With the advent of big-data era,it is no longer confined to a traditional closed environment to store and access data;meanwhile,information security is also a matter of national security,personal privacy and interests of enterprises.In the past,a well-ran data security architecture in closed environment shields the security of data by protecting a single system which is treated as the core of this architecture.However,data live in that relatively safe system in the state of "naked".Image that someone gains the access of system in an illegal mean,the naked data are not capable of staying safe anymore.It is easy to finger out that going to a new open environment,wel-ran skills in past look like out of keeping on playing stable roles.The data-oriented security architecture(DOSA)is a new generation of solution,brought to solve these unprecedented chalenges.DOSA not only focuses on usage and management to data,but also be designing,at a level of architecture and in a comprehensive way,a future-suitable data security setup.Base of DOSA is cloud computing;principled request is data being "born in encrypting,using with authorizing";security technology comes from the public key infrastructure(PKI).In the world of DOSA,everything is data,and everything’s base is also data.So,base of data is data,too,in reason of that data is not existing in isolation.There are a set of extra information,caled metadata,following data to describe them,such as life cycle,ownership,security rank,etc.To make use of data,the core elements of DOSA,there are four important parts for DOSA to provide basic framework services,namely: data register center(DRC),data authority center(DAC),data exception control center(DEC)and data application units(DAUs).Among them,DAC is the key components to protect data security and maintain data owners’ benefits,and provide data authorization and accounting services for DOSA.The primary contents in this paper go as follows:(1)To research the data-oriented security architecture(DOSA)To study data register center(DRC),data authority center(DAC),data exceptioncontrol center(DEC)and data application units(DAUs).(2)To research the data authorization mechanism of DACTo research traditional data security protection mechanism(access authority control),to research data encryption method,to research the relationship between data encryption method and data authorization mechanism of DAC(Born of encryption and Using after authorized).(3)To research the data encryption strategy of DAC and user authentication methodTo research symmetric encryption algorithms,to research asymmetric encryption algorithm RSA,to research the efficiency of symmetric and asymmetric algorithms,to research data encryption strategy issues,to research user authentication methods.(4)To research the classification of user roles in DAC and DRCTo research the classification of user roles in DAC,to research the classification of user roles in DRC,to research the relationship between DAC user roles and DRC user roles.The innovations of this paper:(1)Having designed and implemented a data authorization mechanism and security application scheme of DAC.In DOSA,data "Born of encryption and Using after authorized”.The RSA method is the main measure to ensure data security,also the way to authenticate data authority.In the design of this paper,each user may send a pair of keys,in which the public key will be publish by DAC and private should be preserved properly by user himself.Data are encrypted in case of storage and transportation,and decrypted while using,to maximally avoid risk of data leakage.The research results of this paper are as follows:(1)Further improved the data oriented security architecture(DOSA)DOSA includes four major components of DRC,DAC,DEC,and DAUs.DRC provides data indexing and query service for users;DAC provides data authorization and authentication services;DEC adaptive management of data,ensure the uniqueness and the consistency of the data;DAUs is the basic functional unit in DOSA,users can quickly and easily build data application.Among them,DAC is the main research content of this paper.(2)Initially implemented a data authority centerIn DOSA,user authorization no longer uses traditional authorization methods,while new authorization mechanisms are combined with data encryption.DAC has the following functions: user application key;user logout key;the user application data to the data owner authorized users to apply for an extension of data;master data authorization;master data to other users to access data;the data owner cancel authorization data to make friends,as strangers;master data no data to make friends to visit.The enemy;data to the host friend request data,DAC billing.(3)Compared the efficiency of symmetric and asymmetric algorithms and improved data encryption strategyThe performance differences between symmetric encryption and RSA asymmetric encryption are compared,and an improved method for improving security and efficiency is proposed.In general,DOSA data encryption using RSA encryption algorithm,but for large,or no extreme security requirements of data,in order to improve the efficiency of encryption and decryption,can also use symmetric encryption algorithm,and then use the RSA symmetric key encryption.(4)Implemented the user authentication of DACUser authentication mainly depends on the CA system,and DAC also provides key management functions for users.(5)Completed the classification and researched relationship of DAC and DRC user rolesIn DRC,user roles are divided into owners,users,and producers.In DAC,user roles are divided into data masters,friends,strangers,and enemies.These different roles are not identical but interrelated,simplifying real-life data and relationships between different users.This solution is based on.Net Framework 4.5 and Access database,using C# to develop GUI and DAO,C++/CLI to develop encryption/decryption module which need high performance requirements.In this paper,a comprehensive test of the DAC is carried out to demonstrate its stability and good operation.In addition,this paper also compares the performance differences between symmetric encryption and RSA asymmetric encryption,and proposes an improved method to improve the security and efficiency. |