微信服务号

微信订阅号

2025年7月18日 12:16 星期五
首页 > 过刊浏览>2019年第30卷第9期 >2636-2654. DOI:10.13328/j.cnki.jos.005771
PDF HTML阅读 XML下载 导出引用 引用提醒
基于区块链的大数据访问控制机制
作者:
作者简介:

刘敖迪(1992-),男,吉林舒兰人,博士生,主要研究领域为区块链安全,云计算安全,网络信息安全;王娜(1980-),女,博士,副教授,主要研究领域为云计算安全,网络与信息安全;杜学绘(1968-),女,博士,教授,博士生导师,主要研究领域为大数据安全,云计算安全,信息系统多级安全;李少卓(1995-),男,硕士生,主要研究领域为网络与信息安全.

通讯作者:

杜学绘,E-mail:dxh37139@sina.com

基金项目:

国家重点研发计划(2018YFB0803603,2016YFB0501901);国家自然科学基金(61802436);河南省自然科学基金(162300410334)


Blockchain-based Access Control Mechanism for Big Data
Author:
Fund Project:

National Key Research and Development Program of China (2018YFB0803603, 2016YFB0501901); National Natural Science Foundation of China (61802436); Natural Science Foundation of He'nan Province of China (162300410334)

  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [48]
    • |
  • 相似文献 [20]
    • | | |
  • 文章评论
    摘要:

    针对大数据资源来源广泛、动态性强且呈现出分布式管理的特点,当前主流集中式访问控制机制存在权限管理效率低、灵活性不足、扩展性差等不足.基于此,以ABAC模型为基础,提出一种基于区块链的大数据访问控制机制:首先,对区块链技术的基本原理进行描述,并对基于属性的访问控制模型进行形式化的定义;然后提出基于区块链技术的大数据访问控制架构,并对访问控制的基本框架与流程进行了详细的阐述与分析;同时,对基于区块链事务的访问控制策略及实体属性信息管理方法进行了说明,以此保证访问控制信息的不可篡改性、可审计性和可验证性;随后,采用基于智能合约的访问控制方法实现对大数据资源由用户驱动、全程透明、动态、自动化的访问控制;最后,通过仿真实验验证了该机制的有效性,并对该研究内容进行总结与展望.

    Abstract:

    In terms of the wide source, large dynamics, and distributed management characteristics of big data resources, the current mainstream centralized access control mechanisms have shortcomings, such as low efficiency, insufficient flexibility, and poor scalability. Therefore, this study proposes a blockchain-based big data access control mechanism based on the ABAC model. First, in this paper, the fundamental principle of blockchain technology is described and the attribute-based access control model is formalized. Then, big data access control architecture is presented based on blockchain technology, and the basic framework and flow of access control are analyzed. At the same time, to ensure the access control information is tamper-resistant, auditability, and verifiability, the transaction-based access control policy and entity attribute information management methods are also described in detail. In addition, a smart contract-based access control method is used to implement user-driven, transparent, dynamic, and automated access control for big data resources. Finally, simulation experiments validate the effectiveness of this mechanism, and then the views presented in this paper are summarized and prospected.

    参考文献
    [1] Dimitrov DV. Medical Internet of things and big data in healthcare. Healthc Inform Res, 2016,22(3):156-163.[doi:10.4258/hir. 2016.22.3.156]
    [2] Zhou K, Fu C, Yang S. Big data driven smart energy management:From big data to big insights. Renewable & Sustainable Energy Reviews, 2016,56:215-225.[doi:10.1016/j.rser.2015.11.050]
    [3] Cerchiello P, Giudici P. Big data analysis for financial risk management. Journal of Big Data, 2016,3(1):18.
    [4] Feng DG, Zhang M, Li H. Big data security and privacy protection. Chinese Journal of Computers, 2014,37(1):246-258(in Chinese with English abstract).[doi:10.3724/SP.J.1016.2014.00246]
    [5] Sandhu R. The future of access control:Attributes, automation and adaptation. In:Proc. of the IEEE Int'l Conf. on Information Reuse and Integration. 2013. xxiii-xxiv.[doi:10.1109/IRI.2013.6642437]
    [6] Meng XF, Ci X. Big data management:concepts, techniques and challenges. Journal of Computer Research and Development, 2013, 50(1):146-169(in Chinese with English abstract).
    [7] Li H, Zhang M, Feng DG, Hui Z. Research on access control of big data. Chinese Journal of Computers, 2017,40(1):72-91(in Chinese with English abstract).
    [8] Liu AD, Du XH, Wang N, Li SZ. Survey on information security techniques for blockchain technology. Ruan Jian Xue Bao/Journal of Software, 2018,29(7):2092-2115(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5589.htm
    [9] Yuan E, Tong J. Attributed based access control (ABAC) for Web services. In:Proc. of the IEEE Int'l Conf. on Web Services (ICWS 2005). 2005. 561-569.[doi:10.1109/ICWS.2005.25]
    [10] Fang L, Yin LH, Guo YC, Fang BX. A survey of key technologies in attribute-based access control scheme. Chinese Journal of Computers, 2017,40(7):1680-1698(in Chinese with English abstract).
    [11] Hui Z, Li H, Zhang M, Feng DG. Risk-Adaptive access control model for big data in healthcare. Journal on Communications, 2015, 36(12):190-199(in Chinese with English abstract).
    [12] Ray I, Kumar M, Yu L. LRBAC:A location-aware role-based access control model. In:Proc. of the Int'l Conf. on Information Systems Security. 2006. 147-161.[doi:10.1007/11961635_10]
    [13] Damiani ML, Bertino E, Catania B, et al. GEO-RBAC:A spatially aware RBAC. ACM Trans. on Information & System Security, 2007,10(1):2.[doi:10.1145/1210263.1210265]
    [14] Frank M, Buhman JM, Basin D. Role Mining with Probabilistic Models. ACM Press, 2013. 1-28.
    [15] Molloy I, Chen H, Li T, Wang Q, Li N, Bertino E, Calo S, Lobo J. Mining roles with semantic meanings. In:Proc. of the ACM Symp. on Access Control MODELS and Technologies (SACMAT 2008). 2008. 21-30.
    [16] Vaidya J, Atluri V, Guo Q. The role mining problem. ACM Trans. on Information & System Security, 2010,13(3):1-31.
    [17] Yang K, Jia X, Ren K. Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Trans. on Parallel & Distributed Systems, 2015,26(12):3461-3470.[doi:10.1109/TPDS.2014.2380373]
    [18] Yang K, Han Q, Li H, Zheng K, Su Z, Shen X. An efficient and fine-grained big data access control scheme with privacy-preserving policy. IEEE Internet of Things Journal, 2017,4(2):563-571.[doi:10.1109/JIOT.2016.2571718]
    [19] Cao ZF, Dong XL, Zhou J, Shen JC, Ning JT, Gong JQ. Research advances on big data security and privacy preserving. Journal of Computer Research and Development, 2016,53(10):2137-2151(in Chinese with English abstract).[doi:10.7544/issn1000-1239. 2016.20160684]
    [20] Li FH, Su M, Shi GZ, Ma JF. Research status and development trends of access control model. Acta Electronica Sinica, 2012,40(4):805-813(in Chinese with English abstract).
    [21] Joshi JBD, Bhatti R, Bertino E, et al. Access-Control language for multidomain environments. IEEE Internet Computing, 2004,8(6):40-50.[doi:10.1109/MIC.2004.53]
    [22] Lee HK, Luedemann H. Lightweight decentralized authorization model for inter-domain collaborations. In:Proc. of the ACM Workshop on Secure Web Services. 2007. 83-89.[doi:10.1145/1314418.1314431]
