基于演化博弈的隐私风险自适应访问控制模型

丁红发; 彭长根; 田有亮; 向淑文

doi:10.11959/j.issn.1000-436x.2019240

您当前的位置：

首页 >

文章列表页 >

基于演化博弈的隐私风险自适应访问控制模型

学术论文 | 更新时间：2024-06-05

- 基于演化博弈的隐私风险自适应访问控制模型
- Privacy risk adaptive access control model via evolutionary game
- 通信学报 2019年40卷第12期页码：9-20
- 作者机构：
  
  1. 贵州大学数学与统计学院公共大数据国家重点实验室，贵州贵阳 550025
  2. 贵州财经大学信息学院，贵州贵阳 550025
  3. 贵州大学计算机科学与技术学院，贵州贵阳 550025
- 作者简介：
  
  [ "丁红发（1988– ），男，河南南阳人，贵州大学博士生，贵州财经大学讲师，主要研究方向为数据安全、隐私保护" ]
  [ "彭长根（1963– ），男，贵州锦屏人，博士，贵州大学教授、博士生导师，主要研究方向为密码学、数据安全、隐私保护等。" ]
  [ "田有亮（1982– ），男，贵州盘县人，博士，贵州大学教授、博士生导师，主要研究方向为委托计算、区块链、隐私保护等。" ]
  [ "向淑文（1965– ），男，湖南溆浦人，博士，贵州大学教授、博士生导师，主要研究方向为博弈论、优化算法等。" ]
- 基金信息：
  
  国家自然科学基金资助项目(U1836205);国家自然科学基金资助项目(61662009);国家自然科学基金资助项目(61772008);国家自然科学基金项目资助项目(11761020);贵州省科技计划基金资助项目(黔科合重大专项字[2018]3001);贵州省科技计划基金资助项目(黔科合重大专项字[2018]3007);贵州省科技计划基金资助项目(黔科合重大专项字[2017]3002);贵州省科技计划基金资助项目(黔科合支撑[2019]2004);贵州省科技计划基金资助项目(黔科合支撑[2018]2162);贵州省科技计划基金资助项目(黔科合支撑[2018]2159);贵州省科技计划基金资助项目(黔科合基础[2019]1049);贵州大学研究生创新基金资助项目(研理工2016068)
- DOI：10.11959/j.issn.1000-436x.2019240
  中图分类号： TP309
- 网络出版日期：2019-12，
  
  纸质出版日期：2019-12-25
- 稿件说明：
移动端阅览
丁红发, 彭长根, 田有亮, 等. 基于演化博弈的隐私风险自适应访问控制模型[J]. 通信学报, 2019,40(12):9-20.

Hongfa DING, Changgen PENG, Youliang TIAN, et al. Privacy risk adaptive access control model via evolutionary game[J]. Journal on communications, 2019, 40(12): 9-20.
丁红发, 彭长根, 田有亮, 等. 基于演化博弈的隐私风险自适应访问控制模型[J]. 通信学报, 2019,40(12):9-20. DOI： 10.11959/j.issn.1000-436x.2019240.

Hongfa DING, Changgen PENG, Youliang TIAN, et al. Privacy risk adaptive access control model via evolutionary game[J]. Journal on communications, 2019, 40(12): 9-20. DOI： 10.11959/j.issn.1000-436x.2019240.

摘要

针对以数据为中心的开放信息系统，亟需能够保护隐私的细粒度自适应访问控制，并平衡隐私保护与数据访问效用间平衡的问题，提出了一种面向隐私保护的多参与者理性风险自适应访问控制模型。该模型基于香农自信息提出了动态访问数据集的隐私量化方法，构造了访问请求隐私风险函数和用户隐私风险函数；进一步基于演化博弈在有限理性假设下构建多参与者的访问控制演化博弈模型，利用复制动态方程分析了访问控制参与者的动态策略选择，提出了该博弈模型的演化稳定策略选取方法。仿真和对比表明，所提出的模型能够有效动态自适应地保护隐私，具有更好的隐私风险适应性，有限理性参与者的动态演化访问策略选取更加符合实际场景。

Abstract

Aiming at the problem that in the private sensitive date centralized and opening information systems

a fine-grained and self-adaptive access control model for privacy preserving is desperately needed

thus the balance between privacy preserving and data access utility should be achieved

a rational multi-player risk-adaptive based access control model for privacy preserving was proposed.Firstly

the privacy risk values of access request and requester were formulized by the private information quantity of the requested dataset

and by using Shannon information.Secondly

a risk-adaptive based access control evolutionary game model was constructed by using evolutionary game under the supposing of bounded rational players.Furthermore

dynamic strategies of participants were analyzed by using replicator dynamics equation

and the method of choosing evolutionary stable strategy was proposed.Simulation and comparison results show that

the proposed model is effective to dynamically and adaptively preserve privacy and more risk adaptive

and dynamic evolutionary access strategies of the bounded rational participants are more suitable for practical scenarios.

关键词

Keywords

references

SANDHU R S , SAMARATI P . Access control:principle and practice [J ] . IEEE Communications Magazine , 1994 , 32 ( 9 ): 40 - 48 .

李昊 , 张敏 , 冯登国 , 等 . 大数据访问控制研究 [J ] . 计算机学报 , 2017 , 40 ( 1 ): 72 - 91 .

LI H , ZHANG M , FENG D G , et al . Research on access control of big data [J ] . Journal of Computer , 2017 , 40 ( 1 ): 72 - 91 .

MCCUNE J M , JAEGER T , BERGER S , et al . Shamon:a system for distributed mandatory access control [C ] // 2006 22nd Annual Computer Security Applications Conference . ACM , 2006 : 23 - 32 .

DOWNS D D , RUB J R , KUNG K C , et al . Issues in discretionary access control [C ] // IEEE Symposium on Security and Privacy . IEEE , 1985 : 208 - 208 .

SANDHU R S , COYNE E J , FEINSTEIN H L , et al . Role-based access control models [J ] . Computer , 1996 , 29 ( 2 ): 38 - 47 .

WANG G , LIU Q , WU J . Hierarchical attribute-based encryption for fine-grained access control in cloud storage services [C ] // The 17th ACM Conference on Computer and Communications Security . ACM , 2010 : 735 - 737 .

SERVOS D , OSBORN S L . Current research and open problems in attribute-based access control [J ] . ACM Computing Surveys , 2017 , 49 ( 4 ): 65:1 - 65:45 .

DIMMOCK N , BELOKOSZTOLSZKI A , EYERS D , et al . Using trust and risk in role-based access control policies [C ] // The Ninth ACM Symposium on Access Control Models and Technologies . ACM , 2004 : 156 - 162 .

KANDALA S , SANDHU R , BHAMIDIPATI V . An attribute based framework for risk-adaptive access control models [C ] // The Sixth International Conference on Availability,Reliability and Security . EuAsia , 2011 : 236 - 241 .

KRAUTSEVICH L , LAZOUSKI A , MARTINELLI F , et al . Towards attribute-based access control policy engineering using risk [C ] // BAUER T,GROSSMANN J,SEEHUSEN F,et al.Risk Assessment and Risk-Driven Testing . Cham:Springer International Publishing , 2014 : 80 - 90 .

CHENG P C , ROHATGI P , KESER C , et al . Fuzzy multi-level security:an experiment on quantified risk-adaptive access control [C ] // 2007 IEEE Symposium on Security and Privacy . IEEE , 2007 : 222 - 230 .

NI Q , BERTINO E , LOBO J . Risk-based access control systems built on fuzzy inferences [C ] // The 5th ACM Symposium on Information,Computer and Communications Security . ACM , 2010 : 250 - 260 .

BOULARES S , ADI K , LOGRIPPO L . Insider threat likelihood assessment for access control systems:quantitative approach [C ] // 9th International Symposium on Foundations and Practice of Security . ACM , 2017 : 135 - 142 .

OWEN G . Game theory:3rd edition [M ] . San Diego : Academic PressPress , 2001 .

HELIL N , HALIK A , RAHMAN K . Non-zero-sum cooperative access control game model with user trust and permission risk [J ] . Applied Mathematics and Computation , 2017 , 307 : 299 - 310 .

GAO L , YAN Z , YANG L T . Game theoretical analysis on acceptance of a cloud data access control system based on reputation [J ] . IEEE Transactions on Cloud Computing , 2018 :1.

WANG Y , TIAN L , CHEN Z . Game analysis of access control based on user behavior trust [J ] . Information , 2019 , 10 ( 4 ):132.

MCGRAW R . Risk-adaptable access control (RAdAC) [R ] .,(2009)[2019-09-04 ] . NIST Privilege (Access) Management Workshop , (2009) ,[2019-09-04 ] .

SHAIKH R A , ADI K , LOGRIPPO L . Dynamic risk-based decision methods for access control systems [J ] . Computer Security , 2012 , 31 ( 4 ): 447 - 464 .

ARMANDO A , BEZZI M , CERBO F , et al . Balancing trust and risk in access control [C ] // OTM Confederated International Conferences . 2015 : 660 - 676 .

DIAZ-LOPEZ D , DOLERA-TORMO G , GOMEZ-MARMOL F , et al . Dynamic counter-measures for risk-based access control systems [J ] . Future Generation Computer Systems , 2016 , 55 ( C ): 321 - 335 .

SANTOS D R D , MARINHO R , SCHMITT G R , et al . A framework and risk assessment approaches for risk-based access control in the cloud [J ] . Journal of Network and Computer Applications , 2016 , 74 ( C ): 86 - 97 .

DING H , PENG C , TIAN Y , et al . A risk adaptive access control model based on markov for big data in the cloud [J ] . International Journal of High Performance Computing and Networking , 2019 , 13 ( 4 ): 464 - 475 .

WANG Q , JIN H . Quantified risk-adaptive access control for patient privacy protection in health information systems [C ] // The 6th ACM Symposium on Information,Computer and Communications Security . ACM , 2011 : 406 - 410 .

惠榛 , 李昊 , 张敏 , 等 . 面向医疗大数据的风险自适应的访问控制模型 [J ] . 通信学报 , 2015 , 36 ( 12 ): 190 - 199 .

HUI Z , LI H , ZHANG M , et al . Risk-adaptive access control model for big data in healthcare [J ] . Journal on Communications , 2015 , 36 ( 12 ): 190 - 199 .

ZHANG W , LI H , ZHANG M , et al . Privacy-aware risk-adaptive access control in health information systems using topic models [C ] // The 23Nd ACM on Symposium on Access Control Models and Technologies . ACM , 2018 : 61 - 67 .

ARMANDO A , BEZZI M , METOUI N , et al . Risk-based privacy-aware information disclosure [J ] . International Journal of Secure Software Engineering , 2015 , 6 ( 2 ): 70 - 89 .

HU H , AHN G J , ZHAO Z , et al . Game theoretic analysis of multiparty access control in online social networks [C ] // The 19th ACM Symposium on Access Control Models and Technologies . ACM , 2014 : 93 - 102 .

LIU C , XING S , SHEN L . Dynamic hybrid-access control in multi-user and multi-femtocell networks via stackelberg game competition [J ] . IET Communications , 2016 , 10 ( 7 ): 862 - 872 .

SHANNON C E . A mathematical theory of communication [J ] . Bell System Technical Journal , 1948 , 27 : 379 - 423 .

CSISZáR I , SHIELDS P C . Information theory and statistics:a tutorial [J ] . Communications and Information Theory , 2004 , 1 ( 4 ): 417 - 528 .

NEWTON J . Evolutionary game theory:a renaissance [J ] . Games , 2018 , 9 ( 2 ):31.

王元卓 , 于建业 , 邱雯 , 等 . 网络群体行为的演化博弈模型与分析方法 [J ] . 计算机学报 , 2015 , 38 ( 2 ): 282 - 300 .

WANG Y Z , YU J Y , QIOU W , et al . Evolutionary game model and analysis methods for network group behavior [J ] . Journal of Computer , 2015 , 38 ( 2 ): 282 - 300 .

浏览量

578

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

高效的决策树隐私分类服务协议

移动云计算中基于动态博弈和可靠推荐的传递信誉机制

基于奇异值分解的含权网络匿名化的安全性分析

基于前缀保持加密的网络功能外包系统

高效可扩展的对称密文检索架构