CN112560080A - Data exchange control method for big data application - Google Patents
Data exchange control method for big data application Download PDFInfo
- Publication number
- CN112560080A CN112560080A CN202011210335.8A CN202011210335A CN112560080A CN 112560080 A CN112560080 A CN 112560080A CN 202011210335 A CN202011210335 A CN 202011210335A CN 112560080 A CN112560080 A CN 112560080A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- desensitization
- authority
- strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000000586 desensitisation Methods 0.000 claims abstract description 53
- 238000011217 control strategy Methods 0.000 claims abstract description 10
- 230000011218 segmentation Effects 0.000 claims description 26
- 238000013507 mapping Methods 0.000 claims description 10
- 230000000694 effects Effects 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000000366 juvenile effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention relates to the technical field of data security, in particular to a data exchange control method for big data application, which comprises the following steps: A) constructing a model layer between a user and a large database, wherein the model layer is preset with a query strategy; B) the model layer receives a user data query request and converts the user data query request into a preset query strategy, wherein the query strategy comprises a permission management and control strategy and a data desensitization strategy; C) the authority control strategy controls the user query authority, and the data desensitization strategy desensitizes the queried data and returns the desensitized data to the user. The substantial effects of the invention are as follows: by establishing a model layer between a database and a user and establishing an authority control and sensitive data desensitization strategy in the model layer, through a desensitization algorithm, sensitive data can be prevented from being leaked, the sensitive data can generate value, and the data value is improved.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a data exchange control method for big data application.
Background
With the rise of big data technology, a large amount of data used and generated in daily life is stored, and finally, data value is formed to be utilized. In the stored data, there is a large amount of data relating to privacy and even security, and the storage and use of such data is a technical challenge. The data related to privacy is used to generate data value, and the data security is ensured, so that the data is not leaked illegally, and the privacy of the user is ensured. At present, a technology for ensuring that user privacy data is not leaked is a database water dam technology. The database dam perfects an admission management mechanism by classifying and grading sensitive data, finely manages user access authority, protects the data from inside to outside, minimizes threats from the inside of the database, and can effectively defend Lesojour virus.
For example, chinese patent CN109033873A, published 2018, 12 and 18, a data desensitization method for preventing privacy leakage specifically includes the following processes: removing the explicit association according to the same index field among different data tables of the database; defining a cryptography function aiming at index fields among the data tables, and processing the associated ID; and calculating the associated ID value according to the cryptography function, and performing data access after writing the associated ID value. The method adopts the cryptology idea to perform algorithm processing on the association fields among the data tables and remove strong association coupling between different tables and different data of the database and user information, so that even under the condition of acquiring the super authority of the user database, the association between the data and the information cannot be known, the relationship between the acquired data and the user cannot be confirmed, and the privacy protection of the data is realized. Although database dam technology effectively prevents sensitive data from being leaked, the path of data value generated by the sensitive data is blocked.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the method has the technical problem that a data control method which can ensure the safety of the sensitive data and can enable the sensitive data to generate value is lacked at present. The method can ensure that the sensitive data of the user are not leaked, and can generate application value for the sensitive data.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: a data exchange control method for big data application comprises the following steps: A) constructing a model layer between a user and a large database, wherein the model layer is preset with a query strategy; B) the model layer receives a user data query request and converts the user data query request into a preset query strategy, wherein the query strategy comprises a permission management and control strategy and a data desensitization strategy; C) the authority control strategy controls the user query authority, and the data desensitization strategy desensitizes the queried data and returns the desensitized data to the user. The model layer is established between the database and the user, the authority control and sensitive data desensitization strategy is established in the model layer, leakage of sensitive data is effectively avoided, and the data desensitization strategy is used for desensitizing the data and then providing the desensitized data to the user, so that the sensitive data can generate value while not being leaked.
Preferably, in step a), the method for constructing the model layer includes: A1) acquiring sensitive data fields in a big database; A2) setting roles and role authorities for sensitive data fields, wherein the role authorities comprise original data acquisition, desensitization data acquisition and prohibition of acquisition; A3) presetting a plurality of roles and role authorities for an access user; A4) and setting a desensitization algorithm for the sensitive data field, converting the desensitization algorithm into desensitization query statement segments, and replacing the desensitization query statement segments with corresponding query statement segments when desensitization data is required to be acquired.
