SU Qiuyue,CHEN Xingshu,LUO Yonggang

DOI: https://doi.org/10.11959/j.issn.2096-109x.2019009

2019-01-01

Abstract:The big data platform is open and shared, but with the increasing amount of data and the complex and variable user access context, the RBAC model is difficult to meet the fine-grained and flexible access control in big data environment. To solve this problem, an access control model for multi-source heterogeneous data in big data platform is proposed. The model dynamically determines role permissions based on attributes and builds a hierarchical structure based on data groups to achieve simple management of data attributes. The model is formally defined, and the implementation and workflow in Hadoop platform are described. The experimental results show that the performance overhead of the proposed scheme is relatively small.

Rong Jiang,Shanshan Han,Yimin Yu,Weiping Ding

DOI: https://doi.org/10.1016/j.ins.2022.11.102

IF: 8.1

2022-11-25

Information Sciences

Abstract:Access control has been widely adopted by distributed platforms, and its effectiveness is of great importance to the quality of services provided by such platforms. However, traditional access control is difficult to apply to scenarios where authorization changes frequently and to extremely large-scale datasets with limited resources. This paper proposes an access control model based on spectral clustering (SC) and risk (SC-RBAC), which is more suitable for big data medical scenarios. Based on user history access data, an improved SC algorithm is used to cluster doctor users. Then, the user classification is introduced as a parameter into the information entropy to improve the accuracy of quantifying the user's access behavior risk. Finally, based on the accurate risk value of access behavior, we assign access rights to users through the access control function constructed in the paper. Experimental results show that in three different situations, the model proposed in this paper can distinguish the two types of doctors well, the accuracy of the model can reach more than 90%, and it outperforms other access control models.

computer science, information systems

Yan Li,Huiping Sun,Zhong Chen,Jinqiang Ren,Haining Luo

DOI: https://doi.org/10.1109/SecTech.2008.50

2008-01-01

Abstract:With the development of grid technology, sensitive files and data protection become difficult tasks multi-domains. Traditional access control mechanisms are not suitable to such distributed environment. Several models and mechanisms utilize trust to assist access control decision. But few explicitly consider trust and risk as two separate factors which affect interactions between peers. In this paper, we present a novel mechanism which considers both trust and risk as two vital parameters to assist access control decision. In addition, a novel model of trust evaluation is proposed to represent the confidence in the peer. And to appease people’s anxiety about loss, a new model of risk assessment is also presented to indicate impacts on resources. At the end of this paper, simulation results will indicate that our mechanism is able to secure local system more efficiently and reliably.

Mingyue Shi,Rong Jiang,Xiaohan Hu,Jingwei Shang

DOI: https://doi.org/10.1007/s10729-019-09490-4

2019-07-23

Health Care Management Science

Abstract:With the rapid development of modern information technology, the health care industry is entering a critical stage of intelligence. Faced with the growing health care big data, information security issues are becoming more and more prominent in the management of smart health care, especially the problem of patient privacy leakage is the most serious. Therefore, strengthening the information management of intelligent health care in the era of big data is an important part of the long-term sustainable development of hospitals. This paper first identified the key indicators affecting the privacy disclosure of big data in health management, and then established the risk access control model based on the fuzzy theory, which was used for the management of big data in intelligent medical treatment, and solves the problem of inaccurate experimental results due to the lack of real data when dealing with actual problems. Finally, the model is compared with the results calculated by the fuzzy tool set in Matlab. The results verify that the model is effective in assessing the current safety risks and predicting the range of different risk factors, and the prediction accuracy can reach more than 90%.

health policy & services

Min Yang

DOI: https://doi.org/10.48550/arXiv.2011.07895

2020-11-16

Abstract:The era of big data has promoted the vigorous development of many industries, boosting the full potential of holistic data-driven analysis. Hadoop has become the primary choice for mainstream platforms used by stakeholders to process big data. Thereafter, the security of Hadoop platform has arisen tremendous attention worldwide. In this paper, we mainly concentrate on enforcing access control on users to ensure platform security. First, we leverage access proxy integrated with attribute-based access control (ABAC) model to implement front-end authorization, which can fully reflect and cope with the flexible nature of the complex access control process in Hadoop platform, as well as can release back-end resources from complex authorization process through access proxy. Moreover, in order to ensure the fine-granularity of authorization, the access proxy maintains a list composed of trust threshold value provided by each resource according to its importance. The access proxy interacts with the blockchain network to obtain the user's trust evaluation value, which serves as an important basis for dynamic authorization determination. More specifically, blockchain network works together on-chain and off-chain modes. The user's historical behavior data is stored off-chain, and the corresponding hash value is anchored on-chain. Consequently, the user's trust value is evaluated based on his historical behavior stored on the blockchain platform. Meanwhile, the authenticity of user behavior data can be guaranteed, thereby ensuring the reliability of trust assessment results. Our experiment demonstrates that the proposed model can dynamically and flexibly adjust user permissions to ensure the security of the platform, while time and money are consumed within a reasonable range.

Cryptography and Security

Binyong Li,Fan Yang,Shaowei Zhang

DOI: https://doi.org/10.3390/math12162541

IF: 2.4

2024-08-19

Mathematics

Abstract:Traditional access control systems exhibit limitations in providing flexible authorization and fine-grained access in the face of increasingly complex and dynamic access scenarios. This paper proposes a context-aware risk access control model to address these challenges. By developing a multi-level contextual risk indicator system, the model comprehensively considers real-time contextual information associated with access requests, dynamically evaluates the risk level of these requests, and compares the outcomes with predefined risk policies to facilitate access decisions. This approach enhances the dynamism and flexibility of access control. To improve the accuracy and reliability of risk assessments, we propose a combination weighting method grounded in game theory. This method reconciles subjective biases and the limitations of objective data by integrating both subjective and objective weighting techniques, thus optimizing the determination process for risk factor weights. Furthermore, smart contracts are introduced to monitor user behavior during access sessions, thereby preventing malicious attacks and the leakage of sensitive information. Finally, the model's performance and authorization granularity are assessed through empirical experiments. The results indicate that the model effectively addresses the requirements of dynamic and fine-grained access scenarios, improving the system's adaptability to risk fluctuations while safeguarding sensitive information.

mathematics

Rong Jiang,Yang Xin,Zhenxing Chen,Ying Zhang

DOI: https://doi.org/10.1016/j.asoc.2022.108423

IF: 8.7

2022-03-01

Applied Soft Computing

Abstract:One of the important issues facing HIS (Hospital Information System) in the context of big data is how to ensure that massive data and resources are protected from internal attacks and reduce the abuse of medical information. However, the existing single-value quantitative access control model based on trust or risk may not well reflect the true trust or risk situation because it cannot describe the timeliness and trend of the quantitative value. In response to this problem, we propose an access control model based on the credibility of the requesting user. Quantify the trust based on the user’s historical visit records on the HIS, and introduce the user’s historical behavior trend into the trust evaluation model through the corresponding regression analysis model. Comparative experiments show that in predicting linear, geometric, exponential, and mixed trends, the regression model in this paper is better than existing methods in predicting trust accuracy and predicting trust trends. Different from the working system of trusted access control model proposed in the existing literature, the model in this paper adds “Behavior warning module (BWM)”. The working mode that “User-visit, Early-warning, Trust-evaluation, Access-control” is very effective in reducing information leakage caused by visitors with non-profit purposes (such as curiosity) and purposeless (such as habitual browsing). And this also has a positive effect on improving the overall behavior level of users in the system.

computer science, artificial intelligence, interdisciplinary applications

Tao Shang,Haolin Zhuang,Jianwei Liu

DOI: https://doi.org/10.1109/iisr.2018.8535990

2018-01-01

Abstract:The growing popularity and development of big data technologies bring serious threats to the security of big data. Building a secure big data platform is the foundation for protecting the security of big data. In this paper, we focus on a comprehensive security management system for Hadoop platforms. Firstly, we discuss the security requirements of big data and extract key technologies of big data security in terms of authentication, authorization and access control, data hiding and encryption, network security, and system security. Then we design a security management system for Hadoop platforms and develop corresponding security modules. As a result, this management system can implement security protection for Hadoop platforms and unified management of security services.

