件管控复杂的特点,现有密钥资源控制模型和机制不完全适用于大数据场景。针对大数据环境的密钥资源控制、操作语义归一化描述、细粒度访问控制的需求,从密钥资源控制的场景要素及属性出发,通过映射面向网络空间的访问控制(CoAC)模型,提出了面向HDFS的密钥资源控制机制;然后,给出了面向HDFS的密钥资源控制管理机制(CKCM),包括管理子模型和管理支撑模型,并用 Z 语言形式化地描述了管理模型中的管理函数和管理方法;最后,基于XACML实现CKCM系统,实现HDFS中密钥及文件资源的细粒度安全访问控制。
中图分类号:
金伟, 李凤华, 余铭洁, 郭云川, 周紫妍, 房梁. 面向HDFS的密钥资源控制机制[J]. 通信学报, 2022, 43(9): 27-41.
Wei JIN, Fenghua LI, Mingjie YU, Yunchuan GUO, Ziyan ZHOU, Liang FANG. HDFS-oriented cryptographic key resource control mechanism[J]. Journal on Communications, 2022, 43(9): 27-41.
表1
操作涉及的客体"
操作类型 | 操作 | 涉及修改和访问的资源 | ||||||
KMS | HDFS | EZM | ||||||
一级密钥 | 二级密钥 | 三级密钥 | NN | DN | ||||
创建二级密钥 | √ | √ | — | — | — | — | ||
更新二级密钥 | √ | √ | — | ○ | — | ○ | ||
密钥管理操作(KMO) | 删除二级密钥 | — | √ | — | ○ | ○ | ○ | |
三级密钥缓冲池管理 | √ | √ | √ | — | — | — | ||
查二级密钥名 | — | √ | — | — | — | — | ||
查二级密钥内容 | √ | √ | — | — | — | — | ||
加密区操作(EZO) | 绑定加密区 | — | √ | √ | — | √ | ||
向加密区上传/下载文件 | √ | √ | ○ | √ | √ | √ | ||
初始化文件系统 | — | — | — | √ | √ | — | ||
HDFS操作(DFSO) | 创建空文件夹 | — | — | — | √ | — | — | |
非加密区文件上传/下载 | — | — | — | √ | √ | — | ||
修改文件默认权限 | — | — | — | √ | — | — |
表2
属性场景管理类"
函数 | 描述 |
创建属性元数据 | 添加元素的属性元数据,需选择数据类型、管理对象,填写属性名、属性描述(可选),若添加成功,返回true; |
createMetaAttr | 否则返回false |
createMetaAttr(METAATTR?, p?:AttrName, ds?:DataSturcture, elt?:Element, des?:Description, result!:Boolean)? | |
if p?elt.MetaAttr | |
then meta=<p, ds, elt, des>, METAATTR’= METAATTR∪{ meta }, result=true | |
else result=false? | |
删除属性元数据 | 删除元素的属性元数据及已配置的属性值,若删除成功,返回true;否则返回false |
deleteMetaAttr | deleteMetaAttr(METAATTR?, p?:AttrName, result!:Boolean)? |
if p?meta∈METAATTR, | |
then METAATTR’=METAATTR?{p?meta}, result=true | |
else result=false? | |
选取场景描述函数 | 选择场景描述函数,如各数据类型元素的对比和计算函数,根据属性的数据类型输出 |
selectFunction | selectFunction(elt?:Element, func!:Function)? |
getFunction(getDataStructure(elt))→func? | |
创建场景 | 选取已有要素、属性和函数,搭建场景,若创建成功,返回true;否则返回false |
createScene | createScene(SCENE?, q?:Quantity, rsc?Resource, (t, ap, dev, bdn)?:Name, result!:Boolean)? |
sc=selectFunction((t, ap, dev, bdn), getAttr(q, rsc)) | |
if sc?SCENE | |
then SCENE’=SCENE∪{sc}, result=true | |
else result=false? | |
修改场景 | 修改已有场景中的要素、属性和函数,若修改成功,返回true;否则返回false |
modScene | modScene(SCENE?, sca?,scb?:Scene, result!:Boolean)? |
if sca∈SCENE and scb?SCENE | |
then SCENE’=SCENE∪{scb}?{sca}, result=true | |
else result=false? | |
删除场景 | 删除已有场景,若删除成功,返回true;否则返回false |
deleteScene | deleteScene(SCENE?, sc?:Scene, result!:Boolean)? |
if sc∈SCENE | |
then SCENE’=SCENE?{sc}, result=true | |
else result=false? |
表3
属性场景-权限管理类"
函数 | 描述 |
授予场景权限 | 为已创建的场景分配权限,若分配成功,返回true;否则返回false |
assignScPerm | assignScPerm(PERM?, sc?:Scene, p?:Perm, result!: Boolean)? |
if sc∈SCENE and p?PERM | |
then PERM’=PERM∪{p}, result=true | |
else result=false? | |
撤销场景权限 | 撤销场景所具有的权限,若撤销成功,返回true;否则返回false |
revokeScPerm | assignScPerm(PERM?, p?:Perm, result!: Boolean)? |
if p∈PERM | |
then PERM’=PERM?{p}, result=true | |
else result=false? |
表4
用户-属性场景管理类"
函数 | 描述 |
添加/修改属性值 | 添加或修改元素的属性值,若添加成功,返回true;否则返回false |
