传感数据起源隐私保护技术的研究与应用
|
摘要
隐私与安全是信息领域的一个永恒的主题,物联网应用将隐私安全与保护的要求提升到一个新的高度。物联网中接入了大量的隐私敏感设备,如位置跟踪器、医疗传感器等,这些设备采集数据,经过一系列的加工、处理,最终提交给用户,整个过程产生了若干条数据起源信息链,然而由于传感器网络环境中存在大量的隐私区域,采集到的数据也就包含着隐私数据,很容易通过查询、追溯操作暴露地点、时间以及个人身份等敏感信息,从而被居心不良者利用。
本文首先介绍了开放起源模型,并分析了物联网中数据起源隐私暴露的主要原因,指出物联网环境下起源隐私所具有的特殊性,在此基础上提出将基于属性的访问控制技术应用于传感数据起源隐私保护的思想,建立一种基于属性的传感起源安全访问控制模型。同时,针对访问控制中策略冲突的问题,设计了访问控制策略授权算法,通过肯定优先法则解决了这一问题;针对未经授权的访问者通过节点与节点之间的关系边来推断出某一节点的起源信息的问题,提出了数据起源关系边访问控制算法,将对关系边的访问控制转换为对节点的访问控制,有效的解决了这一问题。最后,本文重点介绍K-匿名技术,研究其在传感数据起源隐私保护中的应用,并改进了支持传感数据起源隐私保护的起源K-匿名聚类算法。实验证明,本文提出的基于属性的数据起源访问控制模型和起源K-匿名聚类算法能有效解决物联网环境下起源隐私泄露的问题。
Privacy and Security is an eternal theme of the information field. The application based on Internet of Things (IOT) will improve the requirements of privacy protection and security to a new level. There are a large number of privacy-sensitive devices in IOT, such as Location Tracking equipments, Medical Sensors. These devices gather sensor data, process it and submit it to users ultimately. The process results in a number of information links in data provenance. However, because there are a lot of nodes containing privacy in the sensor network environment, the data gathered also contains private data. It is easy to expose location, time and personal identity through querying and tracking. Even worse, these sensitive data may be used by malicious person.
Firstly, this paper introduces an open provenance model, analyzes the reason of privacy disclosure of provenance in IOT and indicates the specificity of provenance privacy in this environment. Based on the idea of using an attribute-based access control method to protect the privacy of data provenance in IOT, it establishes an attribute-based access control model for sensor data provenance. Meanwhile, in order to solve the problem of strategy conflict, this paper designs an access policy authorization algorithm. In order to solve the problem that unauthorized visitors may infer the provenance of some data through the relation edge, it designs a relation edge access control algorithm. At last, this paper focuses on K-anonymity techniques and studies its application in the privacy protection for sensor data provenance, and then improves a K-anonymity clustering algorithm for these data. Experiments prove that the Attribute-based access control model and K-anonymity clustering algorithm can effectively solve the problem of provenance privacy disclosure in the IOT environment.
本文首先介绍了开放起源模型,并分析了物联网中数据起源隐私暴露的主要原因,指出物联网环境下起源隐私所具有的特殊性,在此基础上提出将基于属性的访问控制技术应用于传感数据起源隐私保护的思想,建立一种基于属性的传感起源安全访问控制模型。同时,针对访问控制中策略冲突的问题,设计了访问控制策略授权算法,通过肯定优先法则解决了这一问题;针对未经授权的访问者通过节点与节点之间的关系边来推断出某一节点的起源信息的问题,提出了数据起源关系边访问控制算法,将对关系边的访问控制转换为对节点的访问控制,有效的解决了这一问题。最后,本文重点介绍K-匿名技术,研究其在传感数据起源隐私保护中的应用,并改进了支持传感数据起源隐私保护的起源K-匿名聚类算法。实验证明,本文提出的基于属性的数据起源访问控制模型和起源K-匿名聚类算法能有效解决物联网环境下起源隐私泄露的问题。
Privacy and Security is an eternal theme of the information field. The application based on Internet of Things (IOT) will improve the requirements of privacy protection and security to a new level. There are a large number of privacy-sensitive devices in IOT, such as Location Tracking equipments, Medical Sensors. These devices gather sensor data, process it and submit it to users ultimately. The process results in a number of information links in data provenance. However, because there are a lot of nodes containing privacy in the sensor network environment, the data gathered also contains private data. It is easy to expose location, time and personal identity through querying and tracking. Even worse, these sensitive data may be used by malicious person.
Firstly, this paper introduces an open provenance model, analyzes the reason of privacy disclosure of provenance in IOT and indicates the specificity of provenance privacy in this environment. Based on the idea of using an attribute-based access control method to protect the privacy of data provenance in IOT, it establishes an attribute-based access control model for sensor data provenance. Meanwhile, in order to solve the problem of strategy conflict, this paper designs an access policy authorization algorithm. In order to solve the problem that unauthorized visitors may infer the provenance of some data through the relation edge, it designs a relation edge access control algorithm. At last, this paper focuses on K-anonymity techniques and studies its application in the privacy protection for sensor data provenance, and then improves a K-anonymity clustering algorithm for these data. Experiments prove that the Attribute-based access control model and K-anonymity clustering algorithm can effectively solve the problem of provenance privacy disclosure in the IOT environment.
引文
[1]Glavie Boris, Dittrieh Klaus. Data provenance:A categorization of existing approaches //PrOceedings of the 6th MMC Workshop of BTW 2007. Aachen, Germany,2007: 227-241
[2]高明,金澈清,王晓玲,田秀霞,周傲英.数据世系管理技术研究综述[J].计算机学报,2010,33(3):373-389. (GAO Ming, JIN Che-Qing, WANG Xiao-Ling, TIAN Xiu-Xia, ZHOU Ao-Ying. A Survey on Management of Data Provenance. CHINESE JOURNAL OF COMPUTERS.2010,33(3):373-389)
[3]Groth, P., Jiang, S., Miles, S., Munroe, S., Tan, V., Tsasakou, S., Moreau, L.:An architecture for provenance systems [R]. Technical report, University of Southampton (November 2006)
[4]R.Hasan, R.Sion, and M.Winslett, Introducing Secure Provenance:Problems and Challenges. [A] Proceedings of the Third International Workshop on Storage Security and Survivability[C],2007.
[5]Clifton C, Kantarcioglu M, Vaidya J. Defining privacy for data mining//Proceedings of the National Science Foundation Workshop on Next Generation Data Mining. Baltimore,MD, USA,2002:126-133
[6]Braun, U., Shinnar, A., Seltzer, M.:Securing provenance [A]. In:HotSec 2008[C] (2008)
[7]周水庚,李丰,陶宇飞,等.面向数据库应用的隐私保护研究综述[J].计算机学报.2009,32(5):847.861.
[8]马华东等.物联网技术初探[J].中国计算机学会通讯,2010,04(4):07-08.
[9]V. Tan, P. Groth, S. Miles, S. Jiang, S. Munroe, S. Tsasakou, and L. Moreau, "Security Issues in a SOA-Based Provenance System," Security Issues in a SOA-Based Provenance System,2006.
[10]R. Hasan, R. Sion, and M. Winslett. The case of the fake Picasso:Preventing history forgery with secure provenance. In Proceedings of the 7th USENIX Conference on File and Storage Technologies, June 2009.
[11]L. Moreau, J. Freire, J. Futrelle, R. McGrath, J. Myers, and P. Paulson, The Open Provenance Model. [R] University of Southampton 2007.
[12]Braun, U., Shinnar, A.:A security model for provenance[R]. Technical Report TR-04-06, Harvard University Computer Science (January 2006)
[13]NI, Q., XU, S., BERTINO, E., SANDHU, R. S., AND HAN, W. An Access Control Language for a General Provenance Model. In Jonker and Petkovic 2006, [17],68-88.
[14]R. Aldeco-Perez and L. Moreau. Securing Provenance-based Audits. In IPAW'10 (In Press),Troy,NY,2010.
[15]M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Com mun. ACM,19(8):461-471,1976.
