Optimization Research Of PBAC Based On Privacy Preferences

With the development of big data and cloud computing technology, private data of data owners may have been varying degrees of attack and leaks. At present, research works based on purpose based access control(PBAC) have protected data owner’s private data. However, existing PBAC models fail to identify different privacy preferences requirements. As a result, they do not provide with an effective approach on how to express privacy preferences appropriately, neither do they consider the details of how to match access purposes with intended purposes. Besides, access authorization in existing PBAC model is relatively static, when a large number of users make many requests for private information, some visitors cannot add to an associated access group dynamically. To address the problems above, this thesis optimizes research of PBAC based on privacy references, and main contributions are as follows:Firstly, from the perspective of data owners, we propose a privacy preferences enabled model for PBAC(PPE-PBAC). Our model takes diversities of privacy preferences and its quantized form into consideration. Privacy is divided into several ranks and private data is then classified into different types according to privacy preferences. Based on the classification, different cryptology algorithms(i.e. CP-ABE and CAST-128) are employed to encrypt and decrypt data for the security of private data. An encoding algorithm, together with a matching algorithm between access purposes and intended purposes are further proposed. Different kinds of access control policies are finally put forward for different types of private data.Secondly, in the PPE-PBAC model, data owners can create an associated access group according to their privacy preferences and then grant some permissions to this group. Members of same access group have the same permissions and can access the data in the group. Data owners can assign an access group for known visitors in advance, and also can allow unknown visitors to find an access group dynamically. When unknown visitors make requests for data access, model can assign an associated access group to these visitors through the dynamic authorization method, which can make the process of authorization dynamic.Finally, based on the above theories, this paper designs and then implements privacy preferences based access control simulation prototype system and application demonstration. System implementation is analyzed in details in the process of demand analysis, general design and module design, which can illustrate the feasibility and effectiveness of our model proposed in this thesis.