面向個人隱私泄露的訪問控制及應用研究
發(fā)布時間:2019-06-19 20:53
【摘要】:傳統(tǒng)的訪問控制難以約束授權用戶的惡意行為,使得采用這種訪問控制機制的數(shù)據(jù)存儲平臺面臨著隱私泄露的風險。另外,隨著大數(shù)據(jù)的迅猛發(fā)展,Hadoop平臺已成為當下最流行的大數(shù)據(jù)處理平臺之一,它采用的Kerberos機制進行訪問控制同樣面臨著隱私泄露的風險。本文主要研究基于風險的動態(tài)訪問控制以及對Hadoop平臺訪問控制機制的改進,并實現(xiàn)了一種基于Hadoop平臺的面向個人隱私保護的風險訪問控制模型。具體研究內容可分為下面三部分:(1)提出了一種基于風險的訪問控制模型。該模型通過對主體和客體標簽的設定,考慮用戶后期行為的風險性,根據(jù)用戶的歷史行為記錄構造信息熵風險值函數(shù),并進一步建立風險值波動追蹤鏈以及風險閾值的動態(tài)分配函數(shù),從而通過風險值及其波動幅度動態(tài)調整用戶的訪問權限。(2)詳細地分析了Hadoop大數(shù)據(jù)平臺現(xiàn)有的基于Kerberos的訪問控制模型,即HDFS訪問策略和YARN訪問策略,指出了其訪問控制機制存在的隱私泄露問題:認證令牌中用戶持有masterKey可以訪問不屬于自己訪問權限范圍內的數(shù)據(jù)以及授權令牌的明文傳輸容易泄露個人隱私。本文基于細粒度訪問控制改進認證令牌(Delegation_Token),并通過對稱加密來對授權令牌(Block_Access_Token)的傳輸進行加密。(3)對隱私保護風險訪問控制系統(tǒng)進行了設計和實現(xiàn),并根據(jù)醫(yī)療數(shù)據(jù)的隱私保護場景設計了整體風險訪問控制框架架構;然后基于Oozie、Spark Streaming等技術對整個系統(tǒng)進行了實現(xiàn);最后,基于誠實和好奇醫(yī)生的訪問行為記錄,比較雙方的風險值并對系統(tǒng)的整體性能進行測試。
[Abstract]:Traditional access control is difficult to restrain the malicious behavior of authorized users, which makes the data storage platform using this access control mechanism face the risk of privacy disclosure. In addition, with the rapid development of big data, Hadoop platform has become one of the most popular big data processing platforms, and its Kerberos mechanism for access control is also facing the risk of privacy disclosure. This paper mainly studies the dynamic access control based on risk and the improvement of access control mechanism on Hadoop platform, and implements a risk access control model for personal privacy protection based on Hadoop platform. The specific research contents can be divided into the following three parts: (1) A risk-based access control model is proposed. By setting the subject and object tags and considering the risk of the user's later behavior, the model constructs the information entropy risk value function according to the user's historical behavior record, and further establishes the risk value fluctuation tracking chain and the dynamic distribution function of the risk threshold. Thus, the access rights of users are adjusted dynamically by the risk value and its fluctuation range. (2) the existing Kerberos-based access control models of Hadoop big data platform, that is, HDFS access policy and YARN access policy, are analyzed in detail. The privacy disclosure problem of its access control mechanism is pointed out: in the authentication token, the user can access the data that does not fall within the scope of his own access authority and the clear text transmission of the authorization token is easy to divulge personal privacy. In this paper, the transmission of authorization token (Block_Access_Token) is encrypted by symmetric encryption based on fine-granularity access control improved authentication token (Delegation_Token). (3) the privacy protection risk access control system is designed and implemented, and the overall risk access control framework is designed according to the privacy protection scenario of medical data, and then the whole system is implemented based on Oozie,Spark Streaming and other technologies. Finally, based on the visit behavior records of honest and curious doctors, the risk values of both sides are compared and the overall performance of the system is tested.
【學位授予單位】:貴州大學
【學位級別】:碩士
【學位授予年份】:2016
【分類號】:TP309
,
本文編號:2502635
[Abstract]:Traditional access control is difficult to restrain the malicious behavior of authorized users, which makes the data storage platform using this access control mechanism face the risk of privacy disclosure. In addition, with the rapid development of big data, Hadoop platform has become one of the most popular big data processing platforms, and its Kerberos mechanism for access control is also facing the risk of privacy disclosure. This paper mainly studies the dynamic access control based on risk and the improvement of access control mechanism on Hadoop platform, and implements a risk access control model for personal privacy protection based on Hadoop platform. The specific research contents can be divided into the following three parts: (1) A risk-based access control model is proposed. By setting the subject and object tags and considering the risk of the user's later behavior, the model constructs the information entropy risk value function according to the user's historical behavior record, and further establishes the risk value fluctuation tracking chain and the dynamic distribution function of the risk threshold. Thus, the access rights of users are adjusted dynamically by the risk value and its fluctuation range. (2) the existing Kerberos-based access control models of Hadoop big data platform, that is, HDFS access policy and YARN access policy, are analyzed in detail. The privacy disclosure problem of its access control mechanism is pointed out: in the authentication token, the user can access the data that does not fall within the scope of his own access authority and the clear text transmission of the authorization token is easy to divulge personal privacy. In this paper, the transmission of authorization token (Block_Access_Token) is encrypted by symmetric encryption based on fine-granularity access control improved authentication token (Delegation_Token). (3) the privacy protection risk access control system is designed and implemented, and the overall risk access control framework is designed according to the privacy protection scenario of medical data, and then the whole system is implemented based on Oozie,Spark Streaming and other technologies. Finally, based on the visit behavior records of honest and curious doctors, the risk values of both sides are compared and the overall performance of the system is tested.
【學位授予單位】:貴州大學
【學位級別】:碩士
【學位授予年份】:2016
【分類號】:TP309
,
本文編號:2502635
本文鏈接:http://www.sikaile.net/kejilunwen/ruanjiangongchenglunwen/2502635.html
最近更新
教材專著