[16]G. Saunders, M. Hitchens, and V. Varadharajan. Role-based access control and the access control matrix. SIGOPS Oper. Syst. Rev.,35(4):6-20,2001
[17]FERRAIOLO, D. AND KUHN, R.1992. Role-based access control. In Proceedings of the NIST-NSA National (USA) Computer Security Conference,554-563.
[18]J. Barkley. Comparing simple role based access control models and access control lists. In RBAC'97:Proceed ings of the second ACM workshop on Role-based access control, pages 127-132, New York, NY, USA,1997. ACM Press.
[19]P Bonatti, P Samarati. A uniform framework for regulating service access and information release on the web[J]. Journal of Computer Security,2002,10(3):241-271.
[20]Yang X.C, Liu X.Y, Wang B and Yu G. K-anonymization approaches for supporting multiple constraints[J]. Journal of Software,2006,17(5):1222-1231(杨晓春,刘向宇,王斌,于戈.支持多约束的K-匿名化方法[J].软件学报,2006,17(5):1222-1231)
[21]Samarati P, Sweeney L.Generalizing data to provide anonymity when disclosing Information (Abstract)[C]Proc of the 17th ACMSIGMOD SIGACT-SIGART Symposium on the Principle-s of Data base Systems, Seattle, WA, USA,1998:188.
[22]SWEENEY L. K-anonymity:A model for protecting Privacy [J]. International Journal of Uncertainty, Fuzziness and Knowledge—based Systems,2002,10(5):557-570.
[23]Machanavajjhala A,Gehrke J,Kifer D,Venkitasubramaniam M.l-diversity:Privacy beyond k-anonymity//Proceedings of the 22nd International Conference on Data Engineering (ICDE). Atlanta, Georgia, USA,2006:24-35.
[24]Meycrson A, Williams R. On the complexity of optimal k-anonymity. In:Deutsch A, ed. Proc. of the 23rd ACM SIGACT-SIGMOD-SIGART Symp. on Principles of Database Systems. New York:ACM,2004.223-228.
[25]Li N, Li T. t-closeness:Privacy beyond k-anonymity and 1-diversity//Proceedings of the 23rd International Conference on Data Engineering(ICDE). Istan Buttom-up k-anonymity Turkey,2007:106-115
[26]Raymond Chi-Wing Wong, Li J, Ada Wai-Chee Fu, Wang K, (α,k)-anonymity:An enhanced k-anonymity model for privacy-preserving data publishing//Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining(SIGKDD). Philadelphia, PA, USA,2006:754-759.
[27]Nergiz, M.E., Clifton, C, Nergiz, A.E., "Multi Relational k-Anonymity", Data Engineering,2007. ICDE 2007. IEEE 23rd International Conference on, On page(s): 1417-1421, Volume:Issue:,15-20 April 2007
[28]Liu XY, Yang XC, Yu G. A representative classes based privacy preserving data publishing approach with high precision. Computer Science,2005,32(9A):368-373(in English with Chinese abstract).
[29]Bayardo R and Agrawal R. Data privacy through optimal k-anonymization//Proceedings of the 21st International Conference on Data Engineering, Tokyo, Japan,2005. Washington DC:IEEE Computer Society,2005:217-228
[30]于戈,李芳芳等.物联网中的数据管理[J].中国计算机学会通讯,2010,50(4):30-34.
[31]Y. L. Simmhan, B. Plale, and D. Gannon. A survey of data provenance in e-science. SIGMOD Rec.,34(3):31-36,2005.
[32]Akyildiz LF, Su WL, Sankarasubramania Y, Cayirci E. A survey on sensor networks. IEEE Communications Magazine,2002,40(8):102、114P.
[33]Sandhu R, Coyne El, Feinstein HL, Youman CE. Role-Based access control models. IEEE Computer,1996,29(2):38-47.
[34]Sandhu R. Rationale for the RBAC96 family of access control models. In:Youman C, Sandhu R, Coyne E, eds. Proc. of the 1st ACM W orkshop on Role-Based Access Control. New York:ACM Press.1996.38-47.
[35]ZHANG X, LI Y, NALLA D. An attribute-based access matrix model [A]. Proceedings of the 2005 ACM Symposium on Applied Computing[C].2005.359-363.
[36]钟将,侯素娟.开放网络环境中基于属性的通用访问控制框架[J].计算机应用2010,30(10)2632-2635
[37]Bonatti P, di Milano U, de Capitani di Vimercati S, Samarati P. An algebra for composing access control policies. ACM Trans. On Information and System Security, 2002,5(1):1-35.
[38]林莉,怀进鹏,李先贤.基于属性的访问控制策略合成代数[J].软件学报,2009,20(2):403-414
[39]Moses, T., ed.:EXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Open (February 2005)
[40]Sweeney L. Achieving k-anonymity privacy protection using generalization and suppression [J]. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems,2002,10(5):571-588.
[41]谷汪峰,饶若楠.一种基于K-anonymity模型的数据隐私保护算法[J].计算机应用 与软件.2005.25(s):65-67.
[42]Deutsch A, Papakonstantinou Y. Privacy in database publishing//Proceedings of the 10th International Conference on Database Theory(ICDT). Edinburgh, Scotland,2005: 230-245
[43]Miklau G, Suciu D. A formal analysis of information disclosure in dataexchange// Proceed-ings of the ACM SIGMOD Conference on Management of Data(SIGMOD). Maison dela Chimie, Paris, France,2004:575-586
[44]Smamarati. A primer on data privacy protection[J]. Massachusetts Institute of Techno-logy,2001.
[45]王智慧,许俭,汪卫,等.一种基于聚类的数据匿名方法[J].软件学报,2010,21(4):680-693.
[46]Samarati P, Sweeney L. Generalizing data to provide anonymity when disclosing information (Abstract)[C]//Proc of the 17th ACM-SIGMODSIGACT-SIGART Symposium on the Princip-les of Database Systems, Seattle, WA, USA,1998:188.
[47]Byun J W, Kamra A, Bertino E, et al. Efficient k-anonymization using clustering techniques//LNCS 4443:Proc of the 12th Int Conf on Database Systems for Advanced Applications. Berlin:Springer,2007:188-200
[48]Loukides Grigorios. Shao Jianhua. An efficient clustering algorithm for k-anonymiza-tion. Journal of Computer Science and Technology.2008,23(2):188-202
[49]A. Machanavajjhala, J. Gehrke, D. Kifer, and M. Venkitasubramaniam. e-diversity: Privacy beyond k-anonymity. In To appear in the 22nd International Conference on Data Engineering (ICDE),2005.
[50]V. S. Iyengar. Transforming data to satisfy privacy constraints. In ACM Conference on Knowledge Discovery and Data mining (SIGKIDD),2002.
[51]K. LeFevre, D. DeWitt, and R. Ramakrishnan. Mondrian multidimensional kanonymity. In International Conference on Data Engineering,2006
[2]高明,金澈清,王晓玲,田秀霞,周傲英.数据世系管理技术研究综述[J].计算机学报,2010,33(3):373-389. (GAO Ming, JIN Che-Qing, WANG Xiao-Ling, TIAN Xiu-Xia, ZHOU Ao-Ying. A Survey on Management of Data Provenance. CHINESE JOURNAL OF COMPUTERS.2010,33(3):373-389)
[3]Groth, P., Jiang, S., Miles, S., Munroe, S., Tan, V., Tsasakou, S., Moreau, L.:An architecture for provenance systems [R]. Technical report, University of Southampton (November 2006)
[4]R.Hasan, R.Sion, and M.Winslett, Introducing Secure Provenance:Problems and Challenges. [A] Proceedings of the Third International Workshop on Storage Security and Survivability[C],2007.
[5]Clifton C, Kantarcioglu M, Vaidya J. Defining privacy for data mining//Proceedings of the National Science Foundation Workshop on Next Generation Data Mining. Baltimore,MD, USA,2002:126-133
[6]Braun, U., Shinnar, A., Seltzer, M.:Securing provenance [A]. In:HotSec 2008[C] (2008)
[7]周水庚,李丰,陶宇飞,等.面向数据库应用的隐私保护研究综述[J].计算机学报.2009,32(5):847.861.
