The big data environment presents the characteristics of multi-user cross-network cross-access, multi-service collaborative computing, cross-service data flow, and complex management of massive files. The existing access control models and mechanisms are not fully applicable for big data scenarios. In response to the needs of fine-grained access control and multi-service strategy normalization for cryptographic data in the big data environment, starting from the scene elements and attributes of access control, the HDFS-oriented CKCM was proposed by mapping the cyberspace-oriented access control (CoAC) model. Subsequently, a fine-grained access control management model for HDFS was proposed, including management sub-models and management supporting models. The Z-notation was used to formally describe the management functions and management methods in the management model. Finally, the CKCM system was implemented based on XACML to realize fine-grained secure access control for managing file and secret keys in HDFS.

• 单位
  中国科学院大学; 中国科学技术大学