一種支持更新操作的數(shù)據(jù)空間訪問(wèn)控制方法

潘穎; 元昌安; 李文敬; 程茂華

doi:10.11999/JEIT151212

一種支持更新操作的數(shù)據(jù)空間訪問(wèn)控制方法

doi: 10.11999/JEIT151212

基金項(xiàng)目:

國(guó)家自然科學(xué)基金(61363074)，廣西自然科學(xué)基金(2013GXNSFAA019346)，廣西教育廳科研項(xiàng)目(2013YB148)

計(jì)量
- 文章訪問(wèn)數(shù): 1058
- HTML全文瀏覽量: 121
- PDF下載量: 347
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2015-11-03
- 修回日期: 2016-03-25
- 刊出日期: 2016-08-19

Access Control Method for Supporting Update Operations in Dataspace

Funds:

The National Natural Science Foundation of China (61363074), The Natural Science Foundation of Guangxi Province of China (2013GXNSFAA019346), The Scientific Research Fund of Guangxi Education Department of China (2013YB148)

摘要

摘要: 數(shù)據(jù)空間是一種新型的數(shù)據(jù)管理方式，能夠以pay-as-you-go模式管理海量、動(dòng)態(tài)、異構(gòu)的數(shù)據(jù)。然而，由于數(shù)據(jù)空間環(huán)境下數(shù)據(jù)的動(dòng)態(tài)演化、數(shù)據(jù)描述的細(xì)粒度和極松散性等原因，難于構(gòu)建有效的訪問(wèn)控制機(jī)制。該文提出一個(gè)針對(duì)數(shù)據(jù)空間環(huán)境下極松散結(jié)構(gòu)模型，重點(diǎn)支持更新操作的細(xì)粒度和動(dòng)態(tài)的訪問(wèn)控制框架。首先定義更新操作集用于數(shù)據(jù)空間的數(shù)據(jù)更新，提出支持更新操作的映射方法，可將動(dòng)態(tài)數(shù)據(jù)映射到關(guān)系數(shù)據(jù)庫(kù)中；給出支持更新操作權(quán)限的數(shù)據(jù)空間訪問(wèn)控制規(guī)則的定義，并分析與關(guān)系數(shù)據(jù)庫(kù)的訪問(wèn)控制規(guī)則二者轉(zhuǎn)換的一致性；然后提出具有可靠性和完備性的訪問(wèn)請(qǐng)求動(dòng)態(tài)重寫算法，該算法根據(jù)用戶的讀/寫訪問(wèn)請(qǐng)求檢索相關(guān)訪問(wèn)控制規(guī)則，使用相關(guān)權(quán)限信息重寫訪問(wèn)請(qǐng)求，從而實(shí)現(xiàn)支持動(dòng)態(tài)更新的細(xì)粒度數(shù)據(jù)空間訪問(wèn)控制。理論和實(shí)驗(yàn)證明該框架是可行和有效的。
- 訪問(wèn)控制 /
- 數(shù)據(jù)空間 /
- Pay-as-you-go /
- 極松散結(jié)構(gòu)
Abstract: Dataspace is a new type of data management, which can manage the mass, heterogeneous, and dynamic data in a pay-as-you-go fashion. However, it is difficult to construct an effective access control mechanism in dataspace environment, because of the data dynamic evolution, the fine-grained and extremely loose data description. A fine-grained and dynamic access control mechanism supporting secure updates is presented in this paper for very loosely structured data model which is commonly used in dataspace. Firstly, a set of update operations are defined for modifying data in the dataspace, and the mapping functions are provided for mapping the updates data into relational databases. Secondly, the fine-grained access control rule supporting secure updates is given, and the consistency of the conversion between this rule and relational database access control rule is analyzed. Thirdly, an access request rewriting algorithm, which is sound and complete, is also presented for dynamically controlling read/write access to the data. The algorithm retrieves the related access control rules based on user's access request, and then rewrites the request by utilizing the relevant authority. Finally, the validity of the work in this paper is proved by the theory and the experiment.
- Access control /
- Dataspace /
- Pay-as-you-go /
- Very loosely structured

HTML全文

參考文獻(xiàn)(25)

MARX V. Biology: The big challenges of big data[J]. Nature, 2013, 498(7453): 255-260.

NGUYEN Q V H, NGUYEN T T, MIKLS Z, et al. Pay-as-you-go reconciliation in schema matching networks[C]. International Conference on Data Engineering (ICDE). Chicago, IL, USA, 2014: 220-231.

HALEVY A, FRANKLIN M, and MAIER D. Principles of dataspace systems[C]. Proceedings of the 25th ACM

SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems(PODS). Chicago, IL, USA, 2006: 1-9.

李玉坤, 孟小峰, 張相於. 數(shù)據(jù)空間技術(shù)研究[J]. 軟件學(xué)報(bào), 2008, 19(8): 2018-2031.