modAttr | modAttr(ATTRVALUE?, p?:AttrName, elt?:Element, vlu?:Value, result!:Boolean)? |
if (p∈elt.MetaAttr) and (vlu∈allowedValue) | |
then attrValue=<p,elt, vlu>, ATTRVALUE’= ATTRVALUE∪{ attrValue }, result=true | |
else result=false? | |
选取/查询属性 | 选取/查询各元素的属性,用于构建场景,若查询成功,返回属性集合;否则返回null |
getAttr | getAttr(ATTR?, elt?:Element, result!: AttrSet)? |
if checkId(elt) | |
then result=elt?ATTR | |
else result=null? | |
查询属性值 | 查询访问请求实体的所有属性值,用于匹配场景,若查询成功,返回属性值集合;否则返回null |
getAttrValue | getAttrValue(ATTRVALUE?, q?:Quantity, result!: AttrValueSet)? |
if checkId(q) | |
then result=q?ATTRVALUE | |
else result=null? | |
验证时间 | 验证时间在场景的允许范围内,若通过验证,返回true;否则返回false |
verifyTime | verifyTime(sc?:SCENE, t?:Name, result!:Boolean)? |
if t∈sc.t | |
then result=true | |
else result=false? | |
验证接入点 | 验证接入点在场景的允许范围内,若通过验证,返回true;否则返回false |
verifyAP | verifyAP(sc?:SCENE, ap?:Name, result!:Boolean)? |
if ap∈sc.ap | |
then result=true | |
else result=false? | |
验证设备 | 验证设备在场景的允许范围内,若通过验证,返回true;否则返回false |
verifyDevice | verifyDevice(sc?:SCENE, dev?:Name, result!:Boolean)? |
if dev∈sc.dev | |
then result=true | |
else result=false? | |
验证网络 | 验证设备在场景的允许范围内,若通过验证,返回true;否则返回false |
verifyBDNetwork | verifyBDNetwork(sc?:SCENE, bdn?:Name, result!:Boolean)? |
if bdn∈sc.bdn | |
then result=true | |
else result=false? |
表5
实体身份与认证管理类"
函数 | 描述 |
用户实体注册 | 注册未重名的用户实体,并更新,若注册成功,返回true;否则返回false |
QuantitySignUp | QuantitySignUp(Quantity?, Password?, Certification?, q?:Name, result!:Boolean)? |
if q?Quantity | |
then Quantity’= Quantity∪{q}, Password’=Password∪{q?pwd}, Certification’=Certification∪{q?cert} | |
result=true | |
else result=false? | |
用户实体删除/注销 | 删除用户实体,若删除成功,返回true;否则返回false |
QuantityLogOff | QuantityLogOff(Quantity?, Password?, Certification?, q?:Name, result!:Boolean)? |
if q∈Quantity | |
then Quantity’= Quantity?{q}, Password’=Password?{q?pwd}, Certification’=Certification?{q?cert} | |
result=true | |
else result=false? | |
口令/证书的初始化、更新、撤销 | 更新用户实体的口令和证书,若更新成功,返回true;否则返回false |
updateAuthentication | updateAuthentication(Quantity?, q?:Name, result!:Boolean)? |
if q∈Quantity | |
then Password’=Password∪{q?NewPwd}, Certification’=Certification∪{q?NewCert}, result=true | |
else result=false ? | |
口令/证书认证 | 验证用户身份与口令/证书,若验证成功,返回true;否则返回false |
CheckId | CheckId(Quantity?, q?:Name, pwd?:Password, cert?:Certification, result!:Boolean)? |
if (q∈Quantity) and ( (pwd?(q?password)) or (cert?(q?certification)) ) | |
then result=true | |
else result=false? | |
用户列表查询 | 返回当前用户列表 |
getQuantityList | getQuantityList(Quantity?, list!:QuantityList)? |
getId(Quantity)→list? |
表6
会话管理类"
函数 | 描述 |
为通过认证的用户分配会话 | 认证用户身份并分配会话,若分配成功,返回true;否则返回false |
assignQSession | assignSession(QSession?, q?:Name, result!:Boolean)? |
if checkId(q) | |
then QSesson’=QSession∪{<q, s>}, result=true | |
else result=false? | |
为会话分配场景 | 获取场景,并分配给会话,若分配成功,返回true;否则返回false |
assignScSession | assignScSession(ScSession?, q?,s?:Name, result!:Boolean)? |
if createScene(q)→sc | |
