CN106326760B - It is a kind of for data analysis access control rule method is described - Google Patents
It is a kind of for data analysis access control rule method is described Download PDFInfo
- Publication number
- CN106326760B CN106326760B CN201610791574.4A CN201610791574A CN106326760B CN 106326760 B CN106326760 B CN 106326760B CN 201610791574 A CN201610791574 A CN 201610791574A CN 106326760 B CN106326760 B CN 106326760B
- Authority
- CN
- China
- Prior art keywords
- data
- data resource
- access control
- access
- control rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provide it is a kind of for data analysis access control rule method is described, comprising: user role is divided into one or more character units according to application scenarios, and data resource is divided into one or more data elements by S1;User role is organized into the form of hierarchical structure by S2, and wherein intermediate node contains the corresponding character units of its all descendent node, and wherein leaf node then corresponds to specific personnel corresponding to the character units under some application scenarios;Data resource is organized into the form of hierarchical structure, wherein intermediate node contains the corresponding data element of its all descendent node, and leaf node has then corresponded to one group of real data;S3 specifies set for each data resource;S4 is based on user role, data resource and movement, describes the access control rule controlled the access of data resource.Access controls while the present invention is supported to data resource, and can require to carry out data resource specific desensitization operation.
Description
Technical field
The present invention relates to data resource rights management control technology field more particularly to a kind of access for data analysis
Control regular description method.
Background technique
Data, which are analyzed, to be referred to statistical analysis technique appropriate, the process of proposition useful information and conclusion from data.With
The development of the relevant technologies such as cloud computing, big data, more and more enterprises and mechanism start with data analysis technique excavation
Value in business data.Typical application scenarios include retailer, medical institutions and social networks etc..However, business number
Many sensitive informations, such as userspersonal information and trade secret information are generally comprised in.In order to protect the peace of business data
Entirely, it needs to control data access.
Access control technology guarantees that resource is not illegally used and accesses by way of controlling access authority.In order to utilize
Access control technology protects business data, and administrator writes visit firstly the need of using the manageable access control language of computer
Ask control rule.Currently, some common access control models or language include RBAC (Role Based Access
Control, access control based roles) and XACML (eXtensible Acess Control Markup Language,
Expansible access control markup language).In RBAC, the use with certain role is forbidden or allowed to every access control rule
Family accesses certain data resource.XACML then supports syntactic element more abundant, wherein every access control rule allows or prohibits
Only certain user accesses certain data resource under certain conditions with which kind of movement.
However, analyzing scene for data, there is following two o'clock in current access control technology.First, it is existing
Access control technology usually assumes that data resource is independent, thus access controls while be difficult to a variety of data.But
Data analysis script would generally access a variety of data resources simultaneously with for statistical analysis, and may also deposit between data resource
In related information.For example, data analyst can not only obtain both letters when accessing customer address and sales figure simultaneously
Breath, it is also possible to additionally obtain the inventory records that the customer in each address is bought.Therefore, it in data analysis, not only needs
Individual data resource is controlled, it is also desirable to which access controls while consideration to a variety of data resources.Second, it is existing
Access control technology usually only support the direct authorization to data resource access, and cannot require to carry out on data resource special
Fixed operation.But data analyze script be substantially computer program, and would generally to data resource carry out it is certain operation with
Remove sensitive information therein, such as summation, average and break-in operation etc..Therefore, in order to more accurately to data resource access
It is authorized, it is also desirable to take into account these desensitization operations.
Summary of the invention
The purpose of the present invention is the above-mentioned two problems based on existing access control technology, propose a kind of suitable for data point
The access control rule of analysis describes method, and access controls while support to data resource, and can require to data
Resource carries out specific desensitization operation, therefore can more accurately be controlled data resource access by it.
In order to achieve the above object, a kind of access control rule for data analysis of the invention describes method, it is specific to wrap
Include following steps:
User role is divided into one or more character units according to application scenarios, and data resource is divided by S1
For one or more data elements;
User role is organized into the form of hierarchical structure by S2, and wherein intermediate node contains its all descendent node pair
The character units answered, wherein leaf node then corresponds to specific personnel corresponding to the character units under some application scenarios;It will
Data resource is organized into the form of hierarchical structure, and wherein intermediate node contains the corresponding data element of its all descendent node, leaf
Child node has then corresponded to one group of real data;
S3, for the specified corresponding set of each data resource;
S4 is based on the user role, data resource and movement, describes the access controlled the access of data resource
Control rule.
Preferably, the specific personnel are the data analyst under some corresponding application scenarios.
Preferably, described act includes:
Access movement, output action and condition judgement movement;
The access movement then indicates that data resource is exported or is used in condition judgement;
The output action indicates that some data resource is output in final result;
The condition judgement movement indicates that some data resource is used in condition judgement, but is not either directly output.
Preferably, the access control rule includes:
User role, data resource and limitation;
And require when user accesses one group of data resource simultaneously, it is necessary to data resource be carried out according to the limitation corresponding
Desensitization operation.
Preferably, described limit includes:
Direct forbidden data analyzes script;
Alternatively,
It is acted according to condition judgement and carries out one or more desensitization limitations.
Preferably, each data resource being limited in access control rule that desensitizes is associated with one group of desensitization operation, and
It is required that the data resource is desensitized with some desensitization operation therein;The desensitization operation quoted in the desensitization limitation is right
The data resource answered is supported.
The present invention also provides a kind of access control methods for data analysis, ask in the access for receiving data analysis
When asking, accessed control based on above-mentioned access control rule.
The present invention has the following technical effect that it can be seen from the technical solution of aforementioned present invention
Compared to existing access control technology, access control rule proposed by the present invention describes method and combines data point
The characteristics of analysing script, access controls while support to data resource, and can require to carry out data resource specific
Desensitization operation.Therefore, this method more flexible, accurate can describe the access control rule for being used for data analysis, and more
Scene is analyzed suitable for data.
Detailed description of the invention
Attached drawing 1 is that a kind of access control rule for data analysis of the invention describes method flow diagram;
Attached drawing 2 is the schematic diagram of user role hierarchical structure;
Attached drawing 3 is the schematic diagram of data resource hierarchical structure.
Specific embodiment
It is proposed by the present invention be it is a kind of suitable for data analysis access control rule method is described, in conjunction with attached drawing and implementation
Example is described as follows.
As shown in Figure 1, the method includes the steps of:
Step S1: being divided into one or more character units for user role according to application scenarios, and by data resource
It is divided into one or more data elements;One of character units corresponding data is analyzed into personnel;By one of data element pair
Answer one group of real data.
User role: being organized into the form of hierarchical structure by step S2, and wherein intermediate node contains its all offspring's section
The corresponding character units of point, wherein leaf node then corresponds to specific people corresponding to the character units under some application scenarios
Member;Data resource is organized into the form of hierarchical structure, wherein intermediate node contains the corresponding data of its all descendent node
Member, leaf node have then corresponded to one group of real data.
Define user role.Each user role has corresponded to one group of data analyst in reality.
When writing access control rule, the user role of definition can be quoted.Meanwhile it can be by user role
Tissue is the form of hierarchical structure.Wherein, intermediate node is for the hierarchical relationship between organization node, and it is all to contain its
The corresponding user role of descendent node;Leaf node then corresponds to the data analyst in reality.
For example, Fig. 2 gives the example of user role hierarchical structure.Wherein, the user role Analyst of top layer is corresponding
All data analysts.Based on the task that data analyst is distributed, Analyst is further divided into Report again
The data analyst of Analyst, Marketing Analyst and Advertise Analyst next stage level.
Define data resource.Each data resource has corresponded to a kind of real data.When writing access control rule, equally
The data resource of definition can be quoted.Similar, it can also be the form of hierarchical structure by data resource tissue.Its
In, intermediate node is used for the hierarchical relationship between organization node, and contains the corresponding data resource of its all descendent node;Leaf
Child node has then corresponded to real data.
When defining data resource, the desensitization operation of data resource support can also be defined.Desensitization operation is for removing divisor
According to the sensitive information of resource, allow to have secure access to.When data resource is organized into the form of hierarchical structure, a centre
The desensitization operation that node is supported is supported by its all the progeny's node automatically.
For example, Fig. 3 gives the relevant data resource hierarchical structure example of customer's personal information.Wherein, All represents institute
Some data resources, according to application scenarios, be further divided into again Key Attribute, Quasi Identifier and
Sensitive Attribute.Key Attribute represent can uniquely position individual data resource, such as name and
Telephone number.Quasi Identifier indicates that those are possible to the data resource of positioning individual when combining access,
Such as a combination is birthday, postcode and gender.Sensitive Attribute indicates the relevant number of customer's sensitive information
According to resource, such as the commodity Sale_Item and price Sale_Price of customer's purchase.For selling price Sale_Price,
Desensitization operation can be converging operation, such as avg (average), sum (summation), max (taking big) and min (taking small) etc..And for
Postcode Zip, desensitization operation can be truncate (truncation) operation, for clipping certain positions in postcode.
Step S3: for each data resource required movement;
Step S4, based on the user role, data resource and movement, description controls the access of data resource
Access control rule.
Access control rule is write, data access is controlled.Every rule all includes three parts: user role, number
According to resource and limitation.And require when certain user simultaneously access one group of data resource when, it is necessary to according to limitation to data resource into
The corresponding desensitization operation of row.
Above-mentioned limitation includes: direct forbidden data analysis script;One or more is carried out alternatively, acting according to condition judgement
Desensitization limitation.The each data resource being limited in access control rule that desensitizes is associated with one group of desensitization operation, and requires the data
Resource is desensitized with some desensitization operation therein;The desensitization quoted in desensitization limitation is operated by corresponding data resource institute
It supports.
It writes access control rule and specifically writes that steps are as follows:
1. writing the User Part of access control rule.It quotes a user role and defines the applicable number of access control rule
According to analysis personnel.When user role is organized into hierarchical structure, rule is automatically suitable for all offsprings section for the node that is cited
The corresponding user role of point, but the descendent node being cited can also be not intended to explicit exclusion.
2. writing the data portion of access control rule.It quotes one or more data resources and defines access control rule institute
Applicable data.Only when all data resources quoted in access control rule are accessed simultaneously, the access control rule
It can just be triggered.When data resource is organized into hierarchical structure, if the corresponding number of some descendent node for the node that is cited
Accessed according to resource, then the node being cited also is accessed;Likewise, the certain offsprings for the node that can also be cited with explicit exclusion
Node.In addition, an access movement can be defined when writing data portion for each data resource.Access movement is divided into three
Kind, i.e. access (access), output (output) and condition (condition judgement).Wherein, output movement indicates some number
It is output in final result according to resource, condition movement indicates that some data resource is used in condition judgement, but does not have
It is either directly output, access movement then indicates that data resource is exported or is used in condition judgement, that is, it is dynamic to contain output
Make and condition is acted.
3. writing the restricted part of access control rule.Restricted part can directly forbid (forbid) data to analyze foot
This, or the one or more desensitization limitations of definition, to carry out corresponding desensitization operation according to condition judgement movement.Wherein, one
A each data resource being limited in access control rule that desensitizes both defines one group of desensitization operation, and requires the data resource
It must be desensitized with some desensitization operation therein.The desensitization operation quoted in desensitization limitation must be provided by corresponding data
It is supported in source.If limited in an access control rule comprising multiple desensitizations, data analysis script should at least meet wherein
One desensitization limitation.
For example, the example of some access control rules is shown below.Wherein=> front has corresponded to access control rule
User Part and data portion, behind then corresponded to restricted part.
Example 1:
R1:Analyst exclude Marketing Analyst, [access Name]=> forbid
Access control rule r1 forbids the data analyst other than Marketing Analyst to access customer's surname
Name, the i.e. only accessible Customer Name of Marketing Analyst.
Example 2:
R2:Analyst, [output Address, output Sale_Price]=> [{ }, avg, sum, min,
max}]
Access control rule r2 is required when data analyst exports Address and Sale_Price simultaneously, it is necessary to right
Sale_Price carries out avg, sum, min or max operation, but does not have desensitization requirement to Address.Due in data resource level
In structure, Address further comprises State, City, Street and Zip, therefore when one of them and Sale_Price mono-
When playing output, the access control rule is equally applicable.In addition, Address and Sale_Price in the access control rule are
Output movement is corresponded to.It therefore, should when Address or Sale_Price, which are not either directly output, to be used for condition and judge
Access control rule will be no longer applicable in.
Example 3:
R3:Analyst, [access State, access City, access Street]=> forbid
Access control rule r3 forbidden data analysis personnel access State, City and Street simultaneously.However, data point
Analysis personnel can individually access some or two data resources in three, such as individually access State, or access simultaneously
State and City.
After the completion of above-mentioned access control rule description, after receiving for the access control request of data analysis, it is based on
The access control rule controls access control request.The access control method specifically comprises the following steps:
For every access control rule, first check for whether data access request triggers the access control rule;If
Whether triggering, re-inspection data access request meet the limitation of the access control rule;If satisfied, then continuing to traverse subsequent visit
Control rule is asked, until the data recourse requests are just authorized to when data access request meets all access control rules;It is no
Then, which will be rejected.
The above embodiments are only used to illustrate the present invention, and not limitation of the present invention, in relation to the common of technical field
Technical staff can also make a variety of changes and modification without departing from the spirit and scope of the present invention, therefore all
Equivalent technical solution also belongs to scope of the invention, and scope of patent protection of the invention should be defined by the claims.
Claims (4)
1. a kind of access control rule for data analysis describes method, which is characterized in that the described method includes:
User role is divided into multiple character units according to application scenarios, and data resource is divided into multiple data by S1
Member;
User role is organized into the form of hierarchical structure by S2, and wherein it is corresponding to contain its all descendent node for intermediate node
Character units, wherein leaf node then corresponds to specific personnel corresponding to the character units under some application scenarios;By data
Resource is organized into the form of hierarchical structure, and wherein intermediate node contains the corresponding data element of its all descendent node, leaf section
Point has then corresponded to one group of real data;
S3, for the specified corresponding set of each data resource;
S4 is based on the user role, data resource and movement, describes the access control controlled the access of data resource
Rule;The access control rule includes: user role, data resource and limitation;And it requires to access one group of number simultaneously as user
When according to resource, it is necessary to carry out corresponding desensitization operation to data resource according to the limitation;
The limitation therein includes: to be acted to carry out one or more desensitization limitations according to condition judgement;
The each data resource being limited in access control rule that desensitizes is associated with one group of desensitization operation, and the data is required to provide
It is desensitized with some desensitization operation therein in source;The desensitization quoted in the desensitization limitation is operated by corresponding data resource
It is supported.
2. a kind of access control rule for data analysis according to claim 1 describes method, which is characterized in that institute
Stating specific personnel is the data analyst under some corresponding application scenarios.
3. a kind of access control rule for data analysis according to claim 1 or 2 describes method, feature exists
In the movement includes:
Access movement, output action and condition judgement movement;
The access movement then indicates that data resource is exported or is used in condition judgement;
The output action indicates that some data resource is output in final result;
The condition judgement movement indicates that some data resource is used in condition judgement, but is not either directly output.
