计算机科学 ›› 2020, Vol. 47 ›› Issue (6A): 400-403.doi: 10.11896/JsJkx.191000066

• 信息安全 • 上一篇    下一篇

基于TFR 模型的公安云平台数据分级分类安全访问控制模型研究

顾荣杰, 吴治平, 石焕   

  1. 公安部第三研究所 上海 201204
  • 发布日期:2020-07-07
  • 通讯作者: 吴治平(zhiping.wu@aliyun.com)
  • 作者简介:rongJiegu@vip.163.com

New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model

GU Rong-Jie, WU Zhi-ping and SHI Huan   

  1. The Third Research Institute of the Ministry of Public Security,Shanghai 201204,China
  • Published:2020-07-07
  • About author:GU Rong-Jie, born in 1977, Ph.D, professor.His main research interests include network security, massive information processing and police informatization.
    WU Zhi-ping, born in 1985, postgra-duate, assistant professor.His main research interests include police informatization, access control, and database security.

摘要: 近年来,公安大数据建设不断提速,各地数据中心的统一建设带来敏感数据的高度集中,涉及国家安全和公民个人信息的泄露和违规使用的风险急剧上升。在数据加密存储、角色访问控制等传统方法的基础上,提出了一种新的基于数据治理属性分级分类的访问控制模型。通过对数据敏感性、人员、数据进行分级分类,该模型实现了基于数据表、字段、数据记录级别的分层控制,有利于实现灵活度更高、颗粒度更细的公安敏感数据的分级分类精准访问授权控制,可有效应用于当前智慧公安大数据云平台数据访问安全控制体系的构建。该模型已实际应用于部分地区的智慧公安建设中,并取得了较好的成效。

关键词: 大数据, 分级分类访问控制, 公安云, 敏感数据, 授权访问

Abstract: In recent years,the development of big data for public security is accelerating.The unified construction of public security data centers around the country has brought about high centralization of sensitive data,thus the risk of leakage of information regarding national security and illegal use of personal information is sharply increasing.On the basis of traditional data security protection methods such as data encryption and role-based access control,this paper presents a new access control model based on data grade and classification.Based on the grading and classification of data sensitivity,personnel and data,this model can achieve hierarchical control based on the level of data table,data field and data record,which is helpful to achieve precise access authorization control of grading and classification for sensitive public security data with higher flexibility and finer granularity,and can be effectively applied to the construction of data access security control system of modern big data cloud platform for smart public security.This model has been applied to the construction of smart public security in some areas and has achieved satisfied results.

Key words: Authorized access, Big data, Graded and classified access control, Public security cloud, Sensitive data

中图分类号: 

