面向间接依赖的数据起源过滤方法  被引量：7

作　　者：孙连山[1] 欧阳晓通 徐艳艳 王艺星[1] SUN Lian-shan;OUYANG Xiao-tong;XU Yan-yan;WANG Yi-xing(College of Electrical & Information Engineering,Shaanxi University of Science & Technology,Xi’an 710021,China)

机构地区：[1]陕西科技大学电气与信息工程学院,西安710021

出　　处：《计算机科学》2019年第3期164-169,共6页Computer Science

基　　金：国家自然科学青年基金资助项目(61202019);陕西省教育厅自然科学专项(17JK0087)资助。

摘　　要：起源过滤是改造起源图,隐藏起源图中所蕴含的敏感信息的新兴技术。然而,现有的起源过滤研究大多关注节点过滤问题,很少关注边过滤问题,尚未关注并解决间接依赖过滤问题。首先,结合实例阐明过滤间接依赖的动机以及保持溯源效用的挑战,并形式地定义起源间接依赖过滤的目标和约束。其次,扩展针对边的"删除+修复"过滤机制,提出一种面向间接依赖的过滤方法。该方法采用最小代价决策法和贪婪算法设计删除策略,断开与间接依赖对应的所有连通路径,通过在被破坏的非敏感间接依赖端点之间引入非确定依赖关系来修复过滤视图的效用。最后,采用在线开放起源数据集开展模拟实验。实验结果表明,所提方法能在过滤敏感间接依赖的同时保持过滤视图的效用。Provenance sanitization is a new technology that aims at producing secure provenance views by hiding or redacting sensitive nodes,edges or even indirect dependencies in a provenance graph.However,existing research works mostly focus on sanitizing nodes,rarely on sanitizing edges,not on sanitizing indirect dependencies.To this end,this paper first exemplified the motivations and analyzed the challenges of sanitizing indirect dependencies while keeping utility of provenance views,and formally defined goals and constraints of sanitizing indirect dependencies.Second,this paper proposed a novel mechanism for sanitizing indirect dependencies on the basis of the “Delete+Repair” mechanism for direct dependency in literature.The proposed mechanism includes both deletion rules and repairing rules.Deletion rules specify what edges can be deleted for breaking all connected paths among two end nodes of a sensitive indirect depen- dency while minimizing the sanitization cost.Repairing rules specify what uncertain dependencies can be added for improving the utility of the sanitized provenance views harmed by applying deletion rules.Finally,a comprehensive sanitization algorithm for sanitizing indirect dependency was implemented and experiments was conducted upon an online open dataset.The experiments results show that the proposed approach can effectively sanitize indirect dependencies while preserving utility of the sanitized provenance view.

关 键 词：PROV数据模型 数据起源 信息安全 起源过滤 间接依赖 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]