计算机科学

计算机科学 ›› 2026, Vol. 53 ›› Issue (2): 187-195.doi: 10.11896/jsjkx.251000127

• 数据库&大数据&数据科学 • 上一篇    下一篇

基于动态数据敏感等级的大数据细粒度访问控制模型

张焕1, 侯明星2, 刘光娜3, 史颖4   

  1. 1 太原师范学院计算机科学与技术学院 山西 晋中 030619
    2 太原理工大学大数据学院 太原 030006
    3 湖南大学生命医学交叉研究院 长沙 410081
    4 山西大学计算机与信息技术学院 太原 030006
  • 收稿日期:2025-10-27 修回日期:2025-12-10 发布日期:2026-02-10
  • 通讯作者: 史颖(shiying@tynu.edu.cn)
  • 作者简介:(446037616@qq.com)
  • 基金资助:
    国家自然科学基金青年基金( 82303739);山西省教育厅项目(2024W129)

Fine-grained Access Control Model for Big Data Based on Dynamic Data Sensitivity Levels

ZHANG Huan1, HOU Mingxing2, LIU Guangna3 , SHI Ying4   

  1. 1 School of Computer Science and Technology,Taiyuan Normal University,Jinzhong,Shanxi 030619,China
    2 College of Big Data,Taiyuan University of Technology,Taiyuan 030006,China
    3 School of Biomedical Sciences,Hunan University,Changsha 410081,China
    4 School of Computer and Information Technology,Shanxi University,Taiyuan 030006,China
  • Received:2025-10-27 Revised:2025-12-10 Online:2026-02-10
  • About author:ZHANG Huan,born in 1988,master,experimenter.Her main research interests include big data and artificial intelligence.
    SHI Ying,born in 1990,master,asso-ciate professor.Her main research in-terests include artificial intelligence and big data.
  • Supported by:
    Youth Fund of the National Natural Science Foundation of China (82303739) and Shanxi Provincial Education Department Project(2024W129).

PDF (PC)

90

摘要: 针对大数据环境下静态访问控制模型难以适应数据动态性与上下文多变性的问题,提出了一种基于动态数据敏感等级的细粒度访问控制模型。该模型首先构建一个多维度量化评估体系,通过分析数据内容、上下文环境及历史操作行为,动态计算数据的实时敏感等级,克服了传统静态分类的僵化性。在此基础上,将动态敏感等级作为核心决策属性,与基于属性的访问控制模型深度集成,设计了一种情境自适应的权限动态授予与撤销机制,实现了对不同用户在不同时间、地点及场景下访问行为的精准管控。实验结果表明,该模型能够在保证较低性能开销的同时,有效感知数据价值与风险的变化,相较于传统基于角色的访问控制模型和静态基于属性的访问控制模型,在权限分配的精确度与安全性上均有显著提升,尤其适用于数据流动频繁、安全需求多变的大数据应用场景,为构建智能、自适应的数据安全防护体系提供了有效途径。

关键词: 大数据安全, 访问控制, 细粒度, 动态敏感等级, 属性基访问控制

Abstract: Aiming at the problem that static access control model is difficult to adapt to data dynamics and context variability in big data environment,this paper proposes a fine-grained access control model based on dynamic data sensitivity level.The model first constructs a multi-dimensional quantitative assessment system to dynamically calculate the real-time sensitivity level of data by analyzing the data content,contextual environment and historical operation behaviors,which overcomes the rigidity of traditional static classification.On this basis,the dynamic sensitivity level is taken as the core decision attribute,and deeply integrated with the attribute-based access control model,a context-adaptive permission dynamic granting and revocation mechanism is designed,which realizes the precise control of different users’ access behaviors at different times,places and scenarios.Experimental results show that the model can effectively perceive the changes in data value and risk while ensuring low performance overhead.Compared with the traditional role-based access control model and the static attribute-based access control model,it significantly improves the accuracy and security of privilege assignment,and it is especially suitable for the big data application scenarios with frequent data flow and changing security requirements,which provides an effective way to build an intelligent and adaptive data security protection system.

Key words: Big data security, Access control, Fine-grained, Dynamic sensitivity levels, Attribute-based access control

中图分类号: 

  • TP391
[1]BERTINO E,GHINITA G,KAMRA A.Access control for databases:Concepts and systems[J].Foundations and Trends in Databases,2011,3(1/2):1-148.
[2]QIU J,TIAN Z,DU C,et al.A survey on access control in the age of internet of things[J].IEEE Internet of Things Journal,2020,7(6):4682-4696.
[3]TONG F,SHAO R R.Research on Cloud Data Access Control Model Based on Blockchain[J].Computer Science,2023,50(9):16-25.
[4]ZHANG S W,LI B Y,DENG L M.Context-aware Adaptive Access Control Model[J].Application Research of Computers,2024,41(9):2839-2845.
[5]FAN F W.Research on sensitive data classification and intelligent access control technology in education industry[J].Cybersecurity & Informatization,2025(8):141-143.
[6]HUANG J J,FANG Q.Access control model of cloud computing based on context and role[J].Computer Application,2015,35(2):393-396.
[7]WANG X T,LIAN B.Analysis of an attribute-based dynamicaccess control technology[J].Integrated Circuit Application,2025,42(3):110-111.
[8]BHATT S,PHAM T K,GUPTA M,et al.Attribute-based access control for AWS internet of things and secure industries of the future[J].IEEE Access,2021,9:107200-107223.
[9]IKE C C,IGE A B,OLADOSU S A,et al.Redefining zero trust architecture in cloud networks:A conceptual shift towards granular,dynamic access control and policy enforcement[J].Magna Scientia Advanced Research and Reviews,2021,2(1):74-86.
[10]TANVEER M,KUMAR N,NAUSHAD A,et al.A robust access control protocol for the smart grid systems[J].IEEE Internet of Things Journal,2021,9(9):6855-6865.
[11]ZONG J,WANG C,SHEN J,et al.ReLAC:Revocable and lightweight access control with blockchain for smart consumer electronics[J].IEEE Transactions on Consumer Electronics,2023,70(1):3994-4004.
[12]WANG Q X,DONG L J,JIA W,et al.Dynamic access control based on vector representation and calculation in open environment[J].Computer Science,2022,49(S2):727-733.
[13]ATLAM H F,WALTERS R J,WILLS G B,et al.Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT[J].Mobile Networks and Applications,2021,26(6):2545-2557.
[14]PAN R J,WANG G C,HUANG H G.Attribute Access Control Based on Dynamic User Trust in Cloud Computing[J].Computer Science,2021,48(5):313-319.
[15]PARK J S,SANDHU R,AHN G J.Role-based access control on the web[J].ACM Transactions on Information and System Security,2001,4(1):37-71.
[16]GOUGLIDIS A,MAVRIDIS I.domRBAC:An access controlmodel for modern collaborative systems[J].Computers & Secu-rity,2012,31(4):540-556.
[17]WEI L,ZHANG J J,ZHANG X Y.Research and applicationanalysis of service dynamic access control combining deep lear-ning and adaptive[J].Modern Electronic Technique,2025,48(16):50-54.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市两江新区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发