  • TP391
[1] Sohu News.The Ministry of Public Security established the Leading Group for the National Big Data Work in Public Security.http://news.cyol.com/yuanchuang/2018-01/25/content_16901261.htm.
[2] Sohu News.The National Meeting of Directors of Public Security was convened:focus on the development of big data in public security.http://www.sohu.com/a/291349459_653639.
[3] Sohu News.Hot news interpretation | The Ministry of Public Security:Six Key Tasks in the Construction of ‘Smart Public Security’.http://www.sohu.com/a/291349459_653639.
[4] HONG F.Introduction to Access Control.Wuhan:Huazhong University of Science and Technology Press,2010.
[5] SANDHU R S,COYNE E J,FEINSTEIN H L,et al.RoleBased Access Control Models.IEEE Computer,1996,29(2):38-47.
[6] SANDHU R S,FERRAIOLO D F,KUHN D R.The NIST model for role-based access control:towards a unified standard//ACM Workshop on Role-Based Access Control.ACM SIGSAC,2000:47-63.
[7] OSBORN S L.Role-based access control:past,present and future//International Conference on Privacy,Security and Trust:Bridge the Gap Between PST Technologies and Business Services.ACM,2006:4.
[8] SERVOS D,OSBORN S L.Current Research and Open Problems in Attribute-Based Access Control.ACM Computing Survey,2017,49(4):65:1-65:45.
[1] 陈晶, 吴玲玲.
多源异构环境下的车联网大数据混合属性特征检测方法
Mixed Attribute Feature Detection Method of Internet of Vehicles Big Datain Multi-source Heterogeneous Environment
计算机科学, 2022, 49(8): 108-112. https://doi.org/10.11896/jsjkx.220300273
[2] 何强, 尹震宇, 黄敏, 王兴伟, 王源田, 崔硕, 赵勇.
基于大数据的进化网络影响力分析研究综述
Survey of Influence Analysis of Evolutionary Network Based on Big Data
计算机科学, 2022, 49(8): 1-11. https://doi.org/10.11896/jsjkx.210700240
[3] 孙轩, 王焕骁.
政务大数据安全防护能力建设:基于技术和管理视角的探讨
Capability Building for Government Big Data Safety Protection:Discussions from Technologicaland Management Perspectives
计算机科学, 2022, 49(4): 67-73. https://doi.org/10.11896/jsjkx.211000010
[4] 王美珊, 姚兰, 高福祥, 徐军灿.
面向医疗集值数据的差分隐私保护技术研究
Study on Differential Privacy Protection for Medical Set-Valued Data
计算机科学, 2022, 49(4): 362-368. https://doi.org/10.11896/jsjkx.210300032
[5] 王俊, 王修来, 庞威, 赵鸿飞.
面向科技前瞻预测的大数据治理研究
Research on Big Data Governance for Science and Technology Forecast
计算机科学, 2021, 48(9): 36-42. https://doi.org/10.11896/jsjkx.210500207
[6] 余乐章, 夏天宇, 荆一楠, 何震瀛, 王晓阳.
面向大数据分析的智能交互向导系统
Smart Interactive Guide System for Big Data Analytics
计算机科学, 2021, 48(9): 110-117. https://doi.org/10.11896/jsjkx.200900083
[7] 王立梅, 朱旭光, 汪德嘉, 张勇, 邢春晓.
基于深度学习的民事案件判决结果分类方法研究
Study on Judicial Data Classification Method Based on Natural Language Processing Technologies
计算机科学, 2021, 48(8): 80-85. https://doi.org/10.11896/jsjkx.210300130
[8] 王雪岑, 张昱, 刘迎婕, 于戈.
基于表示学习的在线学习交互质量评价方法
Evaluation of Quality of Interaction in Online Learning Based on Representation Learning
计算机科学, 2021, 48(2): 207-211. https://doi.org/10.11896/jsjkx.201000042
[9] 滕建, 滕飞, 李天瑞.
基于3D卷积和LSTM编码解码的出行需求预测
Travel Demand Forecasting Based on 3D Convolution and LSTM Encoder-Decoder
计算机科学, 2021, 48(12): 195-203. https://doi.org/10.11896/jsjkx.210400022
[10] 张育龙, 王强, 陈明康, 孙静涛.
图像去雨算法在云物联网应用中的研究综述
Survey of Intelligent Rain Removal Algorithms for Cloud-IoT Systems
计算机科学, 2021, 48(12): 231-242. https://doi.org/10.11896/jsjkx.201000055
[11] 曹萌, 于洋, 梁英, 史红周.
基于区块链的大数据交易关键技术与发展趋势
Key Technologies and Development Trends of Big Data Trade Based on Blockchain
计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163
[12] 刘亚臣, 黄雪莹.
卫星监测时空大数据蠕变特征提取及预警算法
Research on Creep Feature Extraction and Early Warning Algorithm Based on Satellite MonitoringSpatial-Temporal Big Data
计算机科学, 2021, 48(11A): 258-264. https://doi.org/10.11896/jsjkx.201000071
[13] 张光君, 张翔.
应用“大数据+区块链”优化立法评估制度的机理与路径
Mechanism and Path of Optimizing Institution of Legislative Evaluation by Applying “Big Data+Blockchain”
计算机科学, 2021, 48(10): 324-333. https://doi.org/10.11896/jsjkx.201200105
[14] 叶雅珍, 刘国华, 朱扬勇.
数据产品流通的两阶段授权模式
Two-step Authorization Pattern of Data Product Circulation
计算机科学, 2021, 48(1): 119-124. https://doi.org/10.11896/jsjkx.191100217
[15] 赵会群, 吴凯锋.
一种大数据估价算法
Big Data Valuation Algorithm
计算机科学, 2020, 47(9): 110-116. https://doi.org/10.11896/jsjkx.191000156
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!