4. a kind of access control method for data analysis, which is characterized in that when receiving the access request of data analysis,
It is accessed control based on the access control rule in the claim 1-3 any one.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610791574.4A CN106326760B (en) | 2016-08-31 | 2016-08-31 | It is a kind of for data analysis access control rule method is described |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610791574.4A CN106326760B (en) | 2016-08-31 | 2016-08-31 | It is a kind of for data analysis access control rule method is described |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106326760A CN106326760A (en) | 2017-01-11 |
CN106326760B true CN106326760B (en) | 2019-03-15 |
Family
ID=57789334
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610791574.4A Active CN106326760B (en) | 2016-08-31 | 2016-08-31 | It is a kind of for data analysis access control rule method is described |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106326760B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107871083A (en) * | 2017-11-07 | 2018-04-03 | 平安科技(深圳)有限公司 | Desensitize regular collocation method, application server and computer-readable recording medium |
CN110691061B (en) * | 2018-07-06 | 2020-12-08 | 电信科学技术研究院有限公司 | Resource access control method and device |
CN110795761A (en) * | 2019-10-29 | 2020-02-14 | 国网山东省电力公司信息通信公司 | Dynamic desensitization method for sensitive data of ubiquitous power Internet of things |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1842785A (en) * | 2003-02-14 | 2006-10-04 | Bea系统公司 | System and method for hierarchical role-based entitlements |
CN101771698A (en) * | 2010-01-15 | 2010-07-07 | 南京邮电大学 | Grid visit control method based on extendible markup language security policy |
CN103902742A (en) * | 2014-04-25 | 2014-07-02 | 中国科学院信息工程研究所 | Access control determination engine optimization system and method based on big data |
CN104301301A (en) * | 2014-09-04 | 2015-01-21 | 南京邮电大学 | Inter-cloud-storage-system data migration encryption method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120233220A1 (en) * | 2011-03-08 | 2012-09-13 | Albert Kaschenvsky | Controlling Access To A Computer System |
-
2016
- 2016-08-31 CN CN201610791574.4A patent/CN106326760B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1842785A (en) * | 2003-02-14 | 2006-10-04 | Bea系统公司 | System and method for hierarchical role-based entitlements |
CN101771698A (en) * | 2010-01-15 | 2010-07-07 | 南京邮电大学 | Grid visit control method based on extendible markup language security policy |
CN103902742A (en) * | 2014-04-25 | 2014-07-02 | 中国科学院信息工程研究所 | Access control determination engine optimization system and method based on big data |
CN104301301A (en) * | 2014-09-04 | 2015-01-21 | 南京邮电大学 | Inter-cloud-storage-system data migration encryption method |
Non-Patent Citations (1)
Title |
---|
"基于描述逻辑的访问控制策略冲突检测方法研究";黄凤;《中国优秀硕士学位论文全文数据库 信息科技辑》;20110615(第06期);论文第3.1.2节、4.1.1-4.1.3节、4.2.1节,图4.1、4.2、4.4 |
Also Published As
Publication number | Publication date |
---|---|
CN106326760A (en) | 2017-01-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11516219B2 (en) | System and method for role mining in identity management artificial intelligence systems using cluster based analysis of network identity graphs | |
US11122050B2 (en) | System and method for intelligent agents for decision support in network identity graph based identity management artificial intelligence systems | |
US11196804B2 (en) | System and method for peer group detection, visualization and analysis in identity management artificial intelligence systems using cluster based analysis of network identity graphs | |
US6275824B1 (en) | System and method for managing data privacy in a database management system | |
US8024339B2 (en) | Apparatus and method for generating reports with masked confidential data | |
US6253203B1 (en) | Privacy-enhanced database | |
US20140012833A1 (en) | Protection of data privacy in an enterprise system | |
US20060277594A1 (en) | Policy implementation delegation | |
US20050278334A1 (en) | Managing user authorizations for analytical reporting based on operational authorizations | |
US20110231317A1 (en) | Security sensitive data flow analysis | |
JP2000148924A (en) | Card system improving privacy protection function | |
Costante et al. | A white-box anomaly-based framework for database leakage detection | |
US20070239471A1 (en) | Systems and methods for specifying security for business objects using a domain specific language | |
US20100145997A1 (en) | User driven ad-hoc permission granting for shared business information | |
Ghavami | Big data management: Data governance principles for big data analytics | |
US20090259622A1 (en) | Classification of Data Based on Previously Classified Data | |
CN106326760B (en) | It is a kind of for data analysis access control rule method is described | |
US11822685B2 (en) | System and method for artifact management and representation in identity management systems and uses of same, including representation of effective access and application of identity management policies | |
US10198583B2 (en) | Data field mapping and data anonymization | |
US8132227B2 (en) | Data management in a computer system | |
US20130066893A1 (en) | Protection of data privacy in an enterprise system | |
US9330276B2 (en) | Conditional role activation in a database | |
Sano et al. | SeBeST: security behavior stage model and its application to OS update | |
Fotache et al. | Framework for the Assessment of Data Masking Performance Penalties in SQL Database Servers. Case Study: Oracle | |
JP2005196699A (en) | Personal information management system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |