Open Access
ARTICLE
Big Data Access Control Mechanism Based on Two-Layer Permission Decision Structure
He’nan Province Key Laboratory of Information Security, Information Engineering University, Zhengzhou, 450000, China
* Corresponding Author: Na Wang. Email:
(This article belongs to the Special Issue: Cybersecurity for Cyber-attacks in Critical Applications in Industry)
Computers, Materials & Continua 2024, 79(1), 1705-1726. https://doi.org/10.32604/cmc.2024.049011
Received 25 December 2023; Accepted 08 March 2024; Issue published 25 April 2024
Abstract
Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access control mechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policy management efficiency and difficulty in accurately describing the access control policy. To overcome these problems, this paper proposes a big data access control mechanism based on a two-layer permission decision structure. This mechanism extends the attribute-based access control (ABAC) model. Business attributes are introduced in the ABAC model as business constraints between entities. The proposed mechanism implements a two-layer permission decision structure composed of the inherent attributes of access control entities and the business attributes, which constitute the general permission decision algorithm based on logical calculation and the business permission decision algorithm based on a bi-directional long short-term memory (BiLSTM) neural network, respectively. The general permission decision algorithm is used to implement accurate policy decisions, while the business permission decision algorithm implements fuzzy decisions based on the business constraints. The BiLSTM neural network is used to calculate the similarity of the business attributes to realize intelligent, adaptive, and efficient access control permission decisions. Through the two-layer permission decision structure, the complex and diverse big data access control management requirements can be satisfied by considering the security and availability of resources. Experimental results show that the proposed mechanism is effective and reliable. In summary, it can efficiently support the secure sharing of big data resources.Keywords
Cite This Article
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.