JIN Song-chang,YANG Shu-qiang,FAN Hua,LIU Fei

DOI: https://doi.org/10.3969/j.issn.1671-1122.2012.08.032

2012-01-01

Abstract:This paper studied the data security issues faced by Hadoop for large-scale business-critical systems. Through the analysis of the Kerberos authentication mechanism and FaceBook’s AvatarNode, this paper presents a data security system design with the authentication token algorithm. The design includes two aspects: Data security module is used to ensure security on data-level, including: data access control, data sharing, security, error detection and automatic recovery; Data Disaster Recovery module is used to deal with unexpected damaging effects of natural disasters, to ensure the reliable operation of the system, including: AvatarNode, metadata remote backup, disaster detection and system switch. The design can ensure that the system is reliable and the data is safely stored and used.

Li Na,Dong Yunwei,Che Tianwei,Gao Yang

DOI: https://doi.org/10.1142/9789813100312_0057

2016-01-01

Abstract:Each type of risk for actions of open authorization actions based on windows is analyzed thoroughly, hierarchical reasonable security management and control model is proposed to decrease risks. Finally the institutions of management and control is designed to meet higher security demand with the granularity of monitoring and control based on roles for open authorization actions.

Rong Jiang,Shanshan Han,Mingyue Shi,Tilei Gao,Xusheng Zhao

DOI: https://doi.org/10.1155/2022/3086516

IF: 1.968

2022-03-15

Security and Communication Networks

Abstract:Edge computing is playing an increasingly important role in the field of health care. Edge computing provides high-quality personalized services to patients based on user and device data information. However, edge nodes will collect a large amount of sensitive patient information, and patients will also bear the risk of privacy disclosure while enjoying personalized services. How to reduce the risk of privacy disclosure while ensuring that patients enjoy personalized services brought by edge computing is the research content of this paper. In this paper, the work flow and management mode of Hospital Information System (HIS) are investigated on the spot, and the risk-adaptive access control model based on entropy is established. First, we use International Classification of Diseases, Tenth Revision (ICD-10) to mark the information resources accessed by users and use information entropy to measure the correlation “α” between medical information accessed by users and work tasks. Finally, we analyze the relationship between correlation “α” and risk through an example. The results show that users with high correlation α have low risk of access behavior, and users with low risk have high correlation α of access information resources and work goals. This discovery can help managers predict users’ access behavior in the Big Data environment, so as to dynamically formulate access control policies according to the actual access situation of users and then realize the privacy protection of medical big health data.

computer science, information systems,telecommunications

Aiguo Chen,Guoming Lu,Hanwen Xing,Yuan Xie,Shunwei Yuan

DOI: https://doi.org/10.1177/1550147720921778

IF: 1.938

2020-01-01

International Journal of Distributed Sensor Networks

Abstract:With the rapid development of intelligent perception and other data acquisition technologies in the Internet of things, large-scale scientific workflows have been widely used in geographically distributed multiple data centers to realize high performance in business model construction and computational processing. However, insider threats pose very significant privacy and security risks to systems. Traditional access-control models can no longer satisfy the reasonable authorization of resources in these new cross-domain environments. Therefore, a dynamic and semantic-aware access-control model is proposed for privacy preservation in multiple data center environments, which implements a semantic dynamic authorization strategy based on an anomaly assessment of users’ behavior sequences. The experimental results demonstrate that this dynamic and semantic-aware access-control model is highly dynamic and flexible and can improve the security of the application system.

LIU Hao,ZHANG Lian-ming,CHEN Zhi-gang

DOI: https://doi.org/10.11959/j.issn.1000-436x.2017027

2017-01-01

Abstract:The opening and self-organization features of P2P network bringsaseries of security risks, and the traditional access control model is not suitable for P2P network as it is a kind of distributed management system. Task-based access control mode of P2P network was proposed based on fuzzy theory. And the formalization description and analysis of the model was also proposed. The risk value of each transaction was calculated through hierarchy process analysis and fuzzy comprehensive evaluation. In this model, according to the risk value of each transaction, the dynamic management of ac-cess authority was realized by extending task-based access control model. The results show that this model can restrain the success of noncooperative nodes transaction and raise the success of the whole P2P network system transaction, thus improving the security of P2P network system.

