Private Data Access Control Mechanism Based On Access To The Purpose Of Research

The rapid development of network technology and the aboard application of information-sharing system provide many value-added services on net-work-based information transfer and access. However, while enjoying the convenient service, the privacy data leakage risks also increase. For controlling the privacy data leakage risks, the United States and other countries issued various specifications of privacy data access control, such as HIPAA and OECD. In order to integrate these control specifications into database, Hippocratic Database proposed "Data-Level Control" based privacy data management technology. This technology is an architecture that combines the data protection technology theory, the architecture research and appli-cation of specific expertise areas together. Then the purpose based metadata data privacy access control model research and application become the main research problems of privacy database access control mechanism. With the deepening of practical application scenario, the privacy data leak problem caused by the purpose based metadata build and integration is gradually exposed.Start from the requirements of privacy data access control in practical applica-tion scenarios, this paper aims at the existing problems of purpose based metadata access control models, and studies four issues, that is, the performance analysis after the purpose based metadata adding to relational database, the purpose metadata inte-grated model discovery in multi-system integration, the purpose data reconstruction under xml pattern, the purpose metadata frequent pattern mining in distributed pri-vacy database. Then the paper does some exploration and research of the implement of purpose access control mechanism in different privacy access scenarios to solve the privacy data access control problems based on different applications. The main researches in this paper are as follows:1. Proposed data purpose concept hierarchical based privacy data access con-trol mechanism R-PAACEE on relational database.In the mechanism R-PAACEE, the data purpose is the accessible label of privacy data, and use the data purpose hierarchical model as an attribute of the privacy data, then gene-rates a number of metadata patterns corresponding to the data purpose and pri-vacy data. Meanwhile, the paper uses access purpose as an attribute of the me-tadata, which indicates a minimum user’s query requirements, and use the match between the data purpose and the access purpose to achieve the privacy-oriented access control. The experiments show it can effectively control the privacy data leakage to do the query in the database with the privacy data access control me- chanism, and the query time overhead is not large.2. Proposed the purpose based privacy data access control implementation mechanisms in multi-application system integration environment. The mod-el uses the purposes as the carrier of the privacy data, and uses the purpose tree path as the data transmission channels of privacy data, and further introduces the calculation model of explicit privacy degree and implicit privacy degree to as-sess the potential privacy leak risk of a purpose query.Firstly, we point out that the combined purpose tree is a privacy leakage risk tree, and give the calculation model of tree node privacy risk degree. Secondly, we decompose the privacy leakage risk tree into a risk balanced tree and a set of risk paths. Then a query is rewritten as two queries to achieve a minimum security risk of privacy leak search results, that is query on risk balanced tree firstly and then query risk paths. The experiments show that the execution of the mechanism don’t bring greater overhead in query time, and reduce the privacy data leakage risk caused by the imbalance of access control mechanisms while application integration.3. Gives the purpose metadata based minimum safe tree to solve the problem of xml privacy data query leakage. The minimum safe tree is a set of path ex-pressions without redundant paths and represented by XPath fragment, which point to a privacy node in the xml data model, and is the constraints of the privacy data access path. The calculation of redundant paths in the minimum safe tree uses an XPath fragment containing discrimination technology. Experiments show that the minimum safety tree based privacy access control can solve the privacy dataleakage problem brought by the data hierarchy in xml mode, and the generation time of the minimum security access tree depends on the labeling time of privacy node in the xml tree and the privacy path redundan-cy containing discrimination time.4. Proposed a purpose metadata integration model based privacy data re-trieval and sharing mechanism and the metadata tree mining algorithms MSegMeta. A metadata sequence is a complete path from the root node to the leaf nodes, and an item of element is a sub-path contained by a complete path. This paper further introduces the path constraints and the edge order constraints of the path to the metadata tree sequence mining algorithm MSegMeta. The al-gorithm uses the concept of entropy to calculate the information of the metadata tree integrated model, and uses the amount of information as the basis for se-lecting query control mode. When there is a set of integration patterns with the same support degree, its entropy is used as the conditions for pattern selection. The experiments show that the MSegMeta algorithm can quickly find the inte-grated access control pattern of the distributed metadata tree, and the control patterns can also become the reference for the institutions to adjust the organiza-tion of their xml privacy data.