面向个人隐私泄露的访问控制及应用研究
发布时间:2019-06-19 20:53
【摘要】:传统的访问控制难以约束授权用户的恶意行为,使得采用这种访问控制机制的数据存储平台面临着隐私泄露的风险。另外,随着大数据的迅猛发展,Hadoop平台已成为当下最流行的大数据处理平台之一,它采用的Kerberos机制进行访问控制同样面临着隐私泄露的风险。本文主要研究基于风险的动态访问控制以及对Hadoop平台访问控制机制的改进,并实现了一种基于Hadoop平台的面向个人隐私保护的风险访问控制模型。具体研究内容可分为下面三部分:(1)提出了一种基于风险的访问控制模型。该模型通过对主体和客体标签的设定,考虑用户后期行为的风险性,根据用户的历史行为记录构造信息熵风险值函数,并进一步建立风险值波动追踪链以及风险阈值的动态分配函数,从而通过风险值及其波动幅度动态调整用户的访问权限。(2)详细地分析了Hadoop大数据平台现有的基于Kerberos的访问控制模型,即HDFS访问策略和YARN访问策略,指出了其访问控制机制存在的隐私泄露问题:认证令牌中用户持有masterKey可以访问不属于自己访问权限范围内的数据以及授权令牌的明文传输容易泄露个人隐私。本文基于细粒度访问控制改进认证令牌(Delegation_Token),并通过对称加密来对授权令牌(Block_Access_Token)的传输进行加密。(3)对隐私保护风险访问控制系统进行了设计和实现,并根据医疗数据的隐私保护场景设计了整体风险访问控制框架架构;然后基于Oozie、Spark Streaming等技术对整个系统进行了实现;最后,基于诚实和好奇医生的访问行为记录,比较双方的风险值并对系统的整体性能进行测试。
[Abstract]:Traditional access control is difficult to restrain the malicious behavior of authorized users, which makes the data storage platform using this access control mechanism face the risk of privacy disclosure. In addition, with the rapid development of big data, Hadoop platform has become one of the most popular big data processing platforms, and its Kerberos mechanism for access control is also facing the risk of privacy disclosure. This paper mainly studies the dynamic access control based on risk and the improvement of access control mechanism on Hadoop platform, and implements a risk access control model for personal privacy protection based on Hadoop platform. The specific research contents can be divided into the following three parts: (1) A risk-based access control model is proposed. By setting the subject and object tags and considering the risk of the user's later behavior, the model constructs the information entropy risk value function according to the user's historical behavior record, and further establishes the risk value fluctuation tracking chain and the dynamic distribution function of the risk threshold. Thus, the access rights of users are adjusted dynamically by the risk value and its fluctuation range. (2) the existing Kerberos-based access control models of Hadoop big data platform, that is, HDFS access policy and YARN access policy, are analyzed in detail. The privacy disclosure problem of its access control mechanism is pointed out: in the authentication token, the user can access the data that does not fall within the scope of his own access authority and the clear text transmission of the authorization token is easy to divulge personal privacy. In this paper, the transmission of authorization token (Block_Access_Token) is encrypted by symmetric encryption based on fine-granularity access control improved authentication token (Delegation_Token). (3) the privacy protection risk access control system is designed and implemented, and the overall risk access control framework is designed according to the privacy protection scenario of medical data, and then the whole system is implemented based on Oozie,Spark Streaming and other technologies. Finally, based on the visit behavior records of honest and curious doctors, the risk values of both sides are compared and the overall performance of the system is tested.
【学位授予单位】:贵州大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP309
,
本文编号:2502635
[Abstract]:Traditional access control is difficult to restrain the malicious behavior of authorized users, which makes the data storage platform using this access control mechanism face the risk of privacy disclosure. In addition, with the rapid development of big data, Hadoop platform has become one of the most popular big data processing platforms, and its Kerberos mechanism for access control is also facing the risk of privacy disclosure. This paper mainly studies the dynamic access control based on risk and the improvement of access control mechanism on Hadoop platform, and implements a risk access control model for personal privacy protection based on Hadoop platform. The specific research contents can be divided into the following three parts: (1) A risk-based access control model is proposed. By setting the subject and object tags and considering the risk of the user's later behavior, the model constructs the information entropy risk value function according to the user's historical behavior record, and further establishes the risk value fluctuation tracking chain and the dynamic distribution function of the risk threshold. Thus, the access rights of users are adjusted dynamically by the risk value and its fluctuation range. (2) the existing Kerberos-based access control models of Hadoop big data platform, that is, HDFS access policy and YARN access policy, are analyzed in detail. The privacy disclosure problem of its access control mechanism is pointed out: in the authentication token, the user can access the data that does not fall within the scope of his own access authority and the clear text transmission of the authorization token is easy to divulge personal privacy. In this paper, the transmission of authorization token (Block_Access_Token) is encrypted by symmetric encryption based on fine-granularity access control improved authentication token (Delegation_Token). (3) the privacy protection risk access control system is designed and implemented, and the overall risk access control framework is designed according to the privacy protection scenario of medical data, and then the whole system is implemented based on Oozie,Spark Streaming and other technologies. Finally, based on the visit behavior records of honest and curious doctors, the risk values of both sides are compared and the overall performance of the system is tested.
【学位授予单位】:贵州大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP309
,
本文编号:2502635
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2502635.html
