| Access control is one of the core technologies to ensure the security of computing system.According to the pre-defined access authorization policy,subjects are granted access rights to objects,and the process of subjects' permission is under control so as to realize the authorized access of system resources.After the Age of Big Data,data volume growing at a very fast rate,the difficulty of data management also increases.Traditional access control model cannot protect privacy individually because it does not recognize users' privacy information,which can't meet the needs of data management and publication.Extending traditional access control model and adding privacy protection function into it is a new research hotspot.It needs to solve some problems such as privacy information identification,disclosure measurement,rule processing and so on.An access control system with privacy protection function can evaluate users' privacy disclosure in real time,make decisions from the perspective of privacy,prevent malicious third parties from sales promoting,information trading and telecommunications fraud by denying purposeful access to user information,so as to reduce users' risk of using network services and optimize the network environment.The goal of this paper is to realize the personalized protection of user's privacy information through access control,make decisions according to the degree of user's privacy disclosure and relevant rules so as to reduce the risk of privacy disclosure.The main research work includes the design and implementation of access control model based on ontology and XACML,the construction of privacy ontology in the model,the implementation of mapping algorithm and privacy disclosure measurement algorithm,and the optimization of access control rules using ontology reasoning engine.The access control model based on ontology and XACML is the core of this paper.It modifies and adds new modules on the basis of XACML access control model,integrates ontology into it,evaluates the risk of privacy disclosure of each access request and finally makes decisions.Privacy ontology in the model is used to unify semantics and provide the relationship between information.Mapping algorithm is used to associate attributes with semantics.Privacy disclosure measurement algorithm is used to calculate the degree of privacy information disclosure.Finally,rules are optimized by ontology reasoning machine,and decisions are made according to rules and disclosure values.The result of this paper are presented as an access control system with privacy protection function that based on ontology and XACML.The system maps accessed resources and attributes in access requests to the ontology and calculates the risk of privacy disclosure caused by the access.Users can protect privacy individually by setting threshold and privacy rules.When the disclosure value caused by access exceeds threshold or the access request is contrary to the rules,access control system will refuse the access.In this way,users' privacy information can be protected so that they can use network services safely. |
PDF Full Text Request