基于教育云平台数据分类分级体系的访问控制模型  被引量：5

作　　者：范新民 林晖[2,3] 陈圣楠 陈恩生 Fan Xinmin;Lin Hui;Chen Shengnan;Chen Ensheng(Network and Data Center,Fujian Normal University,Fuzhou 350117;College of Computer and Cyber Security,Fujian Normal University,Fuzhou 350117;University Engineering Research Center of Cyber Security and Education Informatization in Fujian Province,Fuzhou 350117)

机构地区：[1]福建师范大学网络与数据中心,福州350117 [2]福建师范大学计算机与网络空间安全学院,福州350117 [3]网络安全与教育信息化福建省高校工程研究中心,福州350117

出　　处：《信息安全研究》2022年第4期400-407,共8页Journal of Information Security Research

基　　金：国家自然科学基金项目(U1905211);福建省科技项目(2021L3032);福建省自然科学基金项目(2020J01169);福建省中青年教师教育科研项目(JAT200071)。

摘　　要：教育云平台是教育数字化建设的重要基础设施之一,其核心是通过统一来自不同部门和机构的业务数据消除信息孤岛,避免信息系统的重复建设.然而,教育云平台在实现数据共享的同时,也因其自身的开放性和动态性严重影响了数据资源安全.针对教育云平台中的数据管控,提出一种基于数据分类分级体系的访问控制模型.该模型综合考虑了数据分类、安全等级、生命周期和敏感性等安全特性,为数据打上多维度安全标签;将安全标签与基于角色的访问控制策略融合,通过粗粒度过滤和细粒度控制的2级授权集中管理数据权限.经原型系统验证,该模型能有效实现云平台中数据的受限共享,防止用户越权操作.The education cloud platform is one of the key infrastructures for education digitization construction.It unifies business data from different departments and organizations to eliminate information silos and reduce the redundant construction of information systems.However,although the education cloud platform realizes data sharing,it also seriously influences the security of data resources because of its open and dynamic characteristics.Considering the data management and control of the education cloud platform,this paper proposes an access control model based on data classification and grading system.The model comprehensively considers the security factors such as data class,security grade,life cycle and sensitive level,and tags the data from multidimension views.The secure tag is integrated with the role-based access control policy to construct a two-stage authorization model of coarse-grained filtering and fine-grained control for managing data.The prototype system proves that the proposed model can restrict data sharing and prevent users from over-privileged manipulation.

关 键 词：云平台 数据安全 访问控制模型 数据分类分级 安全标签 RBAC 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]