[8]马华东等.物联网技术初探[J].中国计算机学会通讯,2010,04(4):07-08.
[9]V. Tan, P. Groth, S. Miles, S. Jiang, S. Munroe, S. Tsasakou, and L. Moreau, "Security Issues in a SOA-Based Provenance System," Security Issues in a SOA-Based Provenance System,2006.
[10]R. Hasan, R. Sion, and M. Winslett. The case of the fake Picasso:Preventing history forgery with secure provenance. In Proceedings of the 7th USENIX Conference on File and Storage Technologies, June 2009.
[11]L. Moreau, J. Freire, J. Futrelle, R. McGrath, J. Myers, and P. Paulson, The Open Provenance Model. [R] University of Southampton 2007.
[12]Braun, U., Shinnar, A.:A security model for provenance[R]. Technical Report TR-04-06, Harvard University Computer Science (January 2006)
[13]NI, Q., XU, S., BERTINO, E., SANDHU, R. S., AND HAN, W. An Access Control Language for a General Provenance Model. In Jonker and Petkovic 2006, [17],68-88.
[14]R. Aldeco-Perez and L. Moreau. Securing Provenance-based Audits. In IPAW'10 (In Press),Troy,NY,2010.
[15]M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Com mun. ACM,19(8):461-471,1976.
[16]G. Saunders, M. Hitchens, and V. Varadharajan. Role-based access control and the access control matrix. SIGOPS Oper. Syst. Rev.,35(4):6-20,2001
[17]FERRAIOLO, D. AND KUHN, R.1992. Role-based access control. In Proceedings of the NIST-NSA National (USA) Computer Security Conference,554-563.
[18]J. Barkley. Comparing simple role based access control models and access control lists. In RBAC'97:Proceed ings of the second ACM workshop on Role-based access control, pages 127-132, New York, NY, USA,1997. ACM Press.
[19]P Bonatti, P Samarati. A uniform framework for regulating service access and information release on the web[J]. Journal of Computer Security,2002,10(3):241-271.
[20]Yang X.C, Liu X.Y, Wang B and Yu G. K-anonymization approaches for supporting multiple constraints[J]. Journal of Software,2006,17(5):1222-1231(杨晓春,刘向宇,王斌,于戈.支持多约束的K-匿名化方法[J].软件学报,2006,17(5):1222-1231)
[21]Samarati P, Sweeney L.Generalizing data to provide anonymity when disclosing Information (Abstract)[C]Proc of the 17th ACMSIGMOD SIGACT-SIGART Symposium on the Principle-s of Data base Systems, Seattle, WA, USA,1998:188.
[22]SWEENEY L. K-anonymity:A model for protecting Privacy [J]. International Journal of Uncertainty, Fuzziness and Knowledge—based Systems,2002,10(5):557-570.
[23]Machanavajjhala A,Gehrke J,Kifer D,Venkitasubramaniam M.l-diversity:Privacy beyond k-anonymity//Proceedings of the 22nd International Conference on Data Engineering (ICDE). Atlanta, Georgia, USA,2006:24-35.
[24]Meycrson A, Williams R. On the complexity of optimal k-anonymity. In:Deutsch A, ed. Proc. of the 23rd ACM SIGACT-SIGMOD-SIGART Symp. on Principles of Database Systems. New York:ACM,2004.223-228.
[25]Li N, Li T. t-closeness:Privacy beyond k-anonymity and 1-diversity//Proceedings of the 23rd International Conference on Data Engineering(ICDE). Istan Buttom-up k-anonymity Turkey,2007:106-115
[26]Raymond Chi-Wing Wong, Li J, Ada Wai-Chee Fu, Wang K, (α,k)-anonymity:An enhanced k-anonymity model for privacy-preserving data publishing//Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining(SIGKDD). Philadelphia, PA, USA,2006:754-759.
[27]Nergiz, M.E., Clifton, C, Nergiz, A.E., "Multi Relational k-Anonymity", Data Engineering,2007. ICDE 2007. IEEE 23rd International Conference on, On page(s): 1417-1421, Volume:Issue:,15-20 April 2007
[28]Liu XY, Yang XC, Yu G. A representative classes based privacy preserving data publishing approach with high precision. Computer Science,2005,32(9A):368-373(in English with Chinese abstract).
[29]Bayardo R and Agrawal R. Data privacy through optimal k-anonymization//Proceedings of the 21st International Conference on Data Engineering, Tokyo, Japan,2005. Washington DC:IEEE Computer Society,2005:217-228
[30]于戈,李芳芳等.物联网中的数据管理[J].中国计算机学会通讯,2010,50(4):30-34.
[31]Y. L. Simmhan, B. Plale, and D. Gannon. A survey of data provenance in e-science. SIGMOD Rec.,34(3):31-36,2005.
[32]Akyildiz LF, Su WL, Sankarasubramania Y, Cayirci E. A survey on sensor networks. IEEE Communications Magazine,2002,40(8):102、114P.
[33]Sandhu R, Coyne El, Feinstein HL, Youman CE. Role-Based access control models. IEEE Computer,1996,29(2):38-47.
[34]Sandhu R. Rationale for the RBAC96 family of access control models. In:Youman C, Sandhu R, Coyne E, eds. Proc. of the 1st ACM W orkshop on Role-Based Access Control. New York:ACM Press.1996.38-47.
[35]ZHANG X, LI Y, NALLA D. An attribute-based access matrix model [A]. Proceedings of the 2005 ACM Symposium on Applied Computing[C].2005.359-363.
[36]钟将,侯素娟.开放网络环境中基于属性的通用访问控制框架[J].计算机应用2010,30(10)2632-2635
[37]Bonatti P, di Milano U, de Capitani di Vimercati S, Samarati P. An algebra for composing access control policies. ACM Trans. On Information and System Security, 2002,5(1):1-35.
[38]林莉,怀进鹏,李先贤.基于属性的访问控制策略合成代数[J].软件学报,2009,20(2):403-414
[39]Moses, T., ed.:EXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Open (February 2005)
[40]Sweeney L. Achieving k-anonymity privacy protection using generalization and suppression [J]. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems,2002,10(5):571-588.
[41]谷汪峰,饶若楠.一种基于K-anonymity模型的数据隐私保护算法[J].计算机应用 与软件.2005.25(s):65-67.
[42]Deutsch A, Papakonstantinou Y. Privacy in database publishing//Proceedings of the 10th International Conference on Database Theory(ICDT). Edinburgh, Scotland,2005: 230-245
[43]Miklau G, Suciu D. A formal analysis of information disclosure in dataexchange// Proceed-ings of the ACM SIGMOD Conference on Management of Data(SIGMOD). Maison dela Chimie, Paris, France,2004:575-586
[44]Smamarati. A primer on data privacy protection[J]. Massachusetts Institute of Techno-logy,2001.
[45]王智慧,许俭,汪卫,等.一种基于聚类的数据匿名方法[J].软件学报,2010,21(4):680-693.
[46]Samarati P, Sweeney L. Generalizing data to provide anonymity when disclosing information (Abstract)[C]//Proc of the 17th ACM-SIGMODSIGACT-SIGART Symposium on the Princip-les of Database Systems, Seattle, WA, USA,1998:188.
[47]Byun J W, Kamra A, Bertino E, et al. Efficient k-anonymization using clustering techniques//LNCS 4443:Proc of the 12th Int Conf on Database Systems for Advanced Applications. Berlin:Springer,2007:188-200
[48]Loukides Grigorios. Shao Jianhua. An efficient clustering algorithm for k-anonymiza-tion. Journal of Computer Science and Technology.2008,23(2):188-202
[49]A. Machanavajjhala, J. Gehrke, D. Kifer, and M. Venkitasubramaniam. e-diversity: Privacy beyond k-anonymity. In To appear in the 22nd International Conference on Data Engineering (ICDE),2005.
[50]V. S. Iyengar. Transforming data to satisfy privacy constraints. In ACM Conference on Knowledge Discovery and Data mining (SIGKIDD),2002.
[51]K. LeFevre, D. DeWitt, and R. Ramakrishnan. Mondrian multidimensional kanonymity. In International Conference on Data Engineering,2006
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |