Research On The Model Of Geospatial Data Access Control

With the wide application of science technology such as Internet of Things, Cloud Computing and Mobile Internet, the acquisition and sharing of geospatial data is becoming more and more convenient, but the security problems of geospatial data will be highlighted. Even if many mature theories and technologies have already been proposed in the field of traditional information security for access control, a comprehensive framework, general and flexible enough to cope with the access control of geospatial data is still missing, this is because the geospatial data has very different characteristics from the traditional information, such as multi scale, spatial relationships, thematic attribute and so on.In this paper, we put forward the access control model for geospatial data file and database respectively and construct the efficient implementation mechanism for access control. The main contents include:(1)Discussing the related technology of geographic information as well as the commonly used access control model and constructing security threat model for geospatial data by the analysis of the existing security threats in the geospatial data’s production and sharing. Then, by combining with the characteristics of geospatial data as well as the basic principle of access control, access control strategies are proposed for the security threat model, so that the theory and technical support can be provided for the establishment and implementation of geospatial data access control model.(2)Presenting GDF-ABAC, an extension of the ABAC to deal with the problem that the access control of the geospatial data file is not flexible and has limitations. By extending with meta-attributes and the mechanism of encryption-decryption, this model could express the permit policy of multi-granularity which improves the flexibility for access control policy. Also, the idea of classification management and sequential control is used to construct the framework model and realization mechanism in multi-domain environment for GDF-ABAC, which keeps the geospatial data file under control. Finally, based on the GDF-ABAC model, an access control system which supports cross-platform and fine-grained access control is implemented for Shapefile data by the technology of file system filter driver.(3)Presenting a Multiple Feature Constraint Role Based Access Control model named MFC-RBAC to make up for the lack of traditional RBAC in geospatial database access control. By extending the multi scale, spatial relationships and thematic attribute constraint to the object of RBAC and spatio-temporal constraint to the activation of role, this model not only has strong ability to express the access control policy and meets the need of mobile applications but also increases the security for the access control of geospatial database. In addition, unit permit and the partial ordering relation between permissions are introduced to set up effective permissions, which reduces the redundance and improves the efficiency of policy decision. Finally, an access control system is implemented by the technology of middleware technology, which has proved that the MFC-RB AC is valid.(4)Presenting a Double Authorized R-Tree model named DART to deal with the problem that the efficiency of traditional realization for MFC-RBAC can not meet the need of massive geospatial database access control. This model combines the authorization policy information with SR+R-Tree which is content of a spatio-temporal 3D R-Tree and a 2D R-Tree. On one hand, it not noly makes the space operation executed as much as possible in the construction process of the authorization index to reduce the spatial operations in access control but also supports the access control of vector and raster data, on the other hand, the two retrieval processes of policies and spatial objects are combined into one, and the process of policy decision is simplified by the classification of authorization informations, which improves the efficiency of geospatial database access control.