Fine-Grained Access Control and Audit Management in Big Data Environment

Abstract

Abstract: Big data technology is getting more and more attention and is used more and more widely. It also led to concerns for the security of big data. Among all the security issues, this paper focuses on the problem of finegrained access control and audit management in the context of big data. Starting from the characteristics of 4V and distributed application of big data, this paper analyzes why previous access control methods couldnt adapt to the security requirements of big data, and proposes the basedonbehavior whole process finegrained access control and audit management solutions under the circumstances of big data, utilizing the 4A and security agent technology, as well as ABAC access control mechanism. The combination of inside and outside, realized in the big data environment, based on the behavior of the whole process management of finegrained access control and auditing of the solution.

Key words: big data, finegrained, access control, 4A, audit

摘要： 大数据技术越来越被重视，应用也越来越广，同时也引发了大家对大数据安全的关注.在众多安全问题中，重点讨论大数据环境下细粒度的访问控制与审计管理的问题，从大数据的4V和分布式应用的特征入手，分析了以往访问控制方式无法适应大数据的安全需求，从而提出利用4A和安全探针技术，以及ABAC的访问控制机制，以内外相结合的方式，实现了在大数据环境中基于行为的全过程细粒度的访问控制与审计管理的解决方案.

关键词: 大数据, 细粒度, 访问控制, 4A, 审计

张锐卿. 大数据环境下细粒度的访问控制与审计管理[J]. 信息安全研究, 2017, 3(6): 509-516.

References

［1］百度百科［EB］. ［20170420］. http:baike.baidu.comitem大数据1356941［2］2014年全球“大数据”白皮书［EB］. ［20170420］. https:wenku.baidu.comview6a2f494ec5da50e2524d7fcc.html［3］国务院关于印发促进大数据发展行动纲要的通知国发［2015］50号［EB］. ［20170420］. http:www.gov.cnzhengcecontent20150905content_10137.htm［4］CSA. Top Ten Big Data Security and Privacy Challenges［R］. Piscataway, NJ: IEEE, 2014［5］杨战海. 基于Kerberos协议的用户到用户认证系统的研究［J］. 计算机技术与发展, 2010 (10): 180188［6］陈垚坤, 尹香兰, 刘文丽. 大数据环境下访问控制模型适用性研究［J］. 网络空间安全, 2016 (7): 35［7］Ferraiolo D F, Kuhn D R. Rolebased access control［C］ Proc of the 15th National Computer Security Conf. 1992: 554563［8］Sandhu R, Coyne E, Feinstein H, et al. Rolebased access control models［J］. IEEE Computer, 1996, 29(2): 3847［9］Lampson B. Protection［J］. Operating Systems Review, 1974, 8(1): 1819［10］Graham G, Denning P. Protection: Principles and practice［C］ Proc of the 1972 Spring Joint Computer Conf on American Federation of Information Processing Societies (AFIPS). 1972: 417429［11］田峰, 蔡嘉勇, 王恒毅, 等. 中国移动业务支撑网4A安全技术规范总册［S］. 北京: 中国移动通信集团公司, 2014［12］平源. 基于支持向量机的聚类及文本分类研究［D］. 北京: 北京邮电大学, 2012［13］Agrawal R, Haas P J, Kiernan J. Watermarking relational data: Framework, algorithms and analysis［J］. The International Journal on Very Large Data Bases, 2003, 12(2): 157169［14］Agrawal R, Kiernan J. Watermarking relational databases［C］ Proc of the 28th Int Conf on Very Large Data Bases (VLDB02). 2002: 155166［15］Guo Fei, Wang Jianmin, Li Deyi. Fingerprinting relational databases［C］ Proc of the 2006 ACM Symp on Applied Computing (SAC06). 2006: 487492［16］Lowe D G. Distinctive image features from scaleInvariant keypoints［J］. International Journal of Computer Vision, 2004, 60(2): 91110［17］Sahai A, Waters B. Fuzzy identitybased encryption［C］ Proc of the 24th Annual Int Conf on the Theoryand Applications of Cryptographic Techniques. 2005: 457473［18］Goyal V, Pandey O, Sahai A, et al. Attribut based encryption for fine grained access control of encrypted data［C］ Proc of the 13th ACM Conf Computer and Communications Security (CCS). 2006: 8998［19］Li F H, Wang W, Ma J F, et al. Actionbased access control model［J］. Chinese of Journal Electronics, 2008, 17(3): 396401［20］李凤华, 王巍, 马建峰, 等. 基于行为的访问控制模型及其行为管理［J］. 电子学报, 2008, 36(10): 18811890［21］陈凯, 郎波. 面向分层式资源的基于属性的访问控制方法［J］. 计算机工程, 2010, 36(7): 132135［22］IBM网站. 大数据安全性和审计［EB］. ［20170420］. http:www.ibm.comdeveloperworkscndatalibrarytecharticledm1210bigdatasecurity

[1]	. The Application of VM’network Interface Card Substantialization in Security Protection of Private Clouds [J]. Journal of Information Security Research, 2021, 7(3): 275-280.
[2]	. A Scheme Based on CPK Role Access Control [J]. Journal of Information Security Research, 2021, 7(2): 184-189.
[3]	. Design and Implementation of Access Control Hybrid Model Based on Feature Analysis [J]. Journal of Information Security Research, 2021, 7(1): 4-14.
[4]	. A Study of Big Data Platform Architecture to Address Cybersecurity Protection and Defense [J]. Journal of Information Security Research, 2021, 7(1): 75-80.
[5]	. Research and application of remote mobile office security standard [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[6]	. Application of Situation Awareness in E-government Information Security [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[7]	. Research on Cloud Security System Based on Big Data Security Technology [J]. Journal of Information Security Research, 2020, 6(5): 404-420.
[8]	. Research on The Harm of Data Hegemony to Countries and Individuals and The Countermeasures [J]. Journal of Information Security Research, 2020, 6(5): 448-453.
[9]	. Analysis of China's Personal Information Rrights Protection System in the Era of Big Data Based on the Background of Government Data Fusion [J]. Journal of Information Security Research, 2020, 6(12): 1088-1100.
[10]	. Research and implementation of IoT card security risk monitoring system based on machine learning algorithm [J]. Journal of Information Security Research, 2020, 6(12): 1133-1138.
[11]	. Application Research of Zero Trust Architecture [J]. Journal of Information Security Research, 2020, 6(11): 0-0.
[12]	. Multi-dimensional Account Management and Control System Based on Risk Assessment [J]. Journal of Information Security Research, 2020, 6(11): 0-0.
[13]	. IntelligenceDriven Network Security Vulnerability Management in the Big Data Environment [J]. Journal of Information Security Research, 2020, 6(1): 85-90.
[14]	. Quantitative Research on Privacy Risk of LargeScale Mobile Users [J]. Journal of Information Security Research, 2019, 5(9): 778-788.
[15]	. Research on Data Monopoly and Its Governance Modes [J]. Journal of Information Security Research, 2019, 5(9): 789-797.