Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method for describing access control rules for data analysis

An access control and data analysis technology, applied in digital data authentication, digital data protection, electronic digital data processing, etc.

Active Publication Date: 2019-03-15
TSINGHUA UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Second, existing access control technologies usually only support direct authorization of access to data resources, but cannot require specific operations on data resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for describing access control rules for data analysis
  • A method for describing access control rules for data analysis
  • A method for describing access control rules for data analysis

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0051] r1:Analyst exclude Marketing Analyst,[access Name]=>forbid

[0052] Access control rule r1 prohibits data analysts other than Marketing Analyst from accessing customer names, that is, only Marketing Analyst can access customer names.

example 2

[0054] r2:Analyst,[output Address,output Sale_Price]=>[{},{avg,sum,min,max}]

[0055] Access control rule r2 requires that when data analysts output Address and Sale_Price at the same time, they must perform avg, sum, min or max operations on Sale_Price, but there is no desensitization requirement on Address. Since Address further includes State, City, Street, and Zip in the data resource hierarchy, when one of them is output together with Sale_Price, the access control rule is also applicable. In addition, both Address and Sale_Price in the access control rule correspond to the output action. Therefore, when the Address or Sale_Price is not directly output but used for condition judgment, the access control rule will no longer apply.

example 3

[0057] r3: Analyst, [access State, access City, access Street] => forbid

[0058] Access control rule r3 prohibits data analysts from accessing State, City and Street at the same time. However, data analysts can independently access one or two of the three data resources, such as accessing State alone, or accessing State and City at the same time.

[0059] After the above description of the access control rule is completed, after the access control request for data analysis is received, the access control request is controlled based on the access control rule. The access control method specifically includes the following steps:

[0060] For each access control rule, first check whether the data access request triggers the access control rule; if triggered, then check whether the data access request meets the restrictions of the access control rule; if so, continue to traverse subsequent access control rules until the data The data resource request is authorized only when the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an access control rule description method for data analysis. The method includes the steps that firstly, user roles are divided into one or more role units according to application scenarios, and data resources are divided into one or more data elements; secondly, the user roles are organized into a hierarchical structure form, wherein an intermediate node includes role units corresponding to all descendant nodes of the intermediate node, and leaf nodes correspond to specific personnel corresponding to the role units in a certain application scenario; the data sources are organized into a hierarchical structure form, wherein an intermediate node includes data elements corresponding to all descendant nodes of the intermediate node, and leaf nodes correspond to a group of real data; thirdly, a group of actions are designated for each data resource; fourthly, access control rules for controlling access to the data sources are described based on the user roles, the data resources and the actions. The method supports control over simultaneous access to the data resources, and it can be required to carry out specific desensitization operation on the data resources.

Description

technical field [0001] The invention relates to the technical field of data resource rights management and control, in particular to an access control rule description method for data analysis. Background technique [0002] Data analysis refers to the process of drawing useful information and conclusions from data using appropriate statistical analysis methods. With the development of cloud computing, big data and other related technologies, more and more enterprises and institutions are beginning to use data analysis technology to mine the value of commercial data. Typical application scenarios include retail enterprises, medical institutions, and social networks. However, commercial data usually contains a lot of sensitive information, such as user personal information and commercial confidential information. In order to protect the security of business data, data access needs to be controlled. [0003] Access control technology ensures that resources are not illegally ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/60G06F21/45
CPCG06F21/45G06F21/604
Inventor 贺飞罗晨
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com