摘要
访问控制是保护信息系统数据安全的重要手段。但是大数据服务环境下,数据呈现分布式的特点。如何有效解决复杂用户多数据资源域的访问,是大数据安全的重要研究方向。针对这一问题,在深入分析大数据环境下访问控制技术的基础上,提出了一种基于细粒度访问控制的大数据安全防护方法。该方法采用基于属性的访问控制模型,解决了用户认证、域定位、访问决策以及模块关联的问题,实现了细粒度数据及服务的访问。在提出基本模型之上,结合实际的应用场景需求,给出了单域和跨域两个场景中的访问决策模型。详细描述了模型及决策算法,并给出了多域属性表同步方法。实验结果表明,该模型实现了细粒度访问,能够有效保护大数据环境下的数据安全,并且能够实现快速决策,高效访问。
Access control is an important way to protect data security of information system.However,in the context of big data services,data is distributed.How to effectively solve the access of multiple data resource domains of complex users is an important research direction of big data security.Aiming at this problem,we put forward a big data security protection based on fine-grained access control by the in-depth analysis of access control technology in big data environment.The method adopts an attribute-based access control model to solve the problems of user authentication,domain location,access decision and module association,and achieves fine-grained data and service access.On the basis of the proposed basic model,combined with the actual application scenario requirements,the access decision model in the single domain and cross-domain scenarios is given.We describe the model and decision algorithm in detail,and give a multi-domain attribute table synchronization method.The experiment shows that the model can achieve fine-grained access,effectively protect data security in big data environment,and can achieve fast decision making and efficient access.
作者
王继业
范永
余文豪
韩丽芳
WANG Ji-ye;FAN Yong;YU Wen-hao;HAN Li-fang(China Electric Power Research Institute,Beijing 100192,China)
出处
《计算机技术与发展》
2019年第10期134-140,共7页
Computer Technology and Development
基金
国家电网公司总部科技项目(JS71-16-005)
关键词
大数据
信息安全
访问控制
属性
细粒度
big data
information security
access control
attribute
fine-grained