then ScSession’=ScSession∪{<s, sc>}, result=true | |
else result=false? | |
关闭会话 | 关闭会话,若关闭成功,返回true;否则返回false |
closeSession | closeSession(QSession?, ScSession?, q?,s?:Name, sc?Scene, result!:Boolean)? |
if ( <q, s>∈QSession ) and ( <s, sc>∈ScSession ) | |
then QSesson’=QSession?{<q, s>}, ScSession’=ScSession?{<s, sc>} | |
else result=false ? |
[1] | 李凤华, 王彦超, 殷丽华 ,等. 面向网络空间的访问控制模型[J]. 通信学报, 2016,37(5): 9-20. |
LI F H , WANG Y C , YIN L H ,et al. Novel cyberspace-oriented access control model[J]. Journal on Communications, 2016,37(5): 9-20. | |
[2] | COLOMBO P , FERRARI E . Access control in the era of big data:state of the art and research directions[C]// Proceedings of the 23rd ACM on Symposium on Access Control Models and Technologies. New York:ACM Press, 2018: 185-192. |
[3] | ULUSOY H , COLOMBO P , FERRARI E ,et al. GuardMR:fine-grained security policy enforcement for MapReduce systems[C]// Proceedings of the 10th ACM Symposium on Information,Computer and Communications Security. New York:ACM Press, 2015: 285-296. |
[4] | ULUSOY H , KANTARCIOGLU M , PATTUK E ,et al. Vigiles:fine-grained access control for MapReduce systems[C]// Proceedings of 2014 IEEE International Congress on Big Data. Piscataway:IEEE Press, 2014: 40-47. |
[5] | GUPTA M , PATWA F , SANDHU R . POSTER:access control model for the hadoop ecosystem[C]// Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies. New York:ACM Press, 2017: 125-127. |
[6] | GUPTA M , PATWA F , SANDHU R . Object-tagged RBAC model for the Hadoop ecosystem[C]// Data and Applications Security and Privacy (DBSec). Berlin:Springer, 2017: 63-81. |
[7] | SANDHU R S , COYNE E J , FEINSTEIN H L ,et al. Role-based access control models[J]. Computer, 1996,29(2): 38-47. |
[8] | GUPTA M , PATWA F , SANDHU R . An attribute-based access control model for secure big data processing in Hadoop ecosystem[C]// Proceedings of the 3rd ACM Workshop on Attribute-Based Access Control. New York:ACM Press, 2018: 13-24. |
[9] | AWAYSHEH F M , ALAZAB M , GUPTA M ,et al. Next-generation big data federation access control:a reference model[J]. Future Generation Computer Systems, 2020,108: 726-741. |
[10] | GUPTA M , PATWA F , BENSON J ,et al. Multi-layer authorization framework for a representative Hadoop ecosystem deployment[C]// Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies. New York:ACM Press, 2017: 183-190. |
[11] | UGOBAME U U , SCHNEIDER K A , HOSSEINZADEH K S ,et al. Blockchain access control ecosystem for big data security[C]// Proceedings of 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber,Physical and Social Computing (CPSCom) and IEEE Smart Data. Piscataway:IEEE Press, 2018: 1373-1378. |
[12] | HU V C , FERRAIOLO D , KUHN R ,et al. Guide to attribute based access control (ABAC) definition and considerations[R]. 2014. |
[13] | MELL P , SHOOK J , HARANG R ,et al. Linear time algorithms to restrict insider access using multi-policy access control systems[J]. Journal of Wireless Mobile Networks,Ubiquitous Computing,and Dependable Applications, 2017,8(1): 4-25. |
