A role-involved purpose-based access control model

This paper presents a role-involved purpose-based access control (RPAC) model, where a conditional purpose is defined as the intention of data accesses or usages under certain conditions. RPAC allows users using some data for a certain purpose with Conditions (For instance, Tony agrees that his income information can be used for marketing purposes by removing his name). The structure of RPAC model is investigated after defining access purposes, intended purposes and conditional purposes. An algorithm is developed with role-based access control (RBAC) to achieve the compliance computation between access purposes (related to data access) and intended purposes (related to data objects). Access purpose authorization and authentication in the RPAC model are studied with the hierarchical purpose structure. According to the model, more information from data providers can be extracted while at the same time assuring privacy that maximizes the usability of consumers’ data. It extends role-based access control models to a further coverage of privacy preservation in database management systems by adopting purposes and conditional intended purposes and to achieve a fine-grained access control. The work in this paper helps enterprises to circulate a clear privacy promise, and to collect and manage user preferences and consent.     

Building access control policy model for privacy preserving and testing policy conflicting problems

This paper proposes a purpose-based access control model in distributed computing environment for privacy preserving policies and mechanisms, and describes algorithms for policy conflicting problems. The mechanism enforces access policy to data containing personally identifiable information. The key component is purpose involved access control models for expressing highly complex privacy-related policies with various features. A policy refers to an access right that a subject can have on an object, based on attribute predicates, obligation actions, and system conditions. Policy conflicting problems may arise when new access policies are generated that are possible to be conflicted to existing policies. As a result of the policy conflicts, private information cannot be well protected. The structure of purpose involved access control policy is studied, and efficient conflict-checking algorithms are developed and implemented. Finally a discussion of our work in comparison with other related work such as EPAL is presented.     

Purpose based access control for privacy protection in relational database systems

In this article, we present a comprehensive approach for privacy preserving access control based on the notion of purpose. In our model, purpose information associated with a given data element specifies the intended use of the data element. A key feature of our model is that it allows multiple purposes to be associated with each data element and also supports explicit prohibitions, thus allowing privacy officers to specify that some data should not be used for certain purposes. An important issue addressed in this article is the granularity of data labeling, i.e., the units of data with which purposes can be associated. We address this issue in the context of relational databases and propose four different labeling schemes, each providing a different granularity. We also propose an approach to represent purpose information, which results in low storage overhead, and we exploit query modification techniques to support access control based on purpose information. Another contribution of our work is that we address the problem of how to determine the purpose for which certain data are accessed by a given user. Our proposed solution relies on role-based access control (RBAC) models as well as the notion of conditional role which is based on the notions of role attribute and system attribute.     

分布式隐私保护FHE-DBIRCH模型研究

隐私保护数据挖掘是当前数据挖掘领域中一个十分重要的研究问题,其目标是在无法获得原始明文数据时可以进行精确的数据挖掘,且挖掘的规则和知识与明文数据挖掘的结果相同或类似。为了强化数据的隐私保护、提高挖掘的准确度,针对分布式环境下聚类挖掘隐私保护问题,结合完全同态加密、解密算法,提出并实现了一种基于完全同态加密的分布式隐私保护FHE DBIRCH模型。模型中数据集传输采用完全同态加密算法加密、解密,保证原始数据的隐私。理论分析和实验结果表明,FHE-DBIRCH模型不仅具有很好的数据隐私性且保持了聚类精度。     

An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system

Many efforts in the area of computer security have been drawn to attribute-based access control (ABAC). Compared to other adopted models, ABAC provides more granularity, scalability, and flexibility. This makes it a valuable access control system candidate for securing platforms and environments used for coordination and cooperation among organizations and communities, especially over open networks such as the Internet. On the other hand, the basic ABAC model lacks provisions for context, trust and privacy issues, all of which are becoming increasingly critical, particularly in high performance distributed collaboration environments. This paper presents an extended access control model based on attributes associated with objects and subjects. It incorporates trust and privacy issues in order to make access control decisions sensitive to the cross-organizational collaboration context. Several aspects of the proposed model are implemented and illustrated by a case study that shows realistic ABAC policies in the domain of distributed multiple organizations crisis management systems. Furthermore, the paper shows a collaborative graphical tool that enables the actors in the emergency management system to make better decisions. The prototype shows how it guarantees the privacy of object’s attributes, taking into account the trust of the subjects. This tool incorporates a decision engine that relies on attribute based policies and dynamic trust and privacy evaluation. The resulting platform demonstrates the integration of the ABAC model, the evolving context, and the attributes of actors and resources.     

