【2016年第1期】大数据隐私保护技术综述(下)
6 ?大數(shù)據(jù)訪問控制技術(shù)
大數(shù)據(jù)訪問控制技術(shù)主要用于決定哪些用戶可以以何種權(quán)限訪問哪些大數(shù)據(jù)資源,從而確保合適的數(shù)據(jù)及合適的屬性在合適的時(shí)間和地點(diǎn),給合適的用戶訪問,其主要目標(biāo)是解決大數(shù)據(jù)使用過程中的隱私保護(hù)問題。早期的訪問控制技術(shù),如自主訪問控制(discretionary access control,DAC)[51]、強(qiáng)制訪問控制(mandatory access control,MAC)[52]等都面向封閉環(huán)境,訪問控制的粒度都比較粗,難以滿足大數(shù)據(jù)時(shí)代開放式環(huán)境下對(duì)訪問控制的精細(xì)化要求。
大數(shù)據(jù)給傳統(tǒng)訪問控制技術(shù)帶來的挑戰(zhàn)如下。
●大數(shù)據(jù)的時(shí)空特性,大數(shù)據(jù)下的訪問控制模型需要在傳統(tǒng)訪問控制的基礎(chǔ)上,充分考慮用戶的時(shí)間信息和位置信息。
●在大數(shù)據(jù)時(shí)代的開放式環(huán)境下,用戶來自于多種組織、機(jī)構(gòu)或部門,單個(gè)用戶又通常具有多種數(shù)據(jù)訪問需求[53],如何合理設(shè)定角色并為每個(gè)用戶動(dòng)態(tài)分配角色是新的挑戰(zhàn)。
●大數(shù)據(jù)面向的應(yīng)用需求眾多,不同的應(yīng)用需要不同的訪問控制策略。以社交網(wǎng)站為例:對(duì)于用戶個(gè)人主頁的數(shù)據(jù),需要基于用戶社交關(guān)系的訪問控制;對(duì)于網(wǎng)站數(shù)據(jù),需要基于用戶等級(jí)的訪問控制等。
傳統(tǒng)的訪問控制方式,包括自主訪問控制和強(qiáng)制訪問控制技術(shù),難以應(yīng)對(duì)上述挑戰(zhàn)。因此,大數(shù)據(jù)時(shí)代的訪問控制技術(shù)主要包括基于角色的訪問控制和基于屬性的訪問控制方法。
6.1 基于角色的訪問控制
基于角色的訪問控制(role-based access control,RBAC)[54]中,不同角色的訪問控制權(quán)限不盡相同。通過為用戶分配角色,可實(shí)現(xiàn)對(duì)數(shù)據(jù)的訪問權(quán)限控制。由此,在基于角色的訪問控制中,角色挖掘是前提。通常,角色是根據(jù)工作能力、職權(quán)及責(zé)任確定的。大數(shù)據(jù)場(chǎng)景下的角色挖掘,需要大量人工參與角色定義、角色劃分及角色授權(quán)等問題,衍生出了所謂角色工程(role engineering)[55]。角色工程的最終目的是根據(jù)個(gè)體在某一組織內(nèi)所擔(dān)當(dāng)?shù)慕巧虬l(fā)揮的作用來實(shí)現(xiàn)最佳安全管理。有效的角色工程可以為用戶權(quán)限提供最優(yōu)分配、鑒別異常用戶、檢測(cè)并刪除冗余或過量的角色、使角色定義及用戶權(quán)限保持最新、降低隨之發(fā)生的各類風(fēng)險(xiǎn)等。大數(shù)據(jù)時(shí)代,可用于角色挖掘的數(shù)據(jù)豐富多樣,對(duì)角色權(quán)限的配置也更加靈活復(fù)雜。一方面需要通過挖掘己方數(shù)據(jù),合理配置權(quán)限,實(shí)現(xiàn)數(shù)據(jù)的訪問可控;另一方面,需要挖掘可收集到的對(duì)方數(shù)據(jù),找出重要目標(biāo)角色,以便重點(diǎn)關(guān)注。因此,大數(shù)據(jù)下的角色工程需要從攻擊和防護(hù)的角度綜合考慮。
