大数据环境下细粒度的访问控制与审计管理

摘要
图/表
参考文献
相关文章 (15)

全文: PDF (2431 KB) HTML (1 KB)
输出: BibTeX | EndNote (RIS)

摘要大数据技术越来越被重视，应用也越来越广，同时也引发了大家对大数据安全的关注.在众多安全问题中，重点讨论大数据环境下细粒度的访问控制与审计管理的问题，从大数据的4V和分布式应用的特征入手，分析了以往访问控制方式无法适应大数据的安全需求，从而提出利用4A和安全探针技术，以及ABAC的访问控制机制，以内外相结合的方式，实现了在大数据环境中基于行为的全过程细粒度的访问控制与审计管理的解决方案.

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	张锐卿

关键词 ：大数据, 细粒度, 访问控制, 4A, 审计

Abstract：Big data technology is getting more and more attention and is used more and more widely. It also led to concerns for the security of big data. Among all the security issues, this paper focuses on the problem of finegrained access control and audit management in the context of big data. Starting from the characteristics of 4V and distributed application of big data, this paper analyzes why previous access control methods couldnt adapt to the security requirements of big data, and proposes the basedonbehavior whole process finegrained access control and audit management solutions under the circumstances of big data, utilizing the 4A and security agent technology, as well as ABAC access control mechanism. The combination of inside and outside, realized in the big data environment, based on the behavior of the whole process management of finegrained access control and auditing of the solution.

Key words： big data finegrained access control 4A audit

收稿日期: 2017-06-19 出版日期: 2017-06-19

通讯作者: 张锐卿 E-mail: zhang_ruiqing@topsec.com.cn

作者简介: 学士，主要研究方向为大数据与大数据安全、云计算、网络安全.

引用本文:

张锐卿. 大数据环境下细粒度的访问控制与审计管理[J]. 信息安全研究, 2017, 3(6): 509-516.

链接本文:

http://ris.sic.gov.cn/CN/ 或 http://ris.sic.gov.cn/CN/Y2017/V3/I6/509

［1］百度百科［EB］. ［20170420］. http:baike.baidu.comitem大数据1356941［2］2014年全球“大数据”白皮书［EB］. ［20170420］. https:wenku.baidu.comview6a2f494ec5da50e2524d7fcc.html［3］国务院关于印发促进大数据发展行动纲要的通知国发［2015］50号［EB］. ［20170420］. http:www.gov.cnzhengcecontent20150905content_10137.htm［4］CSA. Top Ten Big Data Security and Privacy Challenges［R］. Piscataway, NJ: IEEE, 2014［5］杨战海. 基于Kerberos协议的用户到用户认证系统的研究［J］. 计算机技术与发展, 2010 (10): 180188［6］陈垚坤, 尹香兰, 刘文丽. 大数据环境下访问控制模型适用性研究［J］. 网络空间安全, 2016 (7): 35［7］Ferraiolo D F, Kuhn D R. Rolebased access control［C］ Proc of the 15th National Computer Security Conf. 1992: 554563［8］Sandhu R, Coyne E, Feinstein H, et al. Rolebased access control models［J］. IEEE Computer, 1996, 29(2): 3847［9］Lampson B. Protection［J］. Operating Systems Review, 1974, 8(1): 1819［10］Graham G, Denning P. Protection: Principles and practice［C］ Proc of the 1972 Spring Joint Computer Conf on American Federation of Information Processing Societies (AFIPS). 1972: 417429［11］田峰, 蔡嘉勇, 王恒毅, 等. 中国移动业务支撑网4A安全技术规范总册［S］. 北京: 中国移动通信集团公司, 2014［12］平源. 基于支持向量机的聚类及文本分类研究［D］. 北京: 北京邮电大学, 2012［13］Agrawal R, Haas P J, Kiernan J. Watermarking relational data: Framework, algorithms and analysis［J］. The International Journal on Very Large Data Bases, 2003, 12(2): 157169［14］Agrawal R, Kiernan J. Watermarking relational databases［C］ Proc of the 28th Int Conf on Very Large Data Bases (VLDB02). 2002: 155166［15］Guo Fei, Wang Jianmin, Li Deyi. Fingerprinting relational databases［C］ Proc of the 2006 ACM Symp on Applied Computing (SAC06). 2006: 487492［16］Lowe D G. Distinctive image features from scaleInvariant keypoints［J］. International Journal of Computer Vision, 2004, 60(2): 91110［17］Sahai A, Waters B. Fuzzy identitybased encryption［C］ Proc of the 24th Annual Int Conf on the Theoryand Applications of Cryptographic Techniques. 2005: 457473［18］Goyal V, Pandey O, Sahai A, et al. Attribut based encryption for fine grained access control of encrypted data［C］ Proc of the 13th ACM Conf Computer and Communications Security (CCS). 2006: 8998［19］Li F H, Wang W, Ma J F, et al. Actionbased access control model［J］. Chinese of Journal Electronics, 2008, 17(3): 396401［20］李凤华, 王巍, 马建峰, 等. 基于行为的访问控制模型及其行为管理［J］. 电子学报, 2008, 36(10): 18811890［21］陈凯, 郎波. 面向分层式资源的基于属性的访问控制方法［J］. 计算机工程, 2010, 36(7): 132135［22］IBM网站. 大数据安全性和审计［EB］. ［20170420］. http:www.ibm.comdeveloperworkscndatalibrarytecharticledm1210bigdatasecurity