Xu Jing,Zhengnan Liu,Shuqin Li,Bin Qiao,Gexu Tan

DOI: https://doi.org/10.1007/s13198-015-0411-1

2015-12-22

International Journal of System Assurance Engineering and Management

Abstract:In traditional role-based access control (RBAC) model, the permission is bound with identity statically, without being dynamically adjusted by user behavior. Cloud users distribute widely and constitute complex and have legitimate identity whose behavior may be incredible, but any attack is achieved through malicious behavior. The cloud-user behavior assessment based dynamic access control model was proposed by introducing user behavior risk value, user trust degree and other factors into RBAC. First, the times of threat behavior was introduced into the information security risk equation to improve the accuracy of user behavior risk value. Then, both the times of threat behavior and the uneven interval of risk threshold were introduced the trust model based on behavior risk evolution to improve the accuracy of user trust degree. Finally, the dynamic authorization was achieved by mapping trust level and permissions. By the simulation experiment in a small campus cloud system, it can be shown that the change of user behavior risk value and user trust degree is more rational under different times and frequencies of threat behavior, and dynamic authorization is flexible by mapping the risk level and the user permissions.

Jiaqi Zhao,Lizhe Wang,Jie Tao,Jinjun Chen,Weiye Sun,Rajiv Ranjan,Joanna Kołodziej,Achim Streit,Dimitrios Georgakopoulos

DOI: https://doi.org/10.1016/j.jcss.2014.02.006

IF: 1.043

2014-08-01

Journal of Computer and System Sciences

Abstract:MapReduce is regarded as an adequate programming model for large-scale data-intensive applications. The Hadoop framework is a well-known MapReduce implementation that runs the MapReduce tasks on a cluster system. G-Hadoop is an extension of the Hadoop MapReduce framework with the functionality of allowing the MapReduce tasks to run on multiple clusters. However, G-Hadoop simply reuses the user authentication and job submission mechanism of Hadoop, which is designed for a single cluster. This work proposes a new security model for G-Hadoop. The security model is based on several security solutions such as public key cryptography and the SSL protocol, and is dedicatedly designed for distributed environments. This security framework simplifies the users authentication and job submission process of the current G-Hadoop implementation with a single-sign-on approach. In addition, the designed security framework provides a number of different security mechanisms to protect the G-Hadoop system from traditional attacks.

computer science, theory & methods, hardware & architecture

DOI: https://doi.org/10.1186/s40537-023-00783-8

2023-06-17

Journal Of Big Data

Abstract:The rapid development of healthcare big data has brought certain convenience to medical research and health management, but privacy protection of healthcare big data is an issue that must be considered in the process of data application. Access control is one of the methods for privacy protection, but traditional access control models cannot adapt to the dynamic, continuous, and real-time characteristics of healthcare big data scenarios. In this paper, we propose an access control model based on risk quantification and usage control (RQ-UCON). The model adds a risk quantification module to the traditional UCON model to achieve privacy protection of medical data. This module classifies risks into direct and indirect risks and quantifies them based on the physician's visit history. The model stores the quantified risk values as subject attributes. The RQ-UCON model uses an improved Exponentially Weighted Moving Average (EWMA) and penalty factors to predict risk value and to update the risk values of the subject attributes in real-time. The RQ-UCON model uses agglomerative hierarchical clustering to cluster the risk values of physicians within the department, resulting in risk intervals for each physician's operational behavior. Each risk interval is stored as a condition in the RQ-UCON model. Finally, according to the model whether the subject attributes meet the model conditions to determine whether the subject has the corresponding access rights, and according to the risk interval to grant the subject the corresponding access rights. Through the final experiment, it can be seen that the access control model proposed in this paper has a certain control on the excessive access behavior of doctors and has a certain limitation on the privacy leakage of healthcare big data.

Rong Jiang,Rui Liu,Tao Zhang,Weiping Ding,Shenghu Tian

DOI: https://doi.org/10.1016/j.ins.2023.120054

IF: 8.1

2023-01-01

Information Sciences

Abstract:Electronic Medical Records (EMR), as the core data of medical big data, has improved the efficiency of medical services in the process of sharing and use, but a series of data privacy leakage problems have emerged. Access control technology can ensure users' legitimate and appropriate access to data resources, but traditional access control has many limitations such as static and coarse-grained, which is difficult to meet in the dynamic and complex healthcare environment. We create a model to solve the privacy leakage problem of healthcare big data. The model utilizes the Latent Delicacy Allocation (LDA) topic model to quickly search documents and extract the topic probability distributions between the target patient and other patients' electronic medical records, which improves the efficiency of medical record document analysis; Calculating physician access similarity, we quantify physician access behavior to more accurately describe physician access behavior in the form of data. We combined the intuitionistic fuzzy theory with the trust evaluation method to create a novel trust evaluation method-- Intuitionistic Fuzzy Trust Evaluation Method, which can reflect the uncertainty characteristics that exist in the physician's diagnostic and treatment process when quantifying the trust of the access by using this method, and it is more flexible and practical, which enhances the accuracy of the quantification of the trust. Improving the traditional trust aggregation method by adding a time window and time decay function, the optimized method improves the accuracy of trust aggregation, and the experimental results are more in line with the actual law. We created a new intuitionistic fuzzy trust access control model using a relative entropy-based intuitionistic fuzzy clustering algorithm and a reward and punishment mechanism to achieve adaptive and dynamic access control for physician access behavior. Experiments show that the access control model based on intuitionistic fuzzy trust proposed in this article achieves 95% correctness in identifying user access behaviors and 94.29% correctness in identifying excessive user access behaviors. Experiments have proved that this model has obvious advantages over other models in the process of privacy protection of electronic medical record systems and has certain control effects.

ZHAO Wei-gang,WANG Run-xiao,ZHANG Jin-rong,HUANG Wei

DOI: https://doi.org/10.3969/j.issn.1001-2265.2006.12.030

2006-01-01

Abstract:According to the requirement of enterprise sales management information system,the problems of management information system permission is analyzed and discussed,under the theory of role-based access control,an Access control model suit to WAN management information system based on user-role-page and menu is brought forward;and the access control process and realized method of the model is brought forward too.The access control model has been used in the WAN sales management information system,and it well completes the access control of the system.

Ping-ping LIU,Lin-ying YAN

DOI: https://doi.org/10.16185/j.jxatu.edu.cn.2015.05.003

2015-01-01

Abstract:For the purpose of secure cloud storage ,a secure cloud storage access control system scheme is proposed in this paper .In the scheme ,Linux and Hadoop are used to build the cloud platform .T he role-based access control method is employed to test identity and to access nonsensitive data . And the attribute encryption algorithm is applyed to encrypt/decrypt data .Experiment show s that this scheme can effectively ensure the integrity and confidentiality of data in the cloud storage .

Mingyue Shi,Rong Jiang,Wei Zhou,Sen Liu,Savio Sciancalepore

DOI: https://doi.org/10.1155/2020/5610839

IF: 1.968

2020-09-29

Security and Communication Networks

Abstract:Information leakage in the medical industry has become an urgent problem to be solved in the field of Internet security. However, due to the need for automated or semiautomated authorization management for privacy protection in the big data environment, the traditional privacy protection model cannot adapt to this complex open environment. Although some scholars have studied the risk assessment model of privacy disclosure in the medical big data environment, it is still in the initial stage of exploration. This paper analyzes the key indicators that affect medical big data security and privacy leakage, including user access behavior and trust, from the perspective of users through literature review and expert consultation. Also, based on the user’s historical access information and interaction records, the user’s access behavior and trust are quantified with the help of information entropy and probability, and a definition expression is given explicitly. Finally, the entire experimental process and specific operations are introduced in three aspects: the experimental environment, the experimental data, and the experimental process, and then, the predicted results of the model are compared with the actual output through the 10-fold cross verification with Matlab. The results prove that the model in this paper is feasible. In addition, the method in this paper is compared with the current more classical medical big data risk assessment model, and the results show that when the proportion of illegal users is less than 15%, the model in this paper is more superior in terms of accuracy and recall.

computer science, information systems,telecommunications