RBAC最初也主要應(yīng)用于封閉環(huán)境之中。針對(duì)大數(shù)據(jù)時(shí)空關(guān)聯(lián)性,一些研究者提出將時(shí)空信息融合到RBAC當(dāng)中。如Ray等人提出了LARB(location-aware role-based)訪問控制模型,在RBAC的基礎(chǔ)之上引入了位置信息,通過考慮用戶的位置來確定用戶是否具有訪問數(shù)據(jù)的權(quán)限[56]。Damiani等人提出的GEO-RBAC,也在分配用戶角色時(shí)綜合考慮了用戶的空間位置信息[57]。張穎君等人提出的基于尺度的時(shí)空RBAC訪問控制模型,引入了尺度的概念,使得訪問控制策略的表達(dá)能力得到增強(qiáng),同時(shí)也增強(qiáng)了模型的安全性[58]。
隨著大數(shù)據(jù)環(huán)境下角色規(guī)模的迅速增長(zhǎng),設(shè)計(jì)算法自動(dòng)實(shí)現(xiàn)角色的提取與優(yōu)化逐漸成為近年來的研究熱點(diǎn)。參考文獻(xiàn)[59]嘗試將角色最小化,即找出能滿足預(yù)定義的用戶—授權(quán)關(guān)系的一組最小角色集合。參考文獻(xiàn)[60]提出最小擾動(dòng)混合角色挖掘方法,首先以自頂向下的方法預(yù)先定義部分角色,然后以自底向上的方法挖掘候選角色集合。自動(dòng)化角色挖掘大大減少了人工工作量,但也面臨時(shí)間復(fù)雜度高的問題,部分問題甚至屬于NP完全問題。參考文獻(xiàn)[61]提出了一種簡(jiǎn)單的啟發(fā)式算法SMA來簡(jiǎn)化角色求解。參考文獻(xiàn)[62]針對(duì)大數(shù)據(jù)及噪聲數(shù)據(jù)場(chǎng)景,提出選擇穩(wěn)定的候選角色,并進(jìn)一步將角色挖掘問題分解以降低復(fù)雜度。
大數(shù)據(jù)時(shí)代的訪問控制應(yīng)用場(chǎng)景廣泛,需求也不盡相同。一些研究通過廣泛收集研究對(duì)象的應(yīng)用數(shù)據(jù),試圖挖掘出其中的關(guān)鍵角色,從而有針對(duì)性地采取處理措施。參考文獻(xiàn)[63]提出在RBAC的基礎(chǔ)上增加責(zé)任的概念,即responsibility-RBAC,對(duì)用戶職責(zé)進(jìn)行顯式確認(rèn),以根據(jù)實(shí)際應(yīng)用場(chǎng)景優(yōu)化角色的數(shù)量。
6.2 基于屬性的訪問控制
基于屬性的訪問控制(attribute-based access control,ABAC)[64]通過將各類屬性,包括用戶屬性、資源屬性、環(huán)境屬性等組合起來用于用戶訪問權(quán)限的設(shè)定。RBAC以用戶為中心,而沒有將額外的資源信息,如用戶和資源之間的關(guān)系、資源隨時(shí)間的動(dòng)態(tài)變化、用戶對(duì)資源的請(qǐng)求動(dòng)作(如瀏覽、編輯、刪除等)以及環(huán)境上下文信息進(jìn)行綜合考慮。而基于屬性的訪問控制ABAC通過對(duì)全方位屬性的考慮,可以實(shí)現(xiàn)更加細(xì)粒度的訪問控制。
大數(shù)據(jù)環(huán)境下,越來越多的信息存儲(chǔ)在云平臺(tái)上。根據(jù)云平臺(tái)的特點(diǎn),基于屬性集加密訪問控制[65]、基于密文策略屬性集的加密[66]、基于層次式屬性集合的加密[67]等相繼被提出。這些模型都以數(shù)據(jù)資源的屬性加密作為基本手段,采用不同的策略增加權(quán)限訪問的靈活性。如HASBE通過層次化的屬性加密,可以實(shí)現(xiàn)云平臺(tái)上數(shù)據(jù)的更加細(xì)粒度的訪問控制,層次化也使得模型更加靈活,具有更好的可擴(kuò)展性。除了提供屬性加密訪問控制之外,ABAC也被當(dāng)作云基礎(chǔ)設(shè)施上訪問控制中的一項(xiàng)服務(wù)[68]。
ABE將屬性與密文和用戶私鑰關(guān)聯(lián),能夠靈活地表示訪問控制策略。但對(duì)于存儲(chǔ)在云端的大數(shù)據(jù),當(dāng)數(shù)據(jù)擁有者想要改變?cè)L問控制策略時(shí),需要先將加密數(shù)據(jù)從云端取回本地,解密原有數(shù)據(jù),之后再使用新的策略重新加密數(shù)據(jù),最后將密文傳回云端。在這一過程中,密文需要來回傳輸,會(huì)消耗大量帶寬,從而引發(fā)異常,引起攻擊者的注意[69],對(duì)數(shù)據(jù)的解密和重新加密也會(huì)使得計(jì)算復(fù)雜度顯著增大。為此,Yang等人提出了一種高效的訪問控制策略動(dòng)態(tài)更新方法[70]。當(dāng)訪問控制策略發(fā)生變化時(shí),數(shù)據(jù)擁有者首先使用密鑰更新策略UKeyGen生成更新密鑰UK_m,并將其和屬性變化情況(如增加、減少特定屬性)一起發(fā)送到云端。之后,在云端上按照密文更新策略CTUpdate對(duì)原有的密文進(jìn)行更新,而不用對(duì)原有密文進(jìn)行解密。
云端代理重加密將基于屬性的加密與代理重加密技術(shù)結(jié)合,實(shí)現(xiàn)云中的安全、細(xì)粒度、可擴(kuò)展的數(shù)據(jù)訪問控制[71-73]。新的用戶獲取授權(quán)或原有用戶釋放授權(quán)時(shí)的重加密工作由云端代理,減輕數(shù)據(jù)擁有者的負(fù)擔(dān)。同時(shí)對(duì)數(shù)據(jù)擁有者來說,云端可能并非是完全可信的,在利用云端進(jìn)行代理重加密的同時(shí)還應(yīng)防止數(shù)據(jù)被云端窺探。用戶提交給云的是密文,云端無法解密,云端利用重加密算法轉(zhuǎn)換為另一密文,新的密文只能被授權(quán)用戶解密,而在整個(gè)過程中云端服務(wù)器看到的始終是密文,看不到明文。云中用戶頻繁地獲取和釋放授權(quán),使得數(shù)據(jù)密文重加密工作繁重,由云端代理重加密工作,可以大大減輕數(shù)據(jù)擁有者的負(fù)擔(dān)。同時(shí),云端無法解密密文,也就無法窺探數(shù)據(jù)內(nèi)容。
Sun等人[74]提出了支持高效用戶撤銷的屬性關(guān)鍵詞搜索方案,實(shí)現(xiàn)了可擴(kuò)展且基于用戶制定訪問策略的高細(xì)粒度搜索授權(quán),通過代理重加密和懶惰重加密技術(shù),將用戶撤銷過程中系統(tǒng)繁重的密鑰更新工作交給半可信的云服務(wù)器。Wang等人[75]針對(duì)多中心云計(jì)算環(huán)境的數(shù)據(jù)安全訪問特點(diǎn),將多中心屬性加密和外包計(jì)算相結(jié)合,提出了一種輕量級(jí)的安全的訪問控制方案。該方案具有解密密鑰短、加解密計(jì)算開銷小等優(yōu)勢(shì),適用于輕量級(jí)設(shè)備。該方案可以無縫應(yīng)用到群組隱私信息保護(hù)中,實(shí)現(xiàn)了群組成員之間的隱私信息定向發(fā)布和共享、群組外的隱私信息保護(hù)功能。
大數(shù)據(jù)為訪問控制帶來了諸多挑戰(zhàn),但也暗藏機(jī)遇。隨著計(jì)算能力的進(jìn)一步提升,無論是基于角色的訪問控制還是基于屬性的訪問控制,訪問控制的效率將得到快速提升。同時(shí),更多的數(shù)據(jù)將被收集起來用于角色挖掘或者屬性識(shí)別,從而可以實(shí)現(xiàn)更加精準(zhǔn)、更加個(gè)性化的訪問控制。總體而言,目前專門針對(duì)大數(shù)據(jù)的訪問控制還處在起步階段,未來將角色與屬性相結(jié)合的細(xì)粒度權(quán)限分配將會(huì)有很大的發(fā)展空間。
?