一种有效的隐私保护关联规则挖掘方法

隐私保护是当前数据挖掘领域中一个十分重要的研究问题,其目标是要在不精确访问真实原始数据的条件下,得到准确的模型和分析结果.为了提高对隐私数据的保护程度和挖掘结果的准确性,提出一种有效的隐私保护关联规则挖掘方法.首先将数据干扰和查询限制这两种隐私保护的基本策略相结合,提出了一种新的数据随机处理方法,即部分隐藏的随机化回答(randomized response with partial hiding,简称RRPH)方法,以对原始数据进行变换和隐藏.然后以此为基础,针对经过RRPH方法处理后的数据,给出了一种简单而又高效的频繁项集生成算法,进而实现了隐私保护的关联规则挖掘.理论分析和实验结果均表明,基于RRPH的隐私保护关联规则挖掘方法具有很好的隐私性、准确性、高效性和适用性.     

一种基于最小选择度优先的多敏感属性个性化l-多样性算法

数据发布中的隐私保护技术一直是数据挖掘与信息安全领域关注的重要问题.目前大部分的研究都仅限于单敏感属性的隐私保护技术,而现实生活中存在着大量包含多敏感属性的数据信息.同时,随着个性需求的不断提出,隐私保护中的个性化服务越来越受研究者的关注.为了扩展单敏感属性数据的隐私保护技术以及满足个性化服务的需求问题,研究了数据发布过程中面向多敏感属性的个性化隐私保护方法.在单敏感属性l-多样性原则的基础上,引入基于值域等级划分的个性化定制方案,定义了多敏感属性个性化l-多样性模型,并提出了一种基于最小选择度优先的多敏感属性个性化l-多样性算法.实验结果表明:该方法不仅可以满足隐私个性化的需求,而且能有效地保护数据的隐私,减少信息的隐匿率,保证发布数据的可用性.     

大数据安全与隐私保护研究进展

当前,用户数据的安全与隐私保护无疑成为大数据环境中最为重要的问题之一,而其最彻底的解决方式是通过加密所有数据来完成.因此,新的加密技术和在密文域上探索高效的大数据处理新模式是国内外当前的研究热点.在贯穿于整个数据生命周期中,密文域上的计算、访问控制和数据聚合(分别称为密文计算、密文访问控制和密文数据聚合)等问题已成为该领域的核心问题.主要针对密文计算、密文访问控制和密文数据聚合等当前国内外研究的现状进行综述,指出其存在的问题与不足.在此基础上,重点介绍了文章作者团队在大数据安全与隐私保护方面的最新研究成果.在密文计算方面,提出了通过减少公钥加密使用次数来设计高效的隐私保护外包计算的新方法,并设计了不依赖于公钥(全)同态加密,仅需一次离线计算任意单向陷门置换来实现安全外包计算的新方案.在密文访问控制方面,提出了支持大属性集合的、短密文的高效可追踪、可撤销属性基加密方案.在密文数据聚合方面,提出了不依赖于加法同态加密的、保护个体数据隐私且仅由授权接收方可成功解密聚合结果的高效隐私保护外包聚合方案.最后,还指出了该领域当前研究中需要解决的公开问题和未来的发展趋势.     

网格环境中证书和策略的隐私保护机制研究

网格访问控制机制中网格实体的访问控制策略和证书的隐私保护是网格安全的一个重要方面,其重要性随着网格技术的进一步广泛应用而日益突出.利用安全函数计算和同态加密理论来解决访问控制过程中策略和证书的隐私保护问题.首先提出了适应于复合策略表达的电路组成方法,并基于无记忆传递机制和"混乱电路"计算协议提出了策略计算协议;然后提出了基于同态加密理论的属性相等测试协议;最后基于策略计算协议和属性相等测试协议提出了策略和证书的隐私保护协议.分析表明,本方案可以对策略和证书的属性进行完全的隐私保护,并且可以避免传统方法所引起的循环依赖问题.     

An efficient approach for publishing microdata for multiple sensitive attributes

The publication of microdata is pivotal for medical research purposes, data analysis and data mining. These published data contain a substantial amount of sensitive information, for example, a hospital may publish many sensitive attributes such as diseases, treatments and symptoms. The release of multiple sensitive attributes is not desirable because it puts the privacy of individuals at risk. The main vulnerability of such approach while releasing data is that if an adversary is successful in identifying a single sensitive attribute, then other sensitive attributes can be identified by co-relation. A whole variety of techniques such as SLOMS, SLAMSA and others already exist for the anonymization of multiple sensitive attributes; however, these techniques have their drawbacks when it comes to preserving privacy and ensuring data utility. The extant framework lacks in terms of preserving privacy for multiple sensitive attributes and ensuring data utility. We propose an efficient approach (p, k)-Angelization for the anonymization of multiple sensitive attributes. Our proposed approach protects the privacy of the individuals and yields promising results compared with currently used techniques in terms of utility. The (p, k)-Angelization approach not only preserves the privacy by eliminating the threat of background join and non-membership attacks but also reduces the information loss thus improving the utility of the released information.     

支持隐私保护的多机构属性基加密方案

针对云环境中用户敏感信息的保护,提出一种支持隐私保护的多机构属性基加密(attribute based encryption, ABE)方案.该方案采用半策略隐藏方式,将属性分为属性名和属性值2部分,通过对用户的属性值进行隐藏,实现对用户的隐私保护,避免用户的具体属性值泄露给其他任何第三方.另外,加密时仅对与访问策略相关的属性名进行加密,而不是对系统所有属性进行加密,改变了已有的隐私保护属性基加密方式,大大减短了密文长度.方案的安全性依赖于DBDH假设,并且在标准模型下满足自适应选择明文攻击安全.同时,通过与其他方案的对比,方案计算代价和存储代价都有明显优势,尤其是密文长度仅与访问策略设置的属性相关,更加适用于实际应用中用户属性规模远远小于系统属性规模的情况.     

数据库服务——安全与隐私保护

主要从数据的机密性、数据的完整性、数据的完备性、查询隐私保护以及访问控制策略这5 个关键技 术,综述国际上在数据库服务——安全与隐私保护方面的研究进展.数据的机密性主要从基于加密和基于数据分布 展开分析;数据的完整性和完备性主要从基于签名、基于挑战-响应和基于概率的方法展开分析;查询隐私保护和访 问控制策略主要从目前存在的问题展开分析.最后展望了数据库服务——安全与隐私保护领域未来的研究方向、存 在的问题及面临的挑战.     

数据库服务——安全与隐私保护

主要从数据的机密性、数据的完整性、数据的完备性、查询隐私保护以及访问控制策略这5个关键技术,综述国际上在数据库服务--安全与隐私保护方面的研究进展.数据的机密性主要从基于加密和基于数据分布展开分析;数据的完整性和完备性主要从基于签名、基于挑战-响应和基于概率的方法展开分析;查询隐私保护和访问控制策略主要从目前存在的问题展开分析.最后展望了数据库服务--安全与隐私保护领域未来的研究方向、存在的问题及面临的挑战.     

基于集成信用度评估智能合约的安全数据共享模型

区块链技术是一种新兴技术, 它具备防篡改、去中心化、分布式存储等特点, 可以有效地解决现有数据共享模型中隐私安全、用户控制权不足以及单点故障问题. 本文以电子病历(Electronic health record, EHR)共享为例提出一种基于集成信用度评估智能合约的数据共享访问控制模型, 为患者提供可信EHR共享环境和动态访问控制策略接口. 实验表明所提模型有效解决了患者隐私安全和对EHR控制权不足的问题. 同时就模型的特点、安全性以及性能进行了分析.     

智能电网中基于MQTT协议的ABAC访问控制方案

在智能电网环境中,电力运营商和消费者通过智能电表进行大量高精度的用电数据的实时监测,用户机密数据持续暴露于未经授权的访问,在这种传统通信模式下,智能电表对家庭用户能源消耗的细粒度测量造成了严重的隐私安全问题,而现有的静态访问控制方法并不满足智能电网环境基于上下文的动态访问特性。针对此问题,提出一种基于物联网通信协议（MQTT协议）的访问控制方案,通过在MQTT协议中对树型结构的主题列表设计基于ABAC访问控制模型的动态上下文授权策略,并在WSO2系统使用XACML策略语言实现了提出的访问控制方案。性能评估结果表明,该方案能在较低的通信开销内支持动态的访问控制,以解决智能电网中用户的用电信息未经授权而泄露的隐私安全问题。     

基于属性分类的分布式大数据隐私保护加密控制模型设计

在分布式大数据的存储和传输过程中,数据极易被恶意用户攻击,造成数据的泄露和丢失。为提高分布式大数据的存储和传输安全性,设计了基于属性分类的分布式大数据隐私保护加密控制模型。挖掘用户隐私数据,以分布式结构存储。根据分布式隐私数据特征,判断数据的属性类型。利用Logistic混沌映射,迭代生成数据隐私保护密钥,通过匿名化、混沌映射、同态加密等步骤,实现对隐私数据的加密处理。利用属性分类技术,控制隐私保护数据访问进程,在传输协议的约束下,实现分布式大数据隐私保护加密控制。实验结果表明,设计模型的明文和密文相似度较低,访问撤销控制准确率高达98.9%,在有、无攻击工况下,隐私数据损失量较少,具有较好的加密、控制性能和隐私保护效果,有效降低了隐私数据的泄露风险,提高了分布式大数据的存储和传输安全性。     

数据发布中基于模糊集的隐私保护研究

隐私保护数据发布是近年来研究的热点技术之一,主要研究如何在数据发布中避免敏感数据的泄露,又能保证数据发布的高效用性。基于模糊集的隐私保护模型,文中方法首先计算训练样本数据的先验概率,然后通过将单个敏感属性和两个相关联属性基于贝叶斯分类泛化实现隐私保护。通过实验验证基于模糊集的隐私保护模型(Fuzzy k-匿名)比经典隐私保护k-匿名模型具有更高的效率,隐私保护度高,数据可用性强。     

朴素贝叶斯分类中的隐私保护方法研究

数据挖掘中的隐私保护方法,试图在不精确访问原始数据详细信息的条件下,挖掘出准确的模式与规则.围绕着分类挖掘中的隐私保护问题展开研究,给出了一种基于数据处理和特征重构的朴素贝叶斯分类中的隐私保护方法.分别提出了一种针对枚举类型的隐私数据处理与特征重构方法--扩展的部分隐藏随机化回答(Extended Randomized Response with Partial Hiding,ERRPH)方法和一种针对数值类型的隐私数据处理与特征重构方法--转换的随机化回答(Transforming Randomized Response,TRR)方法,并在此基础上实现了一个完整的隐私保护的朴素贝叶斯分类算法.理论分析和实验结果均表明:朴素贝叶斯分类中基于ERRPH和TRR的隐私保护方法具有很好的隐私性、准确性、高效性和适用性.     

基于数据敏感性的大数据访问控制模型研究

最近大数据的增长正在引发安全和隐私问题,传统的访问控制模型难以对海量数据提供动态的访问控制。针对Hadoop云平台的数据安全问题,提出了一个基于数据敏感性的Hadoop大数据访问控制模型。模型利用数据内容、使用模式和数据敏感性来强化访问控制策略,在评估数据敏感性上用户干预最小,能根据数据集的增加和删除所引起的数据敏感性变化来调整访问控制策略。实验结果表明,该模型能够以较少的开销增强对非多媒体数据集的访问控制,解决了现有Hadoop平台中访问控制模型安全性的不足。     

基于智能合约的分类分级属性访问控制方法

传统医疗数据共享模型存在访问效率低下和访问控制中心化问题。针对医疗数据动态性强、数据量大和隐私度高的特点,提出一种基于智能合约的分类分级属性访问控制方法。首先,对属性和级别进行划分,形成属性类别和资源隐私等级,根据资源等级设计不同粒度的访问控制策略,合理配置属性信息,提升用户访问效率;然后,利用智能合约为访问控制提供去中心化的执行环境,允许自动化策略判决,解决集中式访问控制带来的安全隐患;最后,实验结果表明该方案能够有效提高访问控制效率,实现访问控制智能判决,保证医疗数据的安全共享。