【2016年第1期】大数据隐私保护技术综述(下)
6 ?大數據訪問控制技術
大數據訪問控制技術主要用于決定哪些用戶可以以何種權限訪問哪些大數據資源,從而確保合適的數據及合適的屬性在合適的時間和地點,給合適的用戶訪問,其主要目標是解決大數據使用過程中的隱私保護問題。早期的訪問控制技術,如自主訪問控制(discretionary access control,DAC)[51]、強制訪問控制(mandatory access control,MAC)[52]等都面向封閉環境,訪問控制的粒度都比較粗,難以滿足大數據時代開放式環境下對訪問控制的精細化要求。
大數據給傳統訪問控制技術帶來的挑戰如下。
●大數據的時空特性,大數據下的訪問控制模型需要在傳統訪問控制的基礎上,充分考慮用戶的時間信息和位置信息。
●在大數據時代的開放式環境下,用戶來自于多種組織、機構或部門,單個用戶又通常具有多種數據訪問需求[53],如何合理設定角色并為每個用戶動態分配角色是新的挑戰。
●大數據面向的應用需求眾多,不同的應用需要不同的訪問控制策略。以社交網站為例:對于用戶個人主頁的數據,需要基于用戶社交關系的訪問控制;對于網站數據,需要基于用戶等級的訪問控制等。
傳統的訪問控制方式,包括自主訪問控制和強制訪問控制技術,難以應對上述挑戰。因此,大數據時代的訪問控制技術主要包括基于角色的訪問控制和基于屬性的訪問控制方法。
6.1 基于角色的訪問控制
基于角色的訪問控制(role-based access control,RBAC)[54]中,不同角色的訪問控制權限不盡相同。通過為用戶分配角色,可實現對數據的訪問權限控制。由此,在基于角色的訪問控制中,角色挖掘是前提。通常,角色是根據工作能力、職權及責任確定的。大數據場景下的角色挖掘,需要大量人工參與角色定義、角色劃分及角色授權等問題,衍生出了所謂角色工程(role engineering)[55]。角色工程的最終目的是根據個體在某一組織內所擔當的角色或發揮的作用來實現最佳安全管理。有效的角色工程可以為用戶權限提供最優分配、鑒別異常用戶、檢測并刪除冗余或過量的角色、使角色定義及用戶權限保持最新、降低隨之發生的各類風險等。大數據時代,可用于角色挖掘的數據豐富多樣,對角色權限的配置也更加靈活復雜。一方面需要通過挖掘己方數據,合理配置權限,實現數據的訪問可控;另一方面,需要挖掘可收集到的對方數據,找出重要目標角色,以便重點關注。因此,大數據下的角色工程需要從攻擊和防護的角度綜合考慮。
RBAC最初也主要應用于封閉環境之中。針對大數據時空關聯性,一些研究者提出將時空信息融合到RBAC當中。如Ray等人提出了LARB(location-aware role-based)訪問控制模型,在RBAC的基礎之上引入了位置信息,通過考慮用戶的位置來確定用戶是否具有訪問數據的權限[56]。Damiani等人提出的GEO-RBAC,也在分配用戶角色時綜合考慮了用戶的空間位置信息[57]。張穎君等人提出的基于尺度的時空RBAC訪問控制模型,引入了尺度的概念,使得訪問控制策略的表達能力得到增強,同時也增強了模型的安全性[58]。
隨著大數據環境下角色規模的迅速增長,設計算法自動實現角色的提取與優化逐漸成為近年來的研究熱點。參考文獻[59]嘗試將角色最小化,即找出能滿足預定義的用戶—授權關系的一組最小角色集合。參考文獻[60]提出最小擾動混合角色挖掘方法,首先以自頂向下的方法預先定義部分角色,然后以自底向上的方法挖掘候選角色集合。自動化角色挖掘大大減少了人工工作量,但也面臨時間復雜度高的問題,部分問題甚至屬于NP完全問題。參考文獻[61]提出了一種簡單的啟發式算法SMA來簡化角色求解。參考文獻[62]針對大數據及噪聲數據場景,提出選擇穩定的候選角色,并進一步將角色挖掘問題分解以降低復雜度。
大數據時代的訪問控制應用場景廣泛,需求也不盡相同。一些研究通過廣泛收集研究對象的應用數據,試圖挖掘出其中的關鍵角色,從而有針對性地采取處理措施。參考文獻[63]提出在RBAC的基礎上增加責任的概念,即responsibility-RBAC,對用戶職責進行顯式確認,以根據實際應用場景優化角色的數量。
6.2 基于屬性的訪問控制
基于屬性的訪問控制(attribute-based access control,ABAC)[64]通過將各類屬性,包括用戶屬性、資源屬性、環境屬性等組合起來用于用戶訪問權限的設定。RBAC以用戶為中心,而沒有將額外的資源信息,如用戶和資源之間的關系、資源隨時間的動態變化、用戶對資源的請求動作(如瀏覽、編輯、刪除等)以及環境上下文信息進行綜合考慮。而基于屬性的訪問控制ABAC通過對全方位屬性的考慮,可以實現更加細粒度的訪問控制。
大數據環境下,越來越多的信息存儲在云平臺上。根據云平臺的特點,基于屬性集加密訪問控制[65]、基于密文策略屬性集的加密[66]、基于層次式屬性集合的加密[67]等相繼被提出。這些模型都以數據資源的屬性加密作為基本手段,采用不同的策略增加權限訪問的靈活性。如HASBE通過層次化的屬性加密,可以實現云平臺上數據的更加細粒度的訪問控制,層次化也使得模型更加靈活,具有更好的可擴展性。除了提供屬性加密訪問控制之外,ABAC也被當作云基礎設施上訪問控制中的一項服務[68]。
ABE將屬性與密文和用戶私鑰關聯,能夠靈活地表示訪問控制策略。但對于存儲在云端的大數據,當數據擁有者想要改變訪問控制策略時,需要先將加密數據從云端取回本地,解密原有數據,之后再使用新的策略重新加密數據,最后將密文傳回云端。在這一過程中,密文需要來回傳輸,會消耗大量帶寬,從而引發異常,引起攻擊者的注意[69],對數據的解密和重新加密也會使得計算復雜度顯著增大。為此,Yang等人提出了一種高效的訪問控制策略動態更新方法[70]。當訪問控制策略發生變化時,數據擁有者首先使用密鑰更新策略UKeyGen生成更新密鑰UK_m,并將其和屬性變化情況(如增加、減少特定屬性)一起發送到云端。之后,在云端上按照密文更新策略CTUpdate對原有的密文進行更新,而不用對原有密文進行解密。
云端代理重加密將基于屬性的加密與代理重加密技術結合,實現云中的安全、細粒度、可擴展的數據訪問控制[71-73]。新的用戶獲取授權或原有用戶釋放授權時的重加密工作由云端代理,減輕數據擁有者的負擔。同時對數據擁有者來說,云端可能并非是完全可信的,在利用云端進行代理重加密的同時還應防止數據被云端窺探。用戶提交給云的是密文,云端無法解密,云端利用重加密算法轉換為另一密文,新的密文只能被授權用戶解密,而在整個過程中云端服務器看到的始終是密文,看不到明文。云中用戶頻繁地獲取和釋放授權,使得數據密文重加密工作繁重,由云端代理重加密工作,可以大大減輕數據擁有者的負擔。同時,云端無法解密密文,也就無法窺探數據內容。
Sun等人[74]提出了支持高效用戶撤銷的屬性關鍵詞搜索方案,實現了可擴展且基于用戶制定訪問策略的高細粒度搜索授權,通過代理重加密和懶惰重加密技術,將用戶撤銷過程中系統繁重的密鑰更新工作交給半可信的云服務器。Wang等人[75]針對多中心云計算環境的數據安全訪問特點,將多中心屬性加密和外包計算相結合,提出了一種輕量級的安全的訪問控制方案。該方案具有解密密鑰短、加解密計算開銷小等優勢,適用于輕量級設備。該方案可以無縫應用到群組隱私信息保護中,實現了群組成員之間的隱私信息定向發布和共享、群組外的隱私信息保護功能。
大數據為訪問控制帶來了諸多挑戰,但也暗藏機遇。隨著計算能力的進一步提升,無論是基于角色的訪問控制還是基于屬性的訪問控制,訪問控制的效率將得到快速提升。同時,更多的數據將被收集起來用于角色挖掘或者屬性識別,從而可以實現更加精準、更加個性化的訪問控制。總體而言,目前專門針對大數據的訪問控制還處在起步階段,未來將角色與屬性相結合的細粒度權限分配將會有很大的發展空間。
?
