机构地区:[1]复旦大学计算机科学技术学院,上海200433 [2]第二军医大学第三附属医院信息科,上海200438
出 处:《计算机学报》2010年第8期1339-1348,共10页Chinese Journal of Computers
基 金:高等学校博士学科点专项科研基金(200802461146);国家科技重大专项(2008ZX10002-018)资助~~
摘 要:基于purpose的查询技术是关系数据库对隐私数据访问控制的基础,目前大多数研究都仅仅关注在独立隐私保护数据库环境下,如何建立有效的基于purpose的隐私数据访问控制模型.但随着分布应用整合和数据共享需求的日益增长,如何合并独立应用下基于purpose访问控制模型的问题就应运而生.为解决这一问题,文章提出了多应用系统集成环境下基于融合purpose的隐私数据访问控制实现机制.文章首先分析了由于合并独立purpose模型而引起的潜在隐私数据查询泄漏,提出了合并后的purpose树是一棵隐私泄漏风险树,并给出了树结点隐私风险度的计算模型.其次,将隐私泄漏风险树分解成一棵所有结点风险度为0的风险平衡树以及一组由风险度不为0的结点组成的风险路径.这样,一个查询可被改写为先对风险平衡purpose树的查询,再对风险路径查询,以此达到隐私泄漏风险最小的安全查询结果.文章给出了3组实验的结果:(1)对于同一用户同一查询,在不同purpose模型下的查询时间比较.文章提出的模型并没有在查询时间上带来更大的开销.(2)对RPPAAC模型防止隐私数据泄漏的有效性验证.文中的模型可降低由应用整合引起访问控制机制不平衡所带来的隐私数据泄漏风险.(3)不同情况下purpose融合的执行时间比较.文章与相关研究的不同之处是将purpose作为隐私数据的载体、purpose树的路径作为隐私数据的传递通道,引入了显性隐私度和隐性隐私度的计算模型,评估基于一个purpose查询可能带来的隐私泄漏风险,进而提出了多应用系统集成环境下基于融合purpose的隐私数据访问控制实现机制.The purpose based query technology is the basis of the privacy-aware data access control in relational databases.Most researches focus on how to effectively build a purpose based privacy-aware data access control mechanism for an independent privacy-preserving database system.However,with the popularity of application integration and data sharing,how to merge the purpose based access control mechanisms in different applications and systems becomes a key issue.To address the problem,this paper presents the purpose fusion based privacy-aware data access control mechanism for the integration of multiple applications and systems.It analyzes the potential leakage risks of privacy-aware data due to the fusion of multiple purposes,and evaluates the leakage risks of nodes by considering a merged purpose tree as the risk purpose tree.Then,it split the risk purpose tree into a risk balanced purpose tree with the privacy degree of 0 for all nodes,and a set of risking paths containing the nodes with non-zero privacy degrees.Therefore,a query can be answered by checking the risk balanced purpose tree and then the risking paths,thus safe query results can be obtained with minimized privacy leakage risks.Three sets of experimental results have been given in this paper:(1) the query time comparison between different purpose based models for a same user and query;The RPPAAC model presented in this paper does not lead to a larger time overhead;(2) validity checking for the RPPAAC model in terms of the disclosure of private data;(3) the comparison of execution time for purpose fusion in different instances.Different from related works,this paper considers purposes as the carrier of privacy-aware data,the paths of purpose tree as transmission channels of privacy-aware data,and by introducing the public risk and the hidden risk,it evaluates the potential leakage risks of privacy-ware data during query answering,and presents the purpose fusion based privacy-aware data access control mechanism for integrating multiple app
关 键 词:隐私 隐私保护数据库 PURPOSE 隐私度 访问控制
分 类 号:TP311[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