7 ?結(jié)束語
如何在不泄露用戶隱私的前提下,提高大數(shù)據(jù)的利用率,挖掘大數(shù)據(jù)的價(jià)值,是目前大數(shù)據(jù)研究領(lǐng)域的關(guān)鍵問題。本文首先介紹了大數(shù)據(jù)帶來的隱私保護(hù)問題,然后介紹了大數(shù)據(jù)隱私的概念和大數(shù)據(jù)生命周期的隱私保護(hù)模型,接著從大數(shù)據(jù)生命周期的發(fā)布、存儲(chǔ)、分析和使用4個(gè)階段出發(fā),對(duì)大數(shù)據(jù)隱私保護(hù)中的技術(shù)現(xiàn)狀和發(fā)展趨勢(shì)進(jìn)行了分類闡述,對(duì)該技術(shù)的優(yōu)缺點(diǎn)、適用范圍等進(jìn)行分析,探索了大數(shù)據(jù)隱私保護(hù)技術(shù)進(jìn)一步發(fā)展的方向。
參考文獻(xiàn)
[1] 方濱興,劉克,吳曼青,等. 大搜索技術(shù)白皮書[R/OL].(2015-01-06)[2015-05-23 ]. http://wenku.baidu.com/link? url=gqavgz5O7VROHQgJH4_egRVHB_JtcskcX-vWvRgEdzhfMuyidxhO_kdGemK8Qve-z0z-dBIJRpSqZj7oCYLd0i-2iT1mXE2B1B5p4nPW0TO.
FANG B X, LIU K, WU M Q, et al. White paper on big search[R/OL]. (2015-01-06)[2015-05-23]. http://wenku.baidu.com/link?url=gqavgz5O7VROHQgJH4_egRVHB_JtcskcX-vWvRgEdzhfMuyidxhO_kdGemK8Qve-z0z-dBIJRpSqZj7oCYLd0i-2iT1mXE2B1B5p4nPW0TO.
[2] 周水庚, 李豐, 陶宇飛, 等. 面向數(shù)據(jù)庫應(yīng)用的隱私保護(hù)研究綜述[J]. 計(jì)算機(jī)學(xué)報(bào), 2009,32(5): 847-861.
ZHOU S G, LI F, TAO Y F, et al. Privacy preservation in database applications: a survey[J]. Chinese Journal of Computers, 2009, 32(5): 847-861.
[3] SAMARATI P, SWEENEY L. Generalizing data to provide anonymity when disclosing information[C]// Proceedings of the 17th ACM Sigact-Sigmod-Sigart Symposium on Principles of Database System, June 1-3, 1998, Seattle, Washington, USA. New York: ACM Press, 1998.
[4] SWEENY L. k-anonymity: a model for protecting privacy[J]. International Journal on Uncertainty, Fuzziness and Knowledge Based Systems, 2012, 10(5): 557-570.
[5] BARBARO M, ZELLER T. A face is exposed for AOL searcher No. 4417749[N/OL]. New York Times, (2006-08-09)[2013-09-10]. http://www.nytimes.com/2006/08/09/technology/09aol.html.
[6] NARAYANAN A, SHMATIKOV V. How to break anonymity of the netflix prize dataset[J]. Eprint Arxiv Cs, 2006, arXiv:cs/0610105.
[7] MACHANAVAJJHALA A, GEHRKE J, KIFER D, et al. l-diversity: privacy beyond k-anonymity[J]. ACM Transactions on Knowledge Discovery from Data, 2007, 1(1): 24.
[8] LI N, LI T, VENKATASUBRAMANIAN S. t-closeness: privacy beyond k-anonymity and l-diversity[C]// Proceedings of IEEE 23rd International Conference on Data Engineering, April 11-15, 2007, Istanbul, Turkey. Piscataway: IEEE Press, 2007: 106-115.
[9] NIU B, LI Q H, ZHU X Y, et al. Enhancing privacy through caching in location-based services[C]//Proceedings of IEEE INFOCOM, April 26-May 1, 2015, Hong Kong, China. Piscataway: IEEE Press, 2015: 1017-1025.
