摘要
大数据环境呈现多用户跨网交叉访问、多服务协同计算、数据跨服务流动、海量文件管控复杂的特点,现有密钥资源控制模型和机制不完全适用于大数据场景。针对大数据环境的密钥资源控制、操作语义归一化描述、细粒度访问控制的需求,从密钥资源控制的场景要素及属性出发,通过映射面向网络空间的访问控制(Co AC)模型,提出了面向HDFS的密钥资源控制机制;然后,给出了面向HDFS的密钥资源控制管理机制(CKCM),包括管理子模型和管理支撑模型,并用Z语言形式化地描述了管理模型中的管理函数和管理方法;最后,基于XACML实现CKCM系统,实现HDFS中密钥及文件资源的细粒度安全访问控制。
The big data environment presents the characteristics of multi-user cross-network cross-access,multi-service collaborative computing,cross-service data flow,and complex management of massive files.The existing access control models and mechanisms are not fully applicable for big data scenarios.In response to the needs of fine-grained access control and multi-service strategy normalization for cryptographic data in the big data environment,starting from the scene elements and attributes of access control,the HDFS-oriented CKCM was proposed by mapping the cyberspace-oriented access control(CoAC)model.Subsequently,a fine-grained access control management model for HDFS was proposed,including management sub-models and management supporting models.The Z-notation was used to formally describe the management functions and management methods in the management model.Finally,the CKCM system was implemented based on XACML to realize fine-grained secure access control for managing file and secret keys in HDFS.
作者
金伟
李凤华
余铭洁
郭云川
周紫妍
房梁
JIN Wei;LI Fenghua;YU Mingjie;GUO Yunchuan;ZHOU Ziyan;FANG Liang(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;China Academy of Information and Communications Technology,Beijing 100191,China;School of Cyber Security,University of Science and Technology of China,Hefei 230027,China)
出处
《通信学报》
EI
CSCD
北大核心
2022年第9期27-41,共15页
Journal on Communications
基金
国家自然科学基金资助项目(No.U1836203,No.61872441)
国家重点研发计划基金资助项目(No.2018YFB2100400)
中国科学院青年创新促进会人才基金资助项目(No.2021154)。
关键词
大数据平台
密钥管理
资源控制
面向网络空间的访问控制
big data platform
cryptographic key management
resource control
cyberspace-oriented access control