Preferably, in step a4), the desensitization algorithm includes: manually dividing intervals for the numerical sensitive data, and returning the intervals to the user instead of the numerical sensitive data; or constructing a data tag, establishing a mapping relation between the data tag and the sensitive data, and returning the data tag to the user instead of the sensitive data; or a numerical segmentation algorithm is constructed, numerical intervals of numerical fields in the database are dynamically divided, and the numerical intervals in which the inquired numerical values fall are returned to the user instead of sensitive data. Sensitive data are replaced by the numerical value interval, so that sensitive data leakage can be effectively avoided, and valuable data return can be provided.
Preferably, when the numerical sensitive data is divided into regions, a plurality of region division schemes are preset, the role authority of desensitization data acquisition is subdivided into a plurality of desensitization levels, and each region division scheme corresponds to one desensitization level. Different interval divisions are set for users with different authorities and different applications, so that the method can adapt to more applications.
Preferably, the numerical segmentation algorithm comprises the following steps: A41) obtaining all values s of the value field in the databaseiBelongs to S, and is connected with SiIn descending order, obtaining the maximum value smaxMinimum value sminAnd the mean value savg(ii) a A42) Calculating the difference value deltas between adjacent valuesi,i+1Obtaining a difference value deltasi,i+1Minimum value of (a) smin(ii) a A43) Constructing an initial value of the variable mu, mu as sminCyclically executing steps A44) to A45), each time the cycle μ is executed by Δ sminStep length is increased automatically until mu is more than or equal to smax(ii) a A44) Obtain the formulaTwo values s of s1And s2,Delta is a preset threshold value, and delta belongs to [0.65, 0.9 ]]Larger values of δ make the numerical segmentation finer; A45) constructor functionFinding E1=∑s∈([s1,s2]∩S)F (d) and if E1>E2Then μ is added to set U; A46) if the adjacent mu values contained in the set U are greater than deltasminTaking the average value of the two mu values as a dividing point to finish numerical segmentation, and dividing the segmentation result and the average value savgAnd storing after association. For data fields with known data value ranges, manual division of the data fields is easy to complete, but for interval division of numerical values with uncertain data value ranges and difficult regular distribution conditions, objective bases are lost and accurate division is difficult to complete in the manual division of the data fieldsThe division of the numerical value interval has objectivity.
Preferably, the following steps are performed each time before the numerical segmentation algorithm is executed: A401) checking whether the increment of the data quantity stored in the database exceeds a set percentage threshold, if so, executing the step A402), otherwise, directly executing data desensitization according to the existing segmentation result; A402) calculate the mean s 'of the value field'avgIf s isavgAnd s'avgIf the segment interval falls into the same segment interval, performing data desensitization according to the existing segment result, otherwise, performing steps A41) to A46) to obtain the segment result again. Whether the data division is needed again is judged by monitoring whether the data volume is increased enough, and the objectivity of the data division can be ensured.
Preferably, in step B), the policy for managing and controlling rights includes: B1) constructing a permission mapping table, wherein the permission mapping table comprises a database and a user list with the permission; B2) when a user accesses a database, inquiring a user list with the database authority; B3) if the user exists in the user list of the database authority, the user data query request is converted into a preset query strategy, otherwise, the database access is terminated and an error is reported. And the access authority of the user to the database is controlled through the authority mapping table, so that the safety of the user data is guaranteed.
Preferably, in step C), the method for controlling the user query right by the right management policy includes: C1) constructing a sensitive data field authority table, wherein the sensitive data field authority table records a user list of each role authority of each sensitive data field; C2) and searching the user list of which role authority of the current user appears in the sensitive data field, and converting the user data query request into a query strategy of the corresponding user authority. The authority of the user to the sensitive data is managed and controlled through the sensitive data field authority table, and fine management of the sensitive field authority can be achieved.
The substantial effects of the invention are as follows: by establishing a model layer between the database and the user and establishing an authority control and sensitive data desensitization strategy in the model layer, leakage of sensitive data is effectively avoided; through the desensitization algorithm, not only can the sensitive data be avoided revealing, but also the user is provided with the substitution of the sensitive data available for use through the preset data interval or the dynamic data segmentation technology, so that the sensitive data can generate value, and the data value is improved.
Drawings
Fig. 1 is a flowchart illustrating a data exchange control method according to an embodiment.
FIG. 2 is a flow chart of a method for constructing a model-based layer according to an embodiment.
FIG. 3 is a flowchart illustrating an embodiment of a policy enforcement procedure.
Detailed Description
The following provides a more detailed description of the present invention, with reference to the accompanying drawings.
A data exchange control method for big data application, as shown in fig. 1, includes the following steps: A) constructing a model layer between a user and a large database, wherein the model layer is preset with a query strategy; B) the model layer receives a user data query request, converts the user data query request into a preset query strategy, and the query strategy comprises an authority control strategy and a data desensitization strategy; C) the authority control strategy controls the user query authority, and the data desensitization strategy desensitizes the queried data and returns the desensitized data to the user.
As shown in fig. 2, in step a), the method for constructing the model layer includes: A1) acquiring sensitive data fields in a big database; A2) setting roles and role authorities for sensitive data fields, wherein the role authorities comprise original data acquisition, desensitization data acquisition and prohibition of acquisition; A3) presetting a plurality of roles and role authorities for an access user; A4) and setting a desensitization algorithm for the sensitive data field, converting the desensitization algorithm into desensitization query statement segments, and replacing the desensitization query statement segments with corresponding query statement segments when desensitization data is required to be acquired. Wherein the desensitization algorithm comprises: manually dividing intervals for the numerical sensitive data, and returning the intervals to the user instead of the numerical sensitive data; or constructing a data tag, establishing a mapping relation between the data tag and the sensitive data, and returning the data tag to the user instead of the sensitive data; or a numerical segmentation algorithm is constructed, numerical intervals of numerical fields in the database are dynamically divided, and the numerical intervals in which the inquired numerical values fall are returned to the user instead of sensitive data.
When the numerical sensitive data are divided into intervals, a plurality of interval division schemes are preset, the role authority acquired by desensitization data is subdivided into a plurality of desensitization grades, and each interval division scheme corresponds to one desensitization grade. For example, for age data of a user, the age data can be directly returned to a police party with authority, and for a merchant user with authority, the age can be divided into intervals of young, juvenile, young, middle-aged, old and the like, so that the value of the age data can be mined by the merchant, and specific age data does not need to be disclosed. The division fineness of the intervals can be different for different merchant users.
The numerical segmentation algorithm comprises the following steps: A41) obtaining all values s of the value field in the databaseiBelongs to S, and is connected with SiIn descending order, obtaining the maximum value smaxMinimum value sminAnd the mean value savg(ii) a A42) Calculating the difference value deltas between adjacent valuesi,i+1Obtaining a difference value deltasi,i+1Minimum value of (a) smin(ii) a A43) Constructing an initial value of the variable mu, mu as sminCyclically executing steps A44) to A45), each time the cycle μ is executed by Δ sminStep length is increased automatically until mu is more than or equal to smax(ii) a A44) Obtain the formulaTwo values s of s1And s2,Delta is a preset threshold value, and delta belongs to [0.65, 0.9 ]]Larger values of δ make the numerical segmentation finer; A45) constructor functionFinding E1=∑s∈([s1,s2]∩S)F (d) andif E1>E2Then μ is added to set U;A46) if the adjacent mu values contained in the set U are greater than deltasminTaking the average value of the two mu values as a dividing point to finish numerical segmentation, and dividing the segmentation result and the average value savgAnd storing after association. Executing the following steps before executing the numerical segmentation algorithm each time: A401) checking whether the increment of the data quantity stored in the database exceeds a set percentage threshold, if so, executing the step A402), otherwise, directly executing data desensitization according to the existing segmentation result; A402) calculate the mean s 'of the value field'avgIf s isavgAnd s'avgIf the segment interval falls into the same segment interval, performing data desensitization according to the existing segment result, otherwise, performing steps A41) to A46) to obtain the segment result again.
For data fields with known data value ranges, manual division of the data fields is easy to complete, but for interval division of numerical values with uncertain data value ranges and difficult regular distribution conditions, objective bases are lost and accurate division of the intervals is difficult to complete according to the distribution of the numerical values, and objectivity is achieved.
As shown in fig. 3, in step B), the policy for managing rights includes: B1) constructing a permission mapping table, wherein the permission mapping table comprises a database and a user list with the permission; B2) when a user accesses a database, inquiring a user list with the database authority; B3) if the user exists in the user list of the database authority, the user data query request is converted into a preset query strategy, otherwise, the access to the database is stopped and an error is reported.
In step C), the method for controlling the user query authority by the authority control strategy comprises the following steps: C1) constructing a sensitive data field authority table, wherein the sensitive data field authority table records a user list of each role authority of each sensitive data field; C2) and searching the user list of which role authority of the current user appears in the sensitive data field, and converting the user data query request into a query strategy of the corresponding user authority. The substantial effects of the invention are as follows: by establishing a model layer between the database and the user and establishing an authority control and sensitive data desensitization strategy in the model layer, leakage of sensitive data is effectively avoided; through the desensitization algorithm, not only can the sensitive data be avoided revealing, but also the user is provided with the substitution of the sensitive data available for use through the preset data interval or the dynamic data segmentation technology, so that the sensitive data can generate value, and the data value is improved.
The above-described embodiments are only preferred embodiments of the present invention, and are not intended to limit the present invention in any way, and other variations and modifications may be made without departing from the spirit of the invention as set forth in the claims.
Claims (8)
1. A data exchange control method for big data application is characterized in that,
the method comprises the following steps:
A) constructing a model layer between a user and a large database, wherein the model layer is preset with a query strategy;
B) the model layer receives a user data query request and converts the user data query request into a preset query strategy, wherein the query strategy comprises a permission management and control strategy and a data desensitization strategy;
C) the authority control strategy controls the user query authority, and the data desensitization strategy desensitizes the queried data and returns the desensitized data to the user.
2. A big data application oriented data exchange control method according to claim 1,
in the step A), the method for constructing the model layer comprises the following steps:
A1) acquiring sensitive data fields in a big database;
A2) setting roles and role authorities for sensitive data fields, wherein the role authorities comprise original data acquisition, desensitization data acquisition and prohibition of acquisition;
A3) presetting a plurality of roles and role authorities for an access user;
A4) and setting a desensitization algorithm for the sensitive data field, converting the desensitization algorithm into desensitization query statement segments, and replacing the desensitization query statement segments with corresponding query statement segments when desensitization data is required to be acquired.
3. A big data application oriented data exchange control method according to claim 2,
in step a4), the desensitization algorithm includes:
manually dividing intervals for the numerical sensitive data, and returning the intervals to the user instead of the numerical sensitive data;
or constructing a data tag, establishing a mapping relation between the data tag and the sensitive data, and returning the data tag to the user instead of the sensitive data;
or a numerical segmentation algorithm is constructed, numerical intervals of numerical fields in the database are dynamically divided, and the numerical intervals in which the inquired numerical values fall are returned to the user instead of sensitive data.
4. A big data application oriented data exchange control method according to claim 3,
when the numerical sensitive data are divided into intervals, a plurality of interval division schemes are preset, the role authority acquired by desensitization data is subdivided into a plurality of desensitization grades, and each interval division scheme corresponds to one desensitization grade.
5. A big data application oriented data exchange control method according to claim 3 or 4,
the numerical segmentation algorithm comprises the following steps:
A41) obtaining all values s of the value field in the databaseiBelongs to S, and is connected with SiIn descending order, obtaining the maximum value smaxMinimum value sminAnd the mean value savg;
A42) Calculating the difference value deltas between adjacent valuesi,i+1Obtaining a difference value deltasi,i+1Minimum value of (a) smin;
A43) Constructing an initial value of the variable mu, mu as sminCyclically executing steps A44) to A45), each time the cycle μ is executed by Δ sminStep length is increased automatically until mu is more than or equal to smax;
A44) Obtain the formulaTwo values s of s1And s2,Delta is a preset threshold value, and delta belongs to [0.65, 0.9 ]]Larger values of δ make the numerical segmentation finer;
A46) if the adjacent mu values contained in the set U are greater than deltasminTaking the average value of the two mu values as a dividing point to finish numerical segmentation, and dividing the segmentation result and the average value savgAnd storing after association.
6. A big data application oriented data exchange control method according to claim 5,
executing the following steps before executing the numerical segmentation algorithm each time:
A401) checking whether the increment of the data quantity stored in the database exceeds a set percentage threshold, if so, executing the step A402), otherwise, directly executing data desensitization according to the existing segmentation result;
A402) calculate the mean s 'of the value field'avgIf s isavgAnd s'avgIf the data are in the same segmentation interval, performing data desensitization according to the existing segmentation result, otherwise, performing stepSteps a41) to a46) retrieve the segmentation result.
7. A big data application oriented data exchange control method according to claim 3 or 4,
in step B), the authority control policy includes:
B1) constructing a permission mapping table, wherein the permission mapping table comprises a database and a user list with the permission;
B2) when a user accesses a database, inquiring a user list with the database authority;
B3) if the user exists in the user list of the database authority, the user data query request is converted into a preset query strategy, otherwise, the database access is terminated and an error is reported.
8. A big data application oriented data exchange control method according to claim 4,
in step C), the method for controlling the user query authority by the authority control strategy comprises the following steps:
C1) constructing a sensitive data field authority table, wherein the sensitive data field authority table records a user list of each role authority of each sensitive data field;
C2) and searching the user list of which role authority of the current user appears in the sensitive data field, and converting the user data query request into a query strategy of the corresponding user authority.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011210335.8A CN112560080A (en) | 2020-11-03 | 2020-11-03 | Data exchange control method for big data application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011210335.8A CN112560080A (en) | 2020-11-03 | 2020-11-03 | Data exchange control method for big data application |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112560080A true CN112560080A (en) | 2021-03-26 |
Family
ID=75041832
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011210335.8A Pending CN112560080A (en) | 2020-11-03 | 2020-11-03 | Data exchange control method for big data application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112560080A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060248592A1 (en) * | 2005-04-28 | 2006-11-02 | International Business Machines Corporation | System and method for limiting disclosure in hippocratic databases |
CN106228084A (en) * | 2016-07-19 | 2016-12-14 | 北京同余科技有限公司 | Data guard method that the sensitive field of based role dynamically adjusts and system |
CN107392051A (en) * | 2017-07-28 | 2017-11-24 | 北京明朝万达科技股份有限公司 | A kind of big data processing method and system |
CN107391564A (en) * | 2017-06-13 | 2017-11-24 | 阿里巴巴集团控股有限公司 | Data transfer device, device and electronic equipment |
CN109299616A (en) * | 2018-09-07 | 2019-02-01 | 北明软件有限公司 | A kind of data safety managing and control system and method based on connection pool |
-
2020
- 2020-11-03 CN CN202011210335.8A patent/CN112560080A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060248592A1 (en) * | 2005-04-28 | 2006-11-02 | International Business Machines Corporation | System and method for limiting disclosure in hippocratic databases |
CN106228084A (en) * | 2016-07-19 | 2016-12-14 | 北京同余科技有限公司 | Data guard method that the sensitive field of based role dynamically adjusts and system |
CN107391564A (en) * | 2017-06-13 | 2017-11-24 | 阿里巴巴集团控股有限公司 | Data transfer device, device and electronic equipment |
CN107392051A (en) * | 2017-07-28 | 2017-11-24 | 北京明朝万达科技股份有限公司 | A kind of big data processing method and system |
CN109299616A (en) * | 2018-09-07 | 2019-02-01 | 北明软件有限公司 | A kind of data safety managing and control system and method based on connection pool |
Non-Patent Citations (1)
Title |
---|
陈越,寇红召,费晓飞等编著: "数据库安全", 北京:国防工业出版社, pages: 195 - 199 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9971898B2 (en) | Method and system for providing anonymized data from a database | |
US8479302B1 (en) | Access control via organization charts | |
US7305393B2 (en) | Mounted filesystem integrity checking and salvage | |
US20030200436A1 (en) | Access control method using token having security attributes in computer system | |
EP1473616B1 (en) | Implementation of memory access control using optimizations | |
US20100083004A1 (en) | Managing Associations Between Keys And Values | |
US20150101014A1 (en) | Provisioning authorization claims using attribute-based access-control policies | |
US20100098256A1 (en) | Decryption Key Management | |
EP3245569A1 (en) | Record level data security | |
US7200757B1 (en) | Data shuffling procedure for masking data | |
WO2002014989A2 (en) | Permission level generation based on adaptive learning | |
EP2659412B1 (en) | A system and method for using partial evaluation for efficient remote attribute retrieval | |
CN102073824B (en) | Method for generating and updating unique identifier of encrypted document | |
CN111400355B (en) | Data query method and device | |
CN111209586A (en) | Document management system and method | |
Torra | Towards knowledge intensive data privacy | |
CN112560080A (en) | Data exchange control method for big data application | |
US10320798B2 (en) | Systems and methodologies for controlling access to a file system | |
Weippl et al. | Content-based Management of Document Access Control. | |
CN113824739B (en) | User authority management method and system of cloud management platform | |
CN116186757A (en) | Method for publishing condition feature selection differential privacy data with enhanced utility | |
Li et al. | PPDP-PCAO: an efficient high-dimensional data releasing method with differential privacy protection | |
Jaidi et al. | A risk awareness approach for monitoring the compliance of RBAC-based policies | |
CN110851852B (en) | Data access control strategy generation method based on mobile social network | |
Bezzi et al. | Modeling and preventing inferences from sensitive value distributions in data release |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |