一种支持更新操作的数据空间访问控制方法

doi:10.11999/JEIT151212

摘要
图/表
参考文献(20)
相关文章 (11)

全文: PDF (447 KB)
输出: BibTeX | EndNote (RIS)

摘要

数据空间是一种新型的数据管理方式，能够以“pay-as-you-go”模式管理海量、动态、异构的数据。然而，由于数据空间环境下数据的动态演化、数据描述的细粒度和极松散性等原因，难于构建有效的访问控制机制。该文提出一个针对数据空间环境下极松散结构模型，重点支持更新操作的细粒度和动态的访问控制框架。首先定义更新操作集用于数据空间的数据更新，提出支持更新操作的映射方法，可将动态数据映射到关系数据库中；给出支持更新操作权限的数据空间访问控制规则的定义，并分析与关系数据库的访问控制规则二者转换的一致性；然后提出具有可靠性和完备性的访问请求动态重写算法，该算法根据用户的读/写访问请求检索相关访问控制规则，使用相关权限信息重写访问请求，从而实现支持动态更新的细粒度数据空间访问控制。理论和实验证明该框架是可行和有效的。

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	潘颖
	元昌安
	李文敬
	程茂华

关键词 ：访问控制, 数据空间, Pay-as-you-go, 极松散结构

Abstract：

Dataspace is a new type of data management, which can manage the mass, heterogeneous, and dynamic data in a pay-as-you-go fashion. However, it is difficult to construct an effective access control mechanism in dataspace environment, because of the data dynamic evolution, the fine-grained and extremely loose data description. A fine-grained and dynamic access control mechanism supporting secure updates is presented in this paper for very loosely structured data model which is commonly used in dataspace. Firstly, a set of update operations are defined for modifying data in the dataspace, and the mapping functions are provided for mapping the updates data into relational databases. Secondly, the fine-grained access control rule supporting secure updates is given, and the consistency of the conversion between this rule and relational database access control rule is analyzed. Thirdly, an access request rewriting algorithm, which is sound and complete, is also presented for dynamically controlling read/write access to the data. The algorithm retrieves the related access control rules based on user's access request, and then rewrites the request by utilizing the relevant authority. Finally, the validity of the work in this paper is proved by the theory and the experiment.

Key words： Access control Dataspace Pay-as-you-go Very loosely structured

收稿日期: 2015-11-03 出版日期: 2016-05-05

PACS:

TP309

基金资助:

国家自然科学基金(61363074)，广西自然科学基金(2013GXNSFAA019346)，广西教育厅科研项目(2013YB148)

通讯作者: 潘颖：女，1972年生，教授，博士，硕士生导师，研究方向为大数据管理、信息安全. E-mail: panying@gxtc.edu.cn

作者简介: 潘颖：女，1972年生，教授，博士，硕士生导师，研究方向为大数据管理、信息安全. 元昌安：男，1964年生，教授，博士，硕士生导师，研究方向为数据库与知识工程、智能计算. 李文敬：男，1964年生，教授，硕士生导师，研究方向为数据库与知识工程、信息安全. 程茂华：男，1991年生，硕士生，研究方向为大数据管理、服务计算.

引用本文:

潘颖,元昌安,李文敬,程茂华. 一种支持更新操作的数据空间访问控制方法[J]. 电子与信息学报, 2016, 38(8): 1935-1941. PAN Ying, YUAN Chang'an, LI Wenjing, CHENG Maohua. Access Control Method for Supporting Update Operations in Dataspace. JEIT, 2016, 38(8): 1935-1941.

链接本文:

http://jeit.ie.ac.cn/CN/10.11999/JEIT151212 或 http://jeit.ie.ac.cn/CN/Y2016/V38/I8/1935

