Big Data Access Control Mechanism Based on Two-Layer Permission Decision Structure  

作　　者：Aodi Liu Na Wang Xuehui Du Dibin Shan Xiangyu Wu Wenjuan Wang 

机构地区：[1]He’nan Province Key Laboratory of Information Security,Information Engineering University,Zhengzhou,450000,China

出　　处：《Computers, Materials & Continua》2024年第4期1705-1726,共22页计算机、材料和连续体（英文）

基　　金：Key Research and Development and Promotion Program of Henan Province(No.222102210069);Zhongyuan Science and Technology Innovation Leading Talent Project(224200510003);National Natural Science Foundation of China(No.62102449).

摘　　要：Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policymanagement efficiency and difficulty in accurately describing the access control policy. To overcome theseproblems, this paper proposes a big data access control mechanism based on a two-layer permission decisionstructure. This mechanism extends the attribute-based access control (ABAC) model. Business attributes areintroduced in the ABAC model as business constraints between entities. The proposed mechanism implementsa two-layer permission decision structure composed of the inherent attributes of access control entities and thebusiness attributes, which constitute the general permission decision algorithm based on logical calculation andthe business permission decision algorithm based on a bi-directional long short-term memory (BiLSTM) neuralnetwork, respectively. The general permission decision algorithm is used to implement accurate policy decisions,while the business permission decision algorithm implements fuzzy decisions based on the business constraints.The BiLSTM neural network is used to calculate the similarity of the business attributes to realize intelligent,adaptive, and efficient access control permission decisions. Through the two-layer permission decision structure,the complex and diverse big data access control management requirements can be satisfied by considering thesecurity and availability of resources. Experimental results show that the proposed mechanism is effective andreliable. In summary, it can efficiently support the secure sharing of big data resources.

关 键 词：Big data access control data security BiLSTM 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]