[14] | SANDHU R , PARK J . Usage control:a vision for next generation access control[C]// Computer Network Security. Berlin:Springer, 2003: 17-31. |
[15] | BALDI G , DIAZ-TELLEZ Y , DIMITRAKOS T ,et al. Session-dependent usage control for big data[J]. Journal of Internet Services and Information Security, 2020,10(3): 76-92. |
[16] | OASIS Open . OASIS eXtensible access control markup language (XACML) TC version 3.0[EB]. 2013. |
[17] | PREMKAMAL P K , PASUPULETI S K , ALPHONSE P J A . A new verifiable outsourced ciphertext-policy attribute based encryption for big data privacy and access control in cloud[J]. Journal of Ambient Intelligence and Humanized Computing, 2019,10(7): 2693-2707. |
[18] | KAPIL G , AGRAWAL A , ATTAALLAH A ,et al. Attribute based honey encryption algorithm for securing big data:Hadoop distributed file system perspective[J]. PeerJ Computer Science, 2020,6:e259. |
[19] | SHAFAGH H , BURKHALTER L , RATNASAMY S ,et al. Droplet:decentralized authorization and access control for encrypted data streams[C]// Proceedings of the 29th USENIX Conference on Security Symposium. Berkeley:USENIX Association, 2020: 2469-2486. |
[20] | 金伟, 余铭洁, 李凤华 ,等. 支持高并发的Hadoop高性能加密方法研究[J]. 通信学报, 2019,40(12): 29-40. |
JIN W , YU M J , LI F H ,et al. High-performance and high-concurrency encryption scheme for Hadoop platform[J]. Journal on Communications, 2019,40(12): 29-40. | |
[21] | 李凤华, 陈天柱, 王震 ,等. 复杂网络环境下跨网访问控制机制[J]. 通信学报, 2018,39(2): 1-10. |
LI F H , CHEN T Z , WANG Z ,et al. Cross-network access control mechanism for complex network environment[J]. Journal on Commu-nications, 2018,39(2): 1-10. | |
[22] | D?RNYEI Z . Motivational strategies in the language classroom[M]. Cambridge: Cambridge University Press, 2001. |
[1] | 应作斌, 斯元平, 马建峰, 刘西蒙. 基于区块链的分布式EHR细粒度可追溯方案[J]. 通信学报, 2021, 42(5): 205-215. |
[2] | 李学俊,张丹,李晖. 可高效撤销的属性基加密方案[J]. 通信学报, 2019, 40(6): 32-39. |
[3] | 金伟,余铭洁,李凤华,杨正坤,耿魁. 支持高并发的Hadoop高性能加密方法研究[J]. 通信学报, 2019, 40(12): 29-40. |
[4] | 郭晓勇,付安民,况博裕,丁纬佳. 基于收敛加密的云安全去重与完整性审计系统[J]. 通信学报, 2017, 38(Z2): 156-163. |
[5] | 沙乐天,肖甫,陈伟,孙晶,王汝传. 基于多属性决策及污点跟踪的大数据平台敏感信息泄露感知方法[J]. 通信学报, 2017, 38(7): 56-69. |
[6] | 熊金波,李凤华,王彦超,马建峰,姚志强. 基于密码学的云数据确定性删除研究进展[J]. 通信学报, 2016, 37(8): 167-184. |
[7] | 钟晓睿,马春光. 基于动态累加器的异构传感网认证组密钥管理方案[J]. 通信学报, 2014, 35(3): 124-134. |
[8] | 钟晓睿1,马春光1,2. 基于动态累加器的异构传感网认证组密钥管理方案[J]. 通信学报, 2014, 35(3): 14-134. |
[9] | 梁鹏,沈昌祥,宁振虎. 云计算下可信虚拟群体内访问控制研究[J]. 通信学报, 2013, 34(Z1): 27-215. |
[10] | 梁鹏,沈昌祥,宁振虎. 云计算下可信虚拟群体内访问控制研究[J]. 通信学报, 2013, 34(Z1): 207-215. |
[11] | 关志涛,徐月,伍军. 传感器网络中基于三元多项式的密钥管理方案[J]. 通信学报, 2013, 34(12): 71-78. |
[12] | 温涛,张永,郭权,李凤坤. WSN中同构模型下动态组密钥管理方案[J]. 通信学报, 2012, 33(6): 164-173. |
[13] | 王潮,胡广跃,张焕国. 无线传感器网络的轻量级安全体系研究[J]. 通信学报, 2012, 33(2): 30-35. |
[14] | 陈曦,李光松,田有亮,马建峰. 机会网络中基于社会属性的按需密钥管理方案[J]. 通信学报, 2012, 33(12): 93-99. |
[15] | 韩磊,刘吉强,韩臻,魏学业. 移动ad hoc网络预分配非对称密钥管理方案[J]. 通信学报, 2012, 33(10): 26-34. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|