[1]	MARX V. Biology: The big challenges of big data[J]. Nature, 2013, 498(7453): 255-260.
[2]	NGUYEN Q V H, NGUYEN T T, MIKLÓS Z, et al. Pay-as-you-go reconciliation in schema matching networks[C]. International Conference on Data Engineering (ICDE). Chicago, IL, USA, 2014: 220-231.
[3]	HALEVY A, FRANKLIN M, and MAIER D. Principles of dataspace systems[C]. Proceedings of the 25th ACM
	SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems(PODS). Chicago, IL, USA, 2006: 1-9.
[4]	李玉坤, 孟小峰, 张相於. 数据空间技术研究[J]. 软件学报, 2008, 19(8): 2018-2031.
	LI Yukun, MENG Xiaofeng, and ZHANG Xiangyu. Research on dataspace[J]. Journal of Software, 2008, 19(8): 2018-2031.
[5]	潘颖, 汤庸, 刘海. 基于关系数据库的极松散结构数据模型的访问控制研究[J]. 电子学报, 2012, 40(3): 600-606.
	PAN Ying, TANG Yong, and LIU Hai. Access control in very loosely structured data model using relational databases[J]. Acta Electronica Sinica, 2012, 40(3): 600-606.
[6]	LALLALI S, ANCIAUX N, SANDU POPA I, et al. A secure search engine for the personal cloud[C]. Proceedings of the ACM SIGMOD International Conference on Management of Data. Melbourne, VIC, Australia, 2015: 1445-1450.
[7]	ELSAYED I, LUDESCHER T, SCHWARZ K, et al. Towards realization of scientific dataspaces for the breath gas analysis research community[C]. CEUR Workshop Proceedings, Temuco, Chile, 2009: 1-8.
[8]	JIN Lei, ZHANG Yawei, and YE Xiaojun. An extensible data model with security support for dataspace management[C]. Proceedings of the 10th International Conference on High Performance Computing and Communications (HPCC). Dalian, China, 2008: 556-563.
[9]	DITTRICH J P and SALLES M A V. iDM: a unified and versatile data model for personal dataspace management[C]. Proceedings of the 32nd International Conference on Very Large Data Bases. Seoul, Korea, 2006: 367-378.
[10]	LIM C H, PARK S, and SON S H. Access control of XML documents considering update operations[C]. Proceedings of the ACM Workshop on XML Security. ACM, Fairfax, VA, USA, 2003: 49-59.
[11]	FUNDULAKI I and MANETH S. Formalizing XML access control for update operations[C]. Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. Sophia Antipolis, France, 2007: 169-174.
[12]	JACQUEMARD F and RUSINOWITCH M. Rewrite-based verification of XML updates[C]. Proceedings of the 12thInternational ACM SIGPLAN Symposium on Principles and Practice of Declarative Programming. Hagenberg, Austria, 2010: 119-130.
[13]	BRAVO L, CHENEY J, FUNDULAKI I, et al. Consistency and repair for XML write-access control policies[J]. The VLDB Journal, 2012, 21(6): 843-867.
[14]	MIRABI M, IBRAHIM H, FATHI L, et al. A dynamic compressed accessibility map for secure XML querying and updating[J]. Journal of Information Science and Engineering, 2015, 31(1): 59-93.
[15]	SAYAH T, COQUERY E, THION R, et al. Inference Leakage Detection for Authorization Policies over RDF Data[M]. Data and Applications Security and Privacy. Berlin, Germany, Springer International Publishing, 2015: 346-361.
[16]	RACHAPALLI J, KHADILKAR V, KANTARCIOGLU M, et al. Towards fine grained RDF access control[C]. Proceedings of the 19th ACM Symposium on Access Control Models and Technologies. London, ON, Canada, 2014: 165-176.
[17]	付东来, 彭新光, 杨玉丽. 基于可信平台模块的外包数据安全访问方案[J]. 电子与信息学报, 2013, 35(7): 1766-1773. doi: 10.3724/SP.J.1146.2012.01321.
	FU Donglai, PENG Xinguang, and YANG Yuli. Trusted platform module-based scheme for secure access to outsourced data[J]. Journal of Electronics & Information Technology, 2013, 35(7): 1766-1773. doi: 10.3724/SP.J.1146. 2012.01321.
[18]	刘西蒙, 马建峰, 熊金波, 等. 云计算环境下基于属性的可净化签名方案[J]. 电子与信息学报, 2014, 36(7): 1749-1754. doi: 10.3724/SP.J.1146.2013.01154.
	LIU Ximeng, MA Jianfeng, XIONG Jinbo, et al. Attribute based sanitizable signature scheme in cloud computing[J]. Journal of Electronics & Information Technology, 2014, 36(7): 1749-1754. doi: 10.3724/SP.J.1146.2013.01154.
[19]	EL-AZIZ A, AHMED A E A, and KANNAN A. XML access control: mapping XACML Policies to relational database tables[J]. International Arab Journal of Information Technology, 2014, 11(6): 532-539.
[20]	PAPAKON STANTINOU V, MICHOU M, FUNDULAKI I, et al. Access control for RDF graphs using abstract models[C]. Proceedings of the 17th ACM Symposium on Access Control Models and Technologies. Newark, NJ, USA, 2012: 103-112.