大数据环境下基于用户属性的细粒度访问控制

为解决大数据环境下统一授权管理的问题,分析开源组件Apache Ranger的模型与授权方式,综合考虑授权用户数量、策略管理难度等问题,提出基于用户属性的访问控制模型。将CP-ABE算法引入Ranger原生访问控制模型中,通过算法的加、解密为Ranger策略添加访问控制树,实现用户属性级别的授权和基于用户可变属性的动态访问控制。通过开发原型系统,实现权限管理、用户管理、属性管理等功能。在实验部分,通过对不同量级用户进行访问控制,验证模型的有效性。

User attribute-based fine grained access control for big data

To solve the problem of unified authorization management of big data,the model and authorization method of open source software Apache Ranger were analyzed,and factors such as the number of authorized users and the difficulty of policy management were also taken into consideration,a user attribute-based access control model was proposed.The ciphertext policy attribute based encryption(CP-ABE)algorithm was introduced into the Ranger native access control model,and access control tree was added into Ranger policy using encryption and decryption of the algorithm,which realized user attribute level authorization and dynamic access control based on variable user attributes.By developing the prototype system,authorization management,user management and attribute management were realized.In the experimental part,the validity of the model was verified by access control for users of different magnitudes.