高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

一种支持更新操作的数据空间访问控制方法

潘颖 元昌安 李文敬 程茂华

downloadPDF
文章导航 > 电子与信息学报  > 2016 >  38(8): 1935-1941
潘颖, 元昌安, 李文敬, 程茂华. 一种支持更新操作的数据空间访问控制方法[J]. 电子与信息学报, 2016, 38(8): 1935-1941. doi: 10.11999/JEIT151212
引用本文: 潘颖, 元昌安, 李文敬, 程茂华. 一种支持更新操作的数据空间访问控制方法[J]. 电子与信息学报, 2016, 38(8): 1935-1941. doi: 10.11999/JEIT151212
shu
PAN Ying, YUAN Chang'an, LI Wenjing, CHENG Maohua. Access Control Method for Supporting Update Operations in Dataspace[J]. Journal of Electronics & Information Technology, 2016, 38(8): 1935-1941. doi: 10.11999/JEIT151212
Citation: PAN Ying, YUAN Chang'an, LI Wenjing, CHENG Maohua. Access Control Method for Supporting Update Operations in Dataspace[J]. Journal of Electronics & Information Technology, 2016, 38(8): 1935-1941. doi: 10.11999/JEIT151212
shu

一种支持更新操作的数据空间访问控制方法

doi: 10.11999/JEIT151212
基金项目: 

国家自然科学基金(61363074),广西自然科学基金(2013GXNSFAA019346),广西教育厅科研项目(2013YB148)

Access Control Method for Supporting Update Operations in Dataspace

Funds: 

The National Natural Science Foundation of China (61363074), The Natural Science Foundation of Guangxi Province of China (2013GXNSFAA019346), The Scientific Research Fund of Guangxi Education Department of China (2013YB148)

    摘要
  • 摘要: 数据空间是一种新型的数据管理方式,能够以pay-as-you-go模式管理海量、动态、异构的数据。然而,由于数据空间环境下数据的动态演化、数据描述的细粒度和极松散性等原因,难于构建有效的访问控制机制。该文提出一个针对数据空间环境下极松散结构模型,重点支持更新操作的细粒度和动态的访问控制框架。首先定义更新操作集用于数据空间的数据更新,提出支持更新操作的映射方法,可将动态数据映射到关系数据库中;给出支持更新操作权限的数据空间访问控制规则的定义,并分析与关系数据库的访问控制规则二者转换的一致性;然后提出具有可靠性和完备性的访问请求动态重写算法,该算法根据用户的读/写访问请求检索相关访问控制规则,使用相关权限信息重写访问请求,从而实现支持动态更新的细粒度数据空间访问控制。理论和实验证明该框架是可行和有效的。
    Abstract: Dataspace is a new type of data management, which can manage the mass, heterogeneous, and dynamic data in a pay-as-you-go fashion. However, it is difficult to construct an effective access control mechanism in dataspace environment, because of the data dynamic evolution, the fine-grained and extremely loose data description. A fine-grained and dynamic access control mechanism supporting secure updates is presented in this paper for very loosely structured data model which is commonly used in dataspace. Firstly, a set of update operations are defined for modifying data in the dataspace, and the mapping functions are provided for mapping the updates data into relational databases. Secondly, the fine-grained access control rule supporting secure updates is given, and the consistency of the conversion between this rule and relational database access control rule is analyzed. Thirdly, an access request rewriting algorithm, which is sound and complete, is also presented for dynamically controlling read/write access to the data. The algorithm retrieves the related access control rules based on user's access request, and then rewrites the request by utilizing the relevant authority. Finally, the validity of the work in this paper is proved by the theory and the experiment.
    • HTML全文
    • 参考文献(25)
  • MARX V. Biology: The big challenges of big data[J]. Nature, 2013, 498(7453): 255-260.
    NGUYEN Q V H, NGUYEN T T, MIKLS Z, et al. Pay-as-you-go reconciliation in schema matching networks[C]. International Conference on Data Engineering (ICDE). Chicago, IL, USA, 2014: 220-231.
    HALEVY A, FRANKLIN M, and MAIER D. Principles of dataspace systems[C]. Proceedings of the 25th ACM
    SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems(PODS). Chicago, IL, USA, 2006: 1-9.
    李玉坤, 孟小峰, 张相於. 数据空间技术研究[J]. 软件学报, 2008, 19(8): 2018-2031.
    LI Yukun, MENG Xiaofeng, and ZHANG Xiangyu. Research on dataspace[J]. Journal of Software, 2008, 19(8): 2018-2031.
    潘颖, 汤庸, 刘海. 基于关系数据库的极松散结构数据模型的访问控制研究[J]. 电子学报, 2012, 40(3): 600-606.
    PAN Ying, TANG Yong, and LIU Hai. Access control in very loosely structured data model using relational databases[J]. Acta Electronica Sinica, 2012, 40(3): 600-606.
    LALLALI S, ANCIAUX N, SANDU POPA I, et al. A secure search engine for the personal cloud[C]. Proceedings of the ACM SIGMOD International Conference on Management of Data. Melbourne, VIC, Australia, 2015: 1445-1450.
    ELSAYED I, LUDESCHER T, SCHWARZ K, et al. Towards realization of scientific dataspaces for the breath gas analysis research community[C]. CEUR Workshop Proceedings, Temuco, Chile, 2009: 1-8.
    JIN Lei, ZHANG Yawei, and YE Xiaojun. An extensible data model with security support for dataspace management[C]. Proceedings of the 10th International Conference on High Performance Computing and Communications (HPCC). Dalian, China, 2008: 556-563.
    DITTRICH J P and SALLES M A V. iDM: a unified and versatile data model for personal dataspace management[C]. Proceedings of the 32nd International Conference on Very Large Data Bases. Seoul, Korea, 2006: 367-378.
    LIM C H, PARK S, and SON S H. Access control of XML documents considering update operations[C]. Proceedings of the ACM Workshop on XML Security. ACM, Fairfax, VA, USA, 2003: 49-59.
    FUNDULAKI I and MANETH S. Formalizing XML access control for update operations[C]. Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. Sophia Antipolis, France, 2007: 169-174.
    JACQUEMARD F and RUSINOWITCH M. Rewrite-based verification of XML updates[C]. Proceedings of the 12thInternational ACM SIGPLAN Symposium on Principles and Practice of Declarative Programming. Hagenberg, Austria, 2010: 119-130.
    BRAVO L, CHENEY J, FUNDULAKI I, et al. Consistency and repair for XML write-access control policies[J]. The VLDB Journal, 2012, 21(6): 843-867.
    MIRABI M, IBRAHIM H, FATHI L, et al. A dynamic compressed accessibility map for secure XML querying and updating[J]. Journal of Information Science and Engineering, 2015, 31(1): 59-93.
    SAYAH T, COQUERY E, THION R, et al. Inference Leakage Detection for Authorization Policies over RDF Data[M]. Data and Applications Security and Privacy. Berlin, Germany, Springer International Publishing, 2015: 346-361.
    RACHAPALLI J, KHADILKAR V, KANTARCIOGLU M, et al. Towards fine grained RDF access control[C]. Proceedings of the 19th ACM Symposium on Access Control Models and Technologies. London, ON, Canada, 2014: 165-176.
    付东来, 彭新光, 杨玉丽. 基于可信平台模块的外包数据安全访问方案[J]. 电子与信息学报, 2013, 35(7): 1766-1773. doi: 10.3724/SP.J.1146.2012.01321.
    FU Donglai, PENG Xinguang, and YANG Yuli. Trusted platform module-based scheme for secure access to outsourced data[J]. Journal of Electronics Information Technology, 2013, 35(7): 1766-1773. doi: 10.3724/SP.J.1146. 2012.01321.
    刘西蒙, 马建峰, 熊金波, 等. 云计算环境下基于属性的可净化签名方案[J]. 电子与信息学报, 2014, 36(7): 1749-1754. doi: 10.3724/SP.J.1146.2013.01154.
    LIU Ximeng, MA Jianfeng, XIONG Jinbo, et al. Attribute based sanitizable signature scheme in cloud computing[J]. Journal of Electronics Information Technology, 2014, 36(7): 1749-1754. doi: 10.3724/SP.J.1146.2013.01154.
    EL-AZIZ A, AHMED A E A, and KANNAN A. XML access control: mapping XACML Policies to relational database tables[J]. International Arab Journal of Information Technology, 2014, 11(6): 532-539.
    PAPAKON STANTINOU V, MICHOU M, FUNDULAKI I, et al. Access control for RDF graphs using abstract models[C]. Proceedings of the 17th ACM Symposium on Access Control Models and Technologies. Newark, NJ, USA, 2012: 103-112.
    • 相关文章
    • 施引文献
  • 资源附件(0)
  • 加载中
计量
  • 文章访问数:  967
  • HTML全文浏览量:  100
  • PDF下载量:  347
  • 被引次数: 0
出版历程
  • 收稿日期:  2015-11-03
  • 修回日期:  2016-03-25
  • 刊出日期:  2016-08-19

目录

    /

    返回文章
    返回

    Copyright © 2018《电子与信息学报》编辑部 京ICP备20021838号-8

    中国科学院电子学研究所,北京市2702信箱,邮编:100190

    电话:010-58887066传真:021-64253812Email:jeit@mail.ie.ac.cn

    本系统由 北京仁和汇智信息技术有限公司 开发    百度统计