7 ?結束語
如何在不泄露用戶隱私的前提下,提高大數據的利用率,挖掘大數據的價值,是目前大數據研究領域的關鍵問題。本文首先介紹了大數據帶來的隱私保護問題,然后介紹了大數據隱私的概念和大數據生命周期的隱私保護模型,接著從大數據生命周期的發布、存儲、分析和使用4個階段出發,對大數據隱私保護中的技術現狀和發展趨勢進行了分類闡述,對該技術的優缺點、適用范圍等進行分析,探索了大數據隱私保護技術進一步發展的方向。
參考文獻
[1] 方濱興,劉克,吳曼青,等. 大搜索技術白皮書[R/OL].(2015-01-06)[2015-05-23 ]. http://wenku.baidu.com/link? url=gqavgz5O7VROHQgJH4_egRVHB_JtcskcX-vWvRgEdzhfMuyidxhO_kdGemK8Qve-z0z-dBIJRpSqZj7oCYLd0i-2iT1mXE2B1B5p4nPW0TO.
FANG B X, LIU K, WU M Q, et al. White paper on big search[R/OL]. (2015-01-06)[2015-05-23]. http://wenku.baidu.com/link?url=gqavgz5O7VROHQgJH4_egRVHB_JtcskcX-vWvRgEdzhfMuyidxhO_kdGemK8Qve-z0z-dBIJRpSqZj7oCYLd0i-2iT1mXE2B1B5p4nPW0TO.
[2] 周水庚, 李豐, 陶宇飛, 等. 面向數據庫應用的隱私保護研究綜述[J]. 計算機學報, 2009,32(5): 847-861.
ZHOU S G, LI F, TAO Y F, et al. Privacy preservation in database applications: a survey[J]. Chinese Journal of Computers, 2009, 32(5): 847-861.
[3] SAMARATI P, SWEENEY L. Generalizing data to provide anonymity when disclosing information[C]// Proceedings of the 17th ACM Sigact-Sigmod-Sigart Symposium on Principles of Database System, June 1-3, 1998, Seattle, Washington, USA. New York: ACM Press, 1998.
[4] SWEENY L. k-anonymity: a model for protecting privacy[J]. International Journal on Uncertainty, Fuzziness and Knowledge Based Systems, 2012, 10(5): 557-570.
[5] BARBARO M, ZELLER T. A face is exposed for AOL searcher No. 4417749[N/OL]. New York Times, (2006-08-09)[2013-09-10]. http://www.nytimes.com/2006/08/09/technology/09aol.html.
[6] NARAYANAN A, SHMATIKOV V. How to break anonymity of the netflix prize dataset[J]. Eprint Arxiv Cs, 2006, arXiv:cs/0610105.
[7] MACHANAVAJJHALA A, GEHRKE J, KIFER D, et al. l-diversity: privacy beyond k-anonymity[J]. ACM Transactions on Knowledge Discovery from Data, 2007, 1(1): 24.
[8] LI N, LI T, VENKATASUBRAMANIAN S. t-closeness: privacy beyond k-anonymity and l-diversity[C]// Proceedings of IEEE 23rd International Conference on Data Engineering, April 11-15, 2007, Istanbul, Turkey. Piscataway: IEEE Press, 2007: 106-115.
[9] NIU B, LI Q H, ZHU X Y, et al. Enhancing privacy through caching in location-based services[C]//Proceedings of IEEE INFOCOM, April 26-May 1, 2015, Hong Kong, China. Piscataway: IEEE Press, 2015: 1017-1025.
