Study On The Event Stream Processing In The Real-Time And Dynamic Access Control

Access control is one of the key technology of information safety. The development of information technology asks for improving safety skills of access control and the subject history access behavior is becoming more and more important to access control. The lack of subject history behavior data leads that existing access control models cannot mine compound relation mode from user history behaviour data to authorize decision-making. User history behavior data has the characteristics of producing fast and a large scale of data, so the method based on relational database and data warehouse cannot analyze of user behavior data in real time and online. Therefore, it is worth studying the issue that how to achieve the access control technology by which the user history behaviour data can be analyzed and processed in real time and online under the environment supporting big data.In this paper, the method of event stream processing is utilized for the first time to solve the problem that the compound relationship model authorize decision-making during access control. With the help of the event stream processing technology analyze dynamic data in real time and online, the event stream-based access control model is implemented, which can analyze and process user behaviour data generated quickly in real time and online, and authorize decision-making. Setting the processing boundary of user history behaviour data by means of the sliding window in event stream processing technology and aggregating data that reach the sliding window quickly in real time and online combining the events aggregation technology solve the problem that the current access control model support user history behavior data insufficiently.In view of the problem that the Event Stream-Based Access Control model is not flexible for a large number of meta-permission to access control requirements. This paper proposed a matching authorization policy priority mode to improve the Event Stream-Based Access Control model from the working mechanism. An event matching processing unit is added before the event stream processing unit, and the authorization rules is defined in the event matching unit for simple meta-permission directly. To match in advance for the incoming data event stream processing unit and output direct authorization for the successful matching data. This enhance the flexibility and efficiency authorization of the Event Stream-Based Access Control model.Finally, the event stream access control model prototype system is achieved based on the Java platform and open source event stream processing engine and the event stream access control model is applied to e-commerce system prototype system online complex access control needs, which verify the effectiveness of the event stream access control model in terms of security expression of the access control model.Then, the experimental analysis is carried out on the two aspects of the prototype system from the static authorization data connection query and the dynamic data aggregation capability. Static authorization data connection inquiry indicates that the data processing performance of the prototype system is superior to MySQL and Mongo database. The experimental results of the dynamic data aggregation capability show that the data aggregation time of Oracle database increases linearly with the increase of data size, while the aggregation time of the prototype system remains the same in the case of the dynamic increase of data.