Abstract:Big data technology is getting more and more attention and is used more and more widely. It also led to concerns for the security of big data. Among all the security issues, this paper focuses on the problem of finegrained access control and audit management in the context of big data. Starting from the characteristics of 4V and distributed application of big data, this paper analyzes why previous access control methods couldnt adapt to the security requirements of big data, and proposes the basedonbehavior whole process finegrained access control and audit management solutions under the circumstances of big data, utilizing the 4A and security agent technology, as well as ABAC access control mechanism. The combination of inside and outside, realized in the big data environment, based on the behavior of the whole process management of finegrained access control and auditing of the solution.
[1]百度百科[EB]. [20170420]. http:baike.baidu.comitem大数据1356941[2]2014年全球“大数据”白皮书[EB]. [20170420]. https:wenku.baidu.comview6a2f494ec5da50e2524d7fcc.html[3]国务院关于印发促进大数据发展行动纲要的通知 国发[2015]50号[EB]. [20170420]. http:www.gov.cnzhengcecontent20150905content_10137.htm[4]CSA. Top Ten Big Data Security and Privacy Challenges[R]. Piscataway, NJ: IEEE, 2014[5]杨战海. 基于Kerberos协议的用户到用户认证系统的研究[J]. 计算机技术与发展, 2010 (10): 180188[6]陈垚坤, 尹香兰, 刘文丽. 大数据环境下访问控制模型适用性研究[J]. 网络空间安全, 2016 (7): 35[7]Ferraiolo D F, Kuhn D R. Rolebased access control[C] Proc of the 15th National Computer Security Conf. 1992: 554563[8]Sandhu R, Coyne E, Feinstein H, et al. Rolebased access control models[J]. IEEE Computer, 1996, 29(2): 3847[9]Lampson B. Protection[J]. Operating Systems Review, 1974, 8(1): 1819[10]Graham G, Denning P. Protection: Principles and practice[C] Proc of the 1972 Spring Joint Computer Conf on American Federation of Information Processing Societies (AFIPS). 1972: 417429[11]田峰, 蔡嘉勇, 王恒毅, 等. 中国移动业务支撑网4A安全技术规范总册[S]. 北京: 中国移动通信集团公司, 2014[12]平源. 基于支持向量机的聚类及文本分类研究[D]. 北京: 北京邮电大学, 2012[13]Agrawal R, Haas P J, Kiernan J. Watermarking relational data: Framework, algorithms and analysis[J]. The International Journal on Very Large Data Bases, 2003, 12(2): 157169[14]Agrawal R, Kiernan J. Watermarking relational databases[C] Proc of the 28th Int Conf on Very Large Data Bases (VLDB02). 2002: 155166[15]Guo Fei, Wang Jianmin, Li Deyi. Fingerprinting relational databases[C] Proc of the 2006 ACM Symp on Applied Computing (SAC06). 2006: 487492[16]Lowe D G. Distinctive image features from scaleInvariant keypoints[J]. International Journal of Computer Vision, 2004, 60(2): 91110[17]Sahai A, Waters B. Fuzzy identitybased encryption[C] Proc of the 24th Annual Int Conf on the Theoryand Applications of Cryptographic Techniques. 2005: 457473[18]Goyal V, Pandey O, Sahai A, et al. Attribut based encryption for fine grained access control of encrypted data[C] Proc of the 13th ACM Conf Computer and Communications Security (CCS). 2006: 8998[19]Li F H, Wang W, Ma J F, et al. Actionbased access control model[J]. Chinese of Journal Electronics, 2008, 17(3): 396401[20]李凤华, 王巍, 马建峰, 等. 基于行为的访问控制模型及其行为管理[J]. 电子学报, 2008, 36(10): 18811890[21]陈凯, 郎波. 面向分层式资源的基于属性的访问控制方法[J]. 计算机工程, 2010, 36(7): 132135[22]IBM网站. 大数据安全性和审计[EB]. [20170420]. http:www.ibm.comdeveloperworkscndatalibrarytecharticledm1210bigdatasecurity