摘要
为解决大数据环境下统一授权管理的问题,分析开源组件Apache Ranger的模型与授权方式,综合考虑授权用户数量、策略管理难度等问题,提出基于用户属性的访问控制模型。将CP-ABE算法引入Ranger原生访问控制模型中,通过算法的加、解密为Ranger策略添加访问控制树,实现用户属性级别的授权和基于用户可变属性的动态访问控制。通过开发原型系统,实现权限管理、用户管理、属性管理等功能。在实验部分,通过对不同量级用户进行访问控制,验证模型的有效性。
To solve the problem of unified authorization management of big data,the model and authorization method of open source software Apache Ranger were analyzed,and factors such as the number of authorized users and the difficulty of policy management were also taken into consideration,a user attribute-based access control model was proposed.The ciphertext policy attribute based encryption(CP-ABE)algorithm was introduced into the Ranger native access control model,and access control tree was added into Ranger policy using encryption and decryption of the algorithm,which realized user attribute level authorization and dynamic access control based on variable user attributes.By developing the prototype system,authorization management,user management and attribute management were realized.In the experimental part,the validity of the model was verified by access control for users of different magnitudes.
作者
王嘉龙
台宪青
马治杰
WANG Jia-long;TAI Xian-qing;MA Zhi-jie(Research Center for Data and Service,Research and Development Center for Internet of Things,Chinese Academy of Sciences,Wuxi 214135,China;School of Microelectronics,University of Chinese Academy of Sciences,Beijing 101407,China;Laboratory of Geospatial Information Systems,Institute of Electronics,Chinese Academy of Sciences,Suzhou 215121,China)
出处
《计算机工程与设计》
北大核心
2020年第7期1801-1808,共8页
Computer Engineering and Design
基金
中国科学院战略性先导科技专项(A类)基金项目(XDA19080201)。
关键词
大数据
统一授权
用户属性
访问控制树
权限管理
big data
unified authorization
user attribute
access control tree
authorization management