[10] LI A, JIN S, ZHANG L, et al. A sequential decision-theoretic model for medical diagnostic system [J]. Technology and Health Care, 2015, 23(s1): S37-S42.
[11] BYUN J W, SOHN Y, BERTINO E, et al. Secure anonymization for incremental dataset[C]//Proceedings of the 3rd VLDB Workshop on Secure Data Management (SDM), September 10-11, 2006, Seoul, Korea. [S.l.: s.n.], 2006.
[12] XIAO X K, TAO Y F. m-invariance: towards privacy preserving re-publication of dynamic datasets[C]// Proceedings of the 2007, ACM SIGMOD International Conference on Management of Data, June 12-14, 2007, Beijing, China. New York: ACM Press, 2007: 689-700.
[13] BU Y Y, FU A W C, WONG R C W, et al. Privacy preserving serial data publishing by role composition[C]// Proceedings of the 34th International Conference on Very Large Data Bases, August 23-28, 2008, Auckland, New Zealand. [S.l.: s.n.], 2008: 845-856.
[14] ZHANG X, LIU C, NEPAL S, et al. A hybrid approach for scalable sub-tree anonymization over big data using MapReduce on cloud [J]. Journal of Computer & System Sciences, 2014, 80(5): 1008-1020.
[15] ZHANG X, LIU C, NEPAL S, et al. Combining top-down and bottom-up: scalable sub-tree anonymization over big data using MapReduce on cloud [J]. IEEE International Conference on Trust, 2013, 52(1): 501-508.
[16] MOHAMMADIAN E, NOFERESTI M, JALILI R. FAST: fast anonymization of big data streams[C]// Proceedings of the 2014 International Conference on Big Data Science and Computing, Aug 4-7, 2014,Beijing, China. [S.l.:s.n.], 2014.
[17] SEDAYAO J, BHARDWAJ R, GORADE N. Making big data, privacy, and anonymization work together in the enterprise: experiences and issues[C]//Proceedings of the 3rd International Congress on Big Data, June 27-July 2, 2014, Anchorage, Alaska, USA. Piscataway: IEEE Press, 2014.
[18] SUN G Z , WEI S , XIE X . De-anonymization technology and applications in the age of big data [J]. Information &Communications Technologies, 2013(6): 52-57.
[19] NARAYANAN A, SHMATIKOV V. Robust de-anonymization of large sparse datasets[C]//Proceedings of the 2008 IEEE Symposium on Security and Privacy, May 18-21, 2008, Oakland, USA. Piscataway: IEEE Press, 2008: 111-122.
[20] National Bureau of Standards. Proposed federal information processing data encryption standard [J]. Creptologia, 1977, 1(3): 292-306.
[21] FIPS. Advanced encryption standard (AES): FIPS PUB 197[S/OL]. [2010-10-16]. http://wenku.baidu.com/link?url=dqgVVuI1EvKAh4fSiHu7mSAgObQji-LiI6C1_KlYWtuiIUFIZaJUZOpkcOWQMPy9U91SHgPcPrt7UWmAQmT3b8WJZ80idSjZ-qLVileRY3a.
[22] RIVEST R L, SHAMIR A, ADLERNAN L M. A method for obtaining digital signatures and public-key cryptosystems [J]. Communications of the ACM, 1978, 21(6): 120-126.
[23] ELGAMAL T. A public key cryptosystem and a signature scheme based on discrete logarithms[J]. IEEE Transactions on Information Theory, 1985, 31(4): 469-472.
[24] LIN H Y, SHEN S T, TZENG W G, et al. Toward data confidentiality via integrating hybrid encryption schemes and Hadoop distributed file system[C]//Proceedings of IEEE 26th International Conference on Advanced Information Networking and Applications (AINA), March 26-29, 2012, Fukuoka, Japan. Washington DC: IEEE Computer Society Press, 2012: 740-747.
[25] GENTRY C. A fully homomorphic encryption scheme [D]. Palo Alto: Stanford University, 2009.