[10] LI A, JIN S, ZHANG L, et al. A sequential decision-theoretic model for medical diagnostic system [J]. Technology and Health Care, 2015, 23(s1): S37-S42.
[11] BYUN J W, SOHN Y, BERTINO E, et al. Secure anonymization for incremental dataset[C]//Proceedings of the 3rd VLDB Workshop on Secure Data Management (SDM), September 10-11, 2006, Seoul, Korea. [S.l.: s.n.], 2006.
[12] XIAO X K, TAO Y F. m-invariance: towards privacy preserving re-publication of dynamic datasets[C]// Proceedings of the 2007, ACM SIGMOD International Conference on Management of Data, June 12-14, 2007, Beijing, China. New York: ACM Press, 2007: 689-700.
[13] BU Y Y, FU A W C, WONG R C W, et al. Privacy preserving serial data publishing by role composition[C]// Proceedings of the 34th International Conference on Very Large Data Bases, August 23-28, 2008, Auckland, New Zealand. [S.l.: s.n.], 2008: 845-856.
[14] ZHANG X, LIU C, NEPAL S, et al. A hybrid approach for scalable sub-tree anonymization over big data using MapReduce on cloud [J]. Journal of Computer & System Sciences, 2014, 80(5): 1008-1020.
[15] ZHANG X, LIU C, NEPAL S, et al. Combining top-down and bottom-up: scalable sub-tree anonymization over big data using MapReduce on cloud [J]. IEEE International Conference on Trust, 2013, 52(1): 501-508.
[16] MOHAMMADIAN E, NOFERESTI M, JALILI R. FAST: fast anonymization of big data streams[C]// Proceedings of the 2014 International Conference on Big Data Science and Computing, Aug 4-7, 2014,Beijing, China. [S.l.:s.n.], 2014.
[17] SEDAYAO J, BHARDWAJ R, GORADE N. Making big data, privacy, and anonymization work together in the enterprise: experiences and issues[C]//Proceedings of the 3rd International Congress on Big Data, June 27-July 2, 2014, Anchorage, Alaska, USA. Piscataway: IEEE Press, 2014.
[18] SUN G Z , WEI S , XIE X . De-anonymization technology and applications in the age of big data [J]. Information &Communications Technologies, 2013(6): 52-57.
[19] NARAYANAN A, SHMATIKOV V. Robust de-anonymization of large sparse datasets[C]//Proceedings of the 2008 IEEE Symposium on Security and Privacy, May 18-21, 2008, Oakland, USA. Piscataway: IEEE Press, 2008: 111-122.
[20] National Bureau of Standards. Proposed federal information processing data encryption standard [J]. Creptologia, 1977, 1(3): 292-306.
[21] FIPS. Advanced encryption standard (AES): FIPS PUB 197[S/OL]. [2010-10-16]. http://wenku.baidu.com/link?url=dqgVVuI1EvKAh4fSiHu7mSAgObQji-LiI6C1_KlYWtuiIUFIZaJUZOpkcOWQMPy9U91SHgPcPrt7UWmAQmT3b8WJZ80idSjZ-qLVileRY3a.
[22] RIVEST R L, SHAMIR A, ADLERNAN L M. A method for obtaining digital signatures and public-key cryptosystems [J]. Communications of the ACM, 1978, 21(6): 120-126.
[23] ELGAMAL T. A public key cryptosystem and a signature scheme based on discrete logarithms[J]. IEEE Transactions on Information Theory, 1985, 31(4): 469-472.
[24] LIN H Y, SHEN S T, TZENG W G, et al. Toward data confidentiality via integrating hybrid encryption schemes and Hadoop distributed file system[C]//Proceedings of IEEE 26th International Conference on Advanced Information Networking and Applications (AINA), March 26-29, 2012, Fukuoka, Japan. Washington DC: IEEE Computer Society Press, 2012: 740-747.
[25] GENTRY C. A fully homomorphic encryption scheme [D]. Palo Alto: Stanford University, 2009.
[26] VAN DIJK M, GENTRY C, HALEVI S, et al. Fully homomorphic encryption over the integers[C]// Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 30-June 3, 2010, Riviera, French. New York: Springer Berlin Heidelberg, 2010: 24-43.
[27] CHEN X, HUANG Q. The data protection of MapReduce using homomorphic encryption[C]// Proceedings of the 4th IEEE International Conference on Software Engineering and Service Science (ICSESS), May 23-25, 2013, Beijing, China. Piscataway: IEEE Press, 2013: 419-421.
[28] WANG B Y, LI B C, LI H. Public auditing for shared data with efficient user revocation in the cloud[C]// Proceedings of IEEE INFOCOM, April 26-May 1, 2015, Hong Kong, China. Piscataway: IEEE Press, 2015: 2904-2912.
[29] ATENIESE G, BURNS R, CURMOLA R, et al. Provable data possession at untrusted stores[J]. ACM Conference on Computer & Communications Security, 2007, 14(1): 598-609.
[30] JUELS A, KALISKI B S. PORs: proofs of retrievability for large files[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security, October 29-November 2, 2007, Alexandria, VA, USA. New York: ACM Press, 2007: 584-597.
[31] SHACHAM H, WATERS B. Compact proofs of retrievability[J]. Journal of Cryptology, 2013, 26(3): 442-483.
[32] ATENIESE G, PIETRO R, MANCIN L V, et al. Scalable and efficient provable data possession[C]// Proceedings of International Conference on Security & Privacy in Communication Networks, September 22-25, 2008, Istanbul, Turkey. New York: ACM Press, 2008.
[33] ERWAY C, KüP?ü A, PAPAMANTHOU C, et al. Dynamic provable data possession[C]// Proceedings of the 16th ACM Conference on Computer and Communications Security, November 9-13, 2009, Chicago, IL, USA. New York: ACM Press, 2009: 213-222.
[34] WANG Q, WANG C, LI J, et al. Enabling public verifiability and data dynamics for storage security in cloud computing[C]//Proceedings of ESORICS, September 21-25, 2009, Saint Malo, France. [S.l.:s.n.], 2009: 355-370.
[35] WANG C, WANG Q, REN K, et al. Privacy-preserving public auditing for data storage security in cloud computing[C]// Proceedings of IEEE INFOCOM, March 15-19, 2010, San Diego, CA, USA. Piscataway: IEEE Press, 2010: 525-533.
[36] WANG B Y, LI B C, LI H. Oruta: privacy preserving public auditing for shared data in the cloud[C]//Proceedings of IEEE 5th International Conference on Cloud Computing, November 22-24, 2012, Honolulu, Hawaii, USA. Piscataway: IEEE Press, 2012: 295-302.
[37] WANG B Y, LI B C, LI H. Knox: privacy preserving auditing for shared data with large groups in the cloud[C]// Proceedings of the 10th International Conference on Applied Cryptography and Network Security, June 26-29, 2012, Singapore. Berlin: Springer, 2012.
[38] THURAISINGHAM B. Big data security and privacy[C]//Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, March 2-4, 2015, San Antonio, TX, USA. New York: ACM Press, 2015: 279-280.
[39] WONG R. Big data privacy[J]. J Inform Tech SoftwEng, 2012(2): e114.
[40] WU X, ZHU X, WU G Q, et al. Data mining with big data[J]. IEEE Transactions on Knowledge and Data Engineering, 2014, 26(1): 97-107.
[41] AGGARWAL C C, PHILIP S Y. A General Survey of Privacy-Preserving Data Mining Models and Algorithms[M]. New York: Springer US, 2008.
[42] ATALLAH M, BERTINO E, ELMAGARMID A, et al. Disclosure limitation of sensitive rules[C]//Proceedings of Workshop on Knowledge and Data Engineering Exchange, November 7, 1999, Chicago, IL, USA. Piscataway: IEEE Press, 1999: 45-52.
[43] OLIVEIRA S R M, ZAIANE O R. Privacy preserving frequent itemset mining[C]// Proceedings of IEEE International Conference on Data Mining, Japan, December 9-12, 2002, Maebashi City. Piscataway: IEEE Press, 2002: 43-54.
[44] CHANG L W, MOSKOWITZ I S. An Integrated Framework for Database Inference and Privacy Protection[M]. Ifip Tc11/ Wg113 Fourteenth Working Conference on Database Security: Data&Application Security. New York: Springer US, 2000: 161-172.
[45] AGGARWAL C, PEI J, ZHANG B. A framework for privacy preservation against adversarial data mining[C]//Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, August 20-23, 2006, Philadelphia, USA. New York: ACM Press, 2006.
[46] AGRAWAL R, SRIKANT R. Privacy-preserving data mining[J]. ACM SIGMOD Record, 2000, 29(2): 439-450.
[47] MOSKOWITZ L W, CHANG I S. A Decision Theoretical Based System for Information Downgrading[R/OL]. (2011-08-27)[2015-11-20]. http://wenku.baidu.com/link?url=JAg4rujC4hcwRVbIulvyqgkMJaP fMQ41JAr8v4zfRmZwXWwBNndmDUm10WAIvXYEvlCWb2m34GnIBkADnLpgm8za3iyAHiDnChiaPZwthAW.
[48] CHANG L W, MOSKOWITZ I S. Parsimonious downgrading and decision trees applied to the inference problem[C]//Proceedings of the 1998 Workshop on New Security Paradigms, Charlottesville, Virginia, USA, 1998. New York: ACM Press, 1998: 82-89.
[49] OLIVEIRA S R M, ZAIANE O R. Privacy preserving clustering by data transformation[J]. Journal of Information and Data Management, 2010, 1(1): 37.
[50] VAIDYA J, CLIFTON C. Privacy-preserving k-means clustering over vertically partitioned data[C]//Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, August 24-27, 2003, Washington DC, USA. New York: ACM Press, 2003: 206-215.
[51] SANDHU R S, SAMARATI P. Access control: principle and practice[J]. IEEE Communications Magazine, 1994, 32(9): 40-48.
[52] SANDHU R S. Lattice-based access control models[J]. Computer, 1993, 26(11): 9-19.
[53] ZHANG W, LI A, CHEEMA M, et al. Probabilistic n-of-N skyline computation over uncertain data streams[J]. World Wide Web, 2015, 18(5): 1331-1350.
[54] SANDHU R S, COYNE E J, FEINSTEIN H L, et al. Role-based access control models[J]. Computer, 1996(2): 38-47.
[55] KUHLMANN M, SHOHAT D, SCHIMPF G. Role mining-revealing business roles for security administration using data mining technology[C]// Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, June 2-3, 2003, Como, Italy. New York: ACM Press, 2003: 179-186.
[56] RAY I, KUMAR M, YU L J. LRBAC: a location-aware role-based access control model[C]// Proceedings of the 2nd International Conference on Information Systems Security, December 19-21, 2006, Kolkata, India. New York: Springer US, 2006: 147-161.
[57] DAMIANI M L, BERTINO E, CATANIA B, et al. Geo-rbac: a spatially aware rbac[J]. ACM Transactions on Information and System Security (TISSEC), 2007, 10(1): 2.
[58] 張 穎君, 馮登國. 基于尺度的時(shí)空RBAC模型[J]. 計(jì)算機(jī)研究與發(fā)展, 2015, 47(7): 1252-1260.
ZHANG Y J, FENG D G. A role-based access control model based on space, time and scale[J]. Journal of Computer Research and Development, 2010, 47(7): 1252-1260.
[59] ENE A, HORNE W, MILOSAVLJEVIC N, et al. Fast exact and heuristic methods for role minimization problems[C]//Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, June 11-13, 2008, Estes Park, CO, USA. New York: ACM Press, 2008: 1-10.
[60] 翟志剛, 王建東, 曹子寧, 等. 最小擾動(dòng)混合角色挖掘方法研究[J]. 計(jì)算機(jī)研究與發(fā)展, 2015, 50(5): 951-960.
ZHAI Z G, WANG J D, CAO Z N, et al. Hybrid role mining methods with minimal perturbation[J]. Journal of Computer Research and Development, 2015, 50(5): 951-960.
[61] BLUNDO C, CIMATO S. A simple role mining algorithm[C]//Proceedings of the 2010 ACM Symposium on Applied Computing, March 22-26, 2010, Sierre, Switzerland. New York: ACM Press, 2010: 1958-1962.