    [23] Maesa DDF, Mori P, Ricci L. Blockchain based access control. In:Proc. of the IFIP Int'l Conf. on Distributed Applications and Interoperable Systems. Springer-Verlag, 2017. 206-220.[doi:10.1007/978-3-319-59665-5_15]
    [24] Zyskind G, Nathan O, Pentland AS. Decentralizing privacy:Using blockchain to protect personal data. In:Proc. of the IEEE Security and Privacy Workshops. 2015. 180-184.[doi:10.1109/SPW.2015.27]
    [25] Ouaddah A, Elkalam AA, Ouahman AA. FairAccess:A new blockchain-based access control framework for the Internet of things. In:Proc. of the Security & Communication Networks. 2016. 9.[doi:10.1002/sec.1748]
    [26] Ouaddah A, Mousannif H, Elkalam AA, Ouahman AA. Access control in the Internet of things:Big challenges and new opportunities. Computer Networks, 2017,112:237-262.[doi:10.1016/j.comnet.2016.11.007]
    [27] Ouaddah A, Elkalam AA, Ouahman AA. Towards a Novel Privacy-Preserving Access Control Model Based on Blockchain Technology in IoT. Springer Int'l Publishing, 2017.[doi:10.1007/978-3-319-46568-5_53]
    [28] Ouaddah A, Bouij-Pasquier I, Elkalam AA, Ouahman AA. Security analysis and proposal of new access control model in the Internet of thing. In:Proc. of the Int'l Conf. on Electrical and Information Technologies. 2015. 30-35.[doi:10.1109/EITech.2015. 7162936]
    [29] Azaria A, Ekblaw A, Vieira T, et al. MedRec:Using blockchain for medical data access and permission management. In:Proc. of the Int'l Conf. on Open and Big Data. 2016. 25-30.[doi:10.1109/OBD.2016.11]
    [30] Ekblaw A, Azaria A, Halamka JD, Md, Lippman A. A case study for blockchain in healthcare:"MedRec" prototype for electronic health records and medical research data. Technical Report, 5-56-ONC, Massachu-setts Institute of Technology, 2016.
    [31] Christidis K, Devetsikiotis M. Blockchains and smart contracts for the Internet of things. IEEE Access, 2016,4:2292-2303.
    [32] Tapscott D, Tapscott A. Blockchain revolution:How the technology behind bitcoin is changing money. In:Proc. of the Business and the World. 2016.
    [33] Smart contracts. http://szabo.best.vwh.net/smart.contracts.html
    [34] Vitalikbuterin. Ethereum White Paper, 2013.
    [35] Chen GK, Yin XL, Liu WL. Access control model applicability for big data. Authentication and Confidentiality, 2016,7(7):3-5(in Chinese with English abstract).
    [36] Nakamoto S. Bitcoin:A peer-to-peer electronic cash system. 2008. https://bitcoin.org/en/bitcoin-paper
    [37] Ding W, Wang GC, Xu AD, Chen HJ, Hong C. Research on key technologies and information security issues of energy blockchain. Chinese Society for Electrical Engineering, 2018,38(4):1026-1034(in Chinese with English abstract).
    附中文参考文献:
    [4] 冯登国,张敏,李昊.大数据安全与隐私保护.计算机学报,2014,37(1):246-258.[doi:10.3724/SP.J.1016.2014.00246]
    [6] 孟小峰,慈祥.大数据管理:概念、技术与挑战.计算机研究与发展,2013,50(1):146-169.
    [7] 李昊,张敏,冯登国,惠榛.大数据访问控制研究.计算机学报,2017,40(1):72-91.
    [8] 刘敖迪,杜学绘,王娜,李少卓.区块链技术及其在信息安全领域的研究进展.软件学报,2018,29(7):2092-2115. http://www.jos.org.cn/1000-9825/5589.htm
    [10] 房梁,殷丽华,郭云川,方滨兴.基于属性的访问控制关键技术研究综述.计算机学报,2017,40(7):1680-1698.
    [11] 惠榛,李昊,张敏,冯登国.面向医疗大数据的风险自适应的访问控制模型.通信学报,2015,36(12):190-199.
    [19] 曹珍富,董晓蕾,周俊,沈佳辰,宁建廷,巩俊卿.大数据安全与隐私保护研究进展.计算机研究与发展,2016,53(10):2137-2151.[doi:10.1109/JIOT.2016.2571718]
    [20] 李凤华,苏铓,史国振,马建峰.访问控制模型研究进展及发展趋势.电子学报,2012,40(4):805-813.
    [35] 陈垚坤,尹香兰,刘文丽.大数据环境下访问控制模型适用性研究.信息安全与技术,2016,7(7):3-5.
    [37] 丁伟,王国成,许爱东,陈华军,洪超.能源区块链的关键技术及信息安全问题研究.中国电机工程学报,2018,38(4):1026-1034.
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

刘敖迪,杜学绘,王娜,李少卓.基于区块链的大数据访问控制机制.软件学报,2019,30(9):2636-2654

复制
分享
文章指标
  • 点击次数:6836
  • 下载次数: 11058
  • HTML阅读次数: 5543
  • 引用次数: 0
历史
  • 收稿日期:2018-06-09
  • 最后修改日期:2018-08-28
  • 在线发布日期: 2019-04-11
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第20255625位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号