[26] VAN DIJK M, GENTRY C, HALEVI S, et al. Fully homomorphic encryption over the integers[C]// Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 30-June 3, 2010, Riviera, French. New York: Springer Berlin Heidelberg, 2010: 24-43.
[27] CHEN X, HUANG Q. The data protection of MapReduce using homomorphic encryption[C]// Proceedings of the 4th IEEE International Conference on Software Engineering and Service Science (ICSESS), May 23-25, 2013, Beijing, China. Piscataway: IEEE Press, 2013: 419-421.
[28] WANG B Y, LI B C, LI H. Public auditing for shared data with efficient user revocation in the cloud[C]// Proceedings of IEEE INFOCOM, April 26-May 1, 2015, Hong Kong, China. Piscataway: IEEE Press, 2015: 2904-2912.
[29] ATENIESE G, BURNS R, CURMOLA R, et al. Provable data possession at untrusted stores[J]. ACM Conference on Computer & Communications Security, 2007, 14(1): 598-609.
[30] JUELS A, KALISKI B S. PORs: proofs of retrievability for large files[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security, October 29-November 2, 2007, Alexandria, VA, USA. New York: ACM Press, 2007: 584-597.
[31] SHACHAM H, WATERS B. Compact proofs of retrievability[J]. Journal of Cryptology, 2013, 26(3): 442-483.
[32] ATENIESE G, PIETRO R, MANCIN L V, et al. Scalable and efficient provable data possession[C]// Proceedings of International Conference on Security & Privacy in Communication Networks, September 22-25, 2008, Istanbul, Turkey. New York: ACM Press, 2008.
[33] ERWAY C, KüP?ü A, PAPAMANTHOU C, et al. Dynamic provable data possession[C]// Proceedings of the 16th ACM Conference on Computer and Communications Security, November 9-13, 2009, Chicago, IL, USA. New York: ACM Press, 2009: 213-222.
[34] WANG Q, WANG C, LI J, et al. Enabling public verifiability and data dynamics for storage security in cloud computing[C]//Proceedings of ESORICS, September 21-25, 2009, Saint Malo, France. [S.l.:s.n.], 2009: 355-370.
[35] WANG C, WANG Q, REN K, et al. Privacy-preserving public auditing for data storage security in cloud computing[C]// Proceedings of IEEE INFOCOM, March 15-19, 2010, San Diego, CA, USA. Piscataway: IEEE Press, 2010: 525-533.
[36] WANG B Y, LI B C, LI H. Oruta: privacy preserving public auditing for shared data in the cloud[C]//Proceedings of IEEE 5th International Conference on Cloud Computing, November 22-24, 2012, Honolulu, Hawaii, USA. Piscataway: IEEE Press, 2012: 295-302.
[37] WANG B Y, LI B C, LI H. Knox: privacy preserving auditing for shared data with large groups in the cloud[C]// Proceedings of the 10th International Conference on Applied Cryptography and Network Security, June 26-29, 2012, Singapore. Berlin: Springer, 2012.
[38] THURAISINGHAM B. Big data security and privacy[C]//Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, March 2-4, 2015, San Antonio, TX, USA. New York: ACM Press, 2015: 279-280.
[39] WONG R. Big data privacy[J]. J Inform Tech SoftwEng, 2012(2): e114.
[40] WU X, ZHU X, WU G Q, et al. Data mining with big data[J]. IEEE Transactions on Knowledge and Data Engineering, 2014, 26(1): 97-107.
[41] AGGARWAL C C, PHILIP S Y. A General Survey of Privacy-Preserving Data Mining Models and Algorithms[M]. New York: Springer US, 2008.
[42] ATALLAH M, BERTINO E, ELMAGARMID A, et al. Disclosure limitation of sensitive rules[C]//Proceedings of Workshop on Knowledge and Data Engineering Exchange, November 7, 1999, Chicago, IL, USA. Piscataway: IEEE Press, 1999: 45-52.
[43] OLIVEIRA S R M, ZAIANE O R. Privacy preserving frequent itemset mining[C]// Proceedings of IEEE International Conference on Data Mining, Japan, December 9-12, 2002, Maebashi City. Piscataway: IEEE Press, 2002: 43-54.
[44] CHANG L W, MOSKOWITZ I S. An Integrated Framework for Database Inference and Privacy Protection[M]. Ifip Tc11/ Wg113 Fourteenth Working Conference on Database Security: Data&Application Security. New York: Springer US, 2000: 161-172.
[45] AGGARWAL C, PEI J, ZHANG B. A framework for privacy preservation against adversarial data mining[C]//Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, August 20-23, 2006, Philadelphia, USA. New York: ACM Press, 2006.
[46] AGRAWAL R, SRIKANT R. Privacy-preserving data mining[J]. ACM SIGMOD Record, 2000, 29(2): 439-450.
[47] MOSKOWITZ L W, CHANG I S. A Decision Theoretical Based System for Information Downgrading[R/OL]. (2011-08-27)[2015-11-20]. http://wenku.baidu.com/link?url=JAg4rujC4hcwRVbIulvyqgkMJaP fMQ41JAr8v4zfRmZwXWwBNndmDUm10WAIvXYEvlCWb2m34GnIBkADnLpgm8za3iyAHiDnChiaPZwthAW.
[48] CHANG L W, MOSKOWITZ I S. Parsimonious downgrading and decision trees applied to the inference problem[C]//Proceedings of the 1998 Workshop on New Security Paradigms, Charlottesville, Virginia, USA, 1998. New York: ACM Press, 1998: 82-89.
[49] OLIVEIRA S R M, ZAIANE O R. Privacy preserving clustering by data transformation[J]. Journal of Information and Data Management, 2010, 1(1): 37.
[50] VAIDYA J, CLIFTON C. Privacy-preserving k-means clustering over vertically partitioned data[C]//Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, August 24-27, 2003, Washington DC, USA. New York: ACM Press, 2003: 206-215.
[51] SANDHU R S, SAMARATI P. Access control: principle and practice[J]. IEEE Communications Magazine, 1994, 32(9): 40-48.
[52] SANDHU R S. Lattice-based access control models[J]. Computer, 1993, 26(11): 9-19.
[53] ZHANG W, LI A, CHEEMA M, et al. Probabilistic n-of-N skyline computation over uncertain data streams[J]. World Wide Web, 2015, 18(5): 1331-1350.
[54] SANDHU R S, COYNE E J, FEINSTEIN H L, et al. Role-based access control models[J]. Computer, 1996(2): 38-47.
[55] KUHLMANN M, SHOHAT D, SCHIMPF G. Role mining-revealing business roles for security administration using data mining technology[C]// Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, June 2-3, 2003, Como, Italy. New York: ACM Press, 2003: 179-186.
[56] RAY I, KUMAR M, YU L J. LRBAC: a location-aware role-based access control model[C]// Proceedings of the 2nd International Conference on Information Systems Security, December 19-21, 2006, Kolkata, India. New York: Springer US, 2006: 147-161.
[57] DAMIANI M L, BERTINO E, CATANIA B, et al. Geo-rbac: a spatially aware rbac[J]. ACM Transactions on Information and System Security (TISSEC), 2007, 10(1): 2.
[58] 張 穎君, 馮登國. 基于尺度的時空RBAC模型[J]. 計算機研究與發展, 2015, 47(7): 1252-1260.
ZHANG Y J, FENG D G. A role-based access control model based on space, time and scale[J]. Journal of Computer Research and Development, 2010, 47(7): 1252-1260.
[59] ENE A, HORNE W, MILOSAVLJEVIC N, et al. Fast exact and heuristic methods for role minimization problems[C]//Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, June 11-13, 2008, Estes Park, CO, USA. New York: ACM Press, 2008: 1-10.
[60] 翟志剛, 王建東, 曹子寧, 等. 最小擾動混合角色挖掘方法研究[J]. 計算機研究與發展, 2015, 50(5): 951-960.
ZHAI Z G, WANG J D, CAO Z N, et al. Hybrid role mining methods with minimal perturbation[J]. Journal of Computer Research and Development, 2015, 50(5): 951-960.
[61] BLUNDO C, CIMATO S. A simple role mining algorithm[C]//Proceedings of the 2010 ACM Symposium on Applied Computing, March 22-26, 2010, Sierre, Switzerland. New York: ACM Press, 2010: 1958-1962.
[62] NINO V V. Role mining over big and noisy data theory and some applications[D]. Roma: Roma Tre University, 2011.
[63] FELTUS C, PETIT M, SLOMAN M. Enhancement of business it alignment by including responsibility components in RBAC[C]//Proceedings of the 5th International Workshop on Business/IT Alignment and Interoperability BUSITAL, June 2010, Hammamet, Tunisia. [S.l.:s.n.], 2010.
[64] Attribute-based access control[EB/OL]. [2015-12-08]. https://en.wikipedia.org/wiki/Attribute-based_access_control.
[65] GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security, October 30-November 3, 2006, Alexandria, Virginia, USA. New York: ACM Press, 2006: 89-98.
[66] BOBBA R, KHURANA H, PRABHAKARAN M. Attribute-sets: a practically motivated enhancement to attribute-based encryption[C]//Proceedings of the 14th European Symposium on Research in Computer Security, September 21-25, 2009, Saint-Malo, France. [S.l.: s.t.], 2009: 587-604.
[67] WAN Z, LIU J E, DENG R H. HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing[J]. IEEE Transactions on Information Forensics and Security, 2012, 7(2): 743-754.
[68] JIN X. Attribute-based access control models and implementation in cloud infrastructure as a service[D]. San Antonio: The University of Texas at San Antonio, 2014.
[69] LI A, HAN Y, ZHOU B, et al. Detecting hidden anomalies using sketch for high-speed network data stream monitoring[J]. Applied Mathematics and Information Sciences, 2012, 6(3): 759-765.
[70] YANG K, JIA X, REN K, et al. Enabling efficient access control with dynamic policy updating for big data in the cloud[C]// Proceedings of IEEE INFOCOM, April 27-May 2, 2014, Toronto, Canada. Piscataway: IEEE Press, 2014: 2013-2021.
[71] BLAZE M, BLEUMER G, STRAUSS M. Divertible protocols and atomic proxy cryptography[C]// Proceedings of International Conference on the Theory and Application of Cryptographic Techniques Espoo, May 13, 1998, Finland. Berlin: Springer, 1998: 127-144.
[72] LI A, XU J, GAN L, et al. An efficient approach on answering top-k queries with grid dominant graph index[C]// Proceedings of the 15th Asia-Pacific Web Conference, April 4-6, 2013, Sydney, Australia. Berlin: Springer, 2013: 804-814.
[73] ZHANG W M, CHEN B, YU N H. Improving various reversible data hiding schemes via optimal codes for binary covers[J]. IEEE Transactions on Image Processing, 2012, 21(6): 2991-3003.
[74] SUN W H, YU S C, LOU W J, et al. Protecting your right: attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud[C]//Proceedings of IEEE Conference on Computer Communications, April 27- May 2, 2014, Toronto, Ontario, Canada. Piscataway: IEEE Press, 2014.
[75] WANG Y C, LI F H, XIONG J B, et al. Achieving lightweight and secure access control in multi-authority cloud[C]//Proceedings of the 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, August 20-22, 2015, Helsinki, Finland. Piscataway: IEEE Press, 2015: 459-466.
方濱興(1960-),男,博士,中國工程院院士,主要研究方向為大數據、計算機網絡和信息安全。
賈焰(1960-),女,博士,國防科學技術大學教授,主要研究方向為大數據、網絡信息安全和社交網絡。
李愛平(1974-),男,博士,國防科學技術大學研究員,主要研究方向為大數據分析、數據挖掘和網絡信息安全。
江榮(1984-),男,博士,國防科學技術大學助理研究員,主要研究方向為隱私保護和網絡信息安全。
總結
以上是生活随笔為你收集整理的【2016年第1期】大数据隐私保护技术综述(下)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 作者:董诚,华中科技大学计算机科学与技术
- 下一篇: 数据库系统实训——实验九——函数