[62] NINO V V. Role mining over big and noisy data theory and some applications[D]. Roma: Roma Tre University, 2011.
[63] FELTUS C, PETIT M, SLOMAN M. Enhancement of business it alignment by including responsibility components in RBAC[C]//Proceedings of the 5th International Workshop on Business/IT Alignment and Interoperability BUSITAL, June 2010, Hammamet, Tunisia. [S.l.:s.n.], 2010.
[64] Attribute-based access control[EB/OL]. [2015-12-08]. https://en.wikipedia.org/wiki/Attribute-based_access_control.
[65] GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security, October 30-November 3, 2006, Alexandria, Virginia, USA. New York: ACM Press, 2006: 89-98.
[66] BOBBA R, KHURANA H, PRABHAKARAN M. Attribute-sets: a practically motivated enhancement to attribute-based encryption[C]//Proceedings of the 14th European Symposium on Research in Computer Security, September 21-25, 2009, Saint-Malo, France. [S.l.: s.t.], 2009: 587-604.
[67] WAN Z, LIU J E, DENG R H. HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing[J]. IEEE Transactions on Information Forensics and Security, 2012, 7(2): 743-754.
[68] JIN X. Attribute-based access control models and implementation in cloud infrastructure as a service[D]. San Antonio: The University of Texas at San Antonio, 2014.
[69] LI A, HAN Y, ZHOU B, et al. Detecting hidden anomalies using sketch for high-speed network data stream monitoring[J]. Applied Mathematics and Information Sciences, 2012, 6(3): 759-765.
[70] YANG K, JIA X, REN K, et al. Enabling efficient access control with dynamic policy updating for big data in the cloud[C]// Proceedings of IEEE INFOCOM, April 27-May 2, 2014, Toronto, Canada. Piscataway: IEEE Press, 2014: 2013-2021.
[71] BLAZE M, BLEUMER G, STRAUSS M. Divertible protocols and atomic proxy cryptography[C]// Proceedings of International Conference on the Theory and Application of Cryptographic Techniques Espoo, May 13, 1998, Finland. Berlin: Springer, 1998: 127-144.
[72] LI A, XU J, GAN L, et al. An efficient approach on answering top-k queries with grid dominant graph index[C]// Proceedings of the 15th Asia-Pacific Web Conference, April 4-6, 2013, Sydney, Australia. Berlin: Springer, 2013: 804-814.
[73] ZHANG W M, CHEN B, YU N H. Improving various reversible data hiding schemes via optimal codes for binary covers[J]. IEEE Transactions on Image Processing, 2012, 21(6): 2991-3003.
[74] SUN W H, YU S C, LOU W J, et al. Protecting your right: attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud[C]//Proceedings of IEEE Conference on Computer Communications, April 27- May 2, 2014, Toronto, Ontario, Canada. Piscataway: IEEE Press, 2014.
[75] WANG Y C, LI F H, XIONG J B, et al. Achieving lightweight and secure access control in multi-authority cloud[C]//Proceedings of the 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, August 20-22, 2015, Helsinki, Finland. Piscataway: IEEE Press, 2015: 459-466.
方濱興(1960-),男,博士,中國工程院院士,主要研究方向?yàn)榇髷?shù)據(jù)、計(jì)算機(jī)網(wǎng)絡(luò)和信息安全。
賈焰(1960-),女,博士,國防科學(xué)技術(shù)大學(xué)教授,主要研究方向?yàn)榇髷?shù)據(jù)、網(wǎng)絡(luò)信息安全和社交網(wǎng)絡(luò)。
李愛平(1974-),男,博士,國防科學(xué)技術(shù)大學(xué)研究員,主要研究方向?yàn)榇髷?shù)據(jù)分析、數(shù)據(jù)挖掘和網(wǎng)絡(luò)信息安全。
江榮(1984-),男,博士,國防科學(xué)技術(shù)大學(xué)助理研究員,主要研究方向?yàn)殡[私保護(hù)和網(wǎng)絡(luò)信息安全。
總結(jié)
以上是生活随笔為你收集整理的【2016年第1期】大数据隐私保护技术综述(下)的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 作者:董诚,华中科技大学计算机科学与技术
- 下一篇: 数据库系统实训——实验九——函数