Traditional access control models are hard to restrain the malicious behavior of authorized users. Accord-ingly, Hadoop platform with this access control model is difficult to prevent the risk of privacy disclosure. A model of access control based on risk was proposed. A risk function of information entropy was designed from users’ his-torical behavior based on setting the tags of subject and object. Furthermore, the tracking chain of risk was built, which could adjust the users’ access authority dynamically according to the risk value and its volatility. Combining with access token and risk supervision, the risk access control mechanism for big data privacy protection was real-ized, which could be applied to enhance the security of Hadoop Kerberos protocol. Finally, the experiment result shows that the model can constrain the authorized users’ access behavior effectively.%传统的访问控制机制难以约束授权用户的恶意行为,使得采用这种访问控制机制的Hadoop平台面临着大数据隐私泄露的风险。提出了一种基于风险的访问控制模型,该模型通过对主体和客体标签的设定,根据用户的历史行为记录构造信息熵风险值计算函数,并进一步建立风险值波动的追踪链,通过风险值及其波动幅度动态调整用户的访问权限。将该模型应用于Hadoop的Kerberos认证协议的改进,结合访问令牌及风险监测实现大数据隐私保护风险访问控制机制。最后,针对医疗大数据进行应用仿真,实验表明该模型可以有效约束大数据应用平台中授权用户的访问行为。
展开▼
