大数据环境下基于用户属性的细粒度访问控制  被引量:12

User attribute-based fine grained access control for big data

在线阅读下载全文

作  者:王嘉龙 台宪青 马治杰 WANG Jia-long;TAI Xian-qing;MA Zhi-jie(Research Center for Data and Service,Research and Development Center for Internet of Things,Chinese Academy of Sciences,Wuxi 214135,China;School of Microelectronics,University of Chinese Academy of Sciences,Beijing 101407,China;Laboratory of Geospatial Information Systems,Institute of Electronics,Chinese Academy of Sciences,Suzhou 215121,China)

机构地区:[1]中国科学院物联网研究发展中心数据与服务研发中心,江苏无锡214135 [2]中国科学院大学微电子学院,北京101407 [3]中国科学院电子学研究所苏州研究院地理空间信息系统研究室,江苏苏州215121

出  处:《计算机工程与设计》2020年第7期1801-1808,共8页Computer Engineering and Design

基  金:中国科学院战略性先导科技专项(A类)基金项目(XDA19080201)。

摘  要:为解决大数据环境下统一授权管理的问题,分析开源组件Apache Ranger的模型与授权方式,综合考虑授权用户数量、策略管理难度等问题,提出基于用户属性的访问控制模型。将CP-ABE算法引入Ranger原生访问控制模型中,通过算法的加、解密为Ranger策略添加访问控制树,实现用户属性级别的授权和基于用户可变属性的动态访问控制。通过开发原型系统,实现权限管理、用户管理、属性管理等功能。在实验部分,通过对不同量级用户进行访问控制,验证模型的有效性。To solve the problem of unified authorization management of big data,the model and authorization method of open source software Apache Ranger were analyzed,and factors such as the number of authorized users and the difficulty of policy management were also taken into consideration,a user attribute-based access control model was proposed.The ciphertext policy attribute based encryption(CP-ABE)algorithm was introduced into the Ranger native access control model,and access control tree was added into Ranger policy using encryption and decryption of the algorithm,which realized user attribute level authorization and dynamic access control based on variable user attributes.By developing the prototype system,authorization management,user management and attribute management were realized.In the experimental part,the validity of the model was verified by access control for users of different magnitudes.

关 键 词:大数据 统一授权 用户属性 访问控制树 权限管理 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象