LI Yukun, MENG Xiaofeng, and ZHANG Xiangyu. Research on dataspace[J]. Journal of Software, 2008, 19(8): 2018-2031.

潘穎, 湯庸, 劉海. 基于關(guān)系數(shù)據(jù)庫(kù)的極松散結(jié)構(gòu)數(shù)據(jù)模型的訪問(wèn)控制研究[J]. 電子學(xué)報(bào), 2012, 40(3): 600-606.

PAN Ying, TANG Yong, and LIU Hai. Access control in very loosely structured data model using relational databases[J]. Acta Electronica Sinica, 2012, 40(3): 600-606.

LALLALI S, ANCIAUX N, SANDU POPA I, et al. A secure search engine for the personal cloud[C]. Proceedings of the ACM SIGMOD International Conference on Management of Data. Melbourne, VIC, Australia, 2015: 1445-1450.

ELSAYED I, LUDESCHER T, SCHWARZ K, et al. Towards realization of scientific dataspaces for the breath gas analysis research community[C]. CEUR Workshop Proceedings, Temuco, Chile, 2009: 1-8.

JIN Lei, ZHANG Yawei, and YE Xiaojun. An extensible data model with security support for dataspace management[C]. Proceedings of the 10th International Conference on High Performance Computing and Communications (HPCC). Dalian, China, 2008: 556-563.

DITTRICH J P and SALLES M A V. iDM: a unified and versatile data model for personal dataspace management[C]. Proceedings of the 32nd International Conference on Very Large Data Bases. Seoul, Korea, 2006: 367-378.

LIM C H, PARK S, and SON S H. Access control of XML documents considering update operations[C]. Proceedings of the ACM Workshop on XML Security. ACM, Fairfax, VA, USA, 2003: 49-59.

FUNDULAKI I and MANETH S. Formalizing XML access control for update operations[C]. Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. Sophia Antipolis, France, 2007: 169-174.

JACQUEMARD F and RUSINOWITCH M. Rewrite-based verification of XML updates[C]. Proceedings of the 12thInternational ACM SIGPLAN Symposium on Principles and Practice of Declarative Programming. Hagenberg, Austria, 2010: 119-130.

BRAVO L, CHENEY J, FUNDULAKI I, et al. Consistency and repair for XML write-access control policies[J]. The VLDB Journal, 2012, 21(6): 843-867.

MIRABI M, IBRAHIM H, FATHI L, et al. A dynamic compressed accessibility map for secure XML querying and updating[J]. Journal of Information Science and Engineering, 2015, 31(1): 59-93.

SAYAH T, COQUERY E, THION R, et al. Inference Leakage Detection for Authorization Policies over RDF Data[M]. Data and Applications Security and Privacy. Berlin, Germany, Springer International Publishing, 2015: 346-361.

RACHAPALLI J, KHADILKAR V, KANTARCIOGLU M, et al. Towards fine grained RDF access control[C]. Proceedings of the 19th ACM Symposium on Access Control Models and Technologies. London, ON, Canada, 2014: 165-176.

付東來(lái), 彭新光, 楊玉麗. 基于可信平臺(tái)模塊的外包數(shù)據(jù)安全訪問(wèn)方案[J]. 電子與信息學(xué)報(bào), 2013, 35(7): 1766-1773. doi: 10.3724/SP.J.1146.2012.01321.

FU Donglai, PENG Xinguang, and YANG Yuli. Trusted platform module-based scheme for secure access to outsourced data[J]. Journal of Electronics Information Technology, 2013, 35(7): 1766-1773. doi: 10.3724/SP.J.1146. 2012.01321.

劉西蒙, 馬建峰, 熊金波, 等. 云計(jì)算環(huán)境下基于屬性的可凈化簽名方案[J]. 電子與信息學(xué)報(bào), 2014, 36(7): 1749-1754. doi: 10.3724/SP.J.1146.2013.01154.

LIU Ximeng, MA Jianfeng, XIONG Jinbo, et al. Attribute based sanitizable signature scheme in cloud computing[J]. Journal of Electronics Information Technology, 2014, 36(7): 1749-1754. doi: 10.3724/SP.J.1146.2013.01154.

EL-AZIZ A, AHMED A E A, and KANNAN A. XML access control: mapping XACML Policies to relational database tables[J]. International Arab Journal of Information Technology, 2014, 11(6): 532-539.

PAPAKON STANTINOU V, MICHOU M, FUNDULAKI I, et al. Access control for RDF graphs using abstract models[C]. Proceedings of the 17th ACM Symposium on Access Control Models and Technologies. Newark, NJ, USA, 2012: 103-112.

相關(guān)文章

施引文獻(xiàn)

資源附件(0)

訪問(wèn)統(tǒng)計(jì)