KEYWORDS: Data modeling, Computer security, Blockchain, Data storage, Data communications, Digital watermarking, Artificial intelligence, Mathematical modeling, Associative arrays, Power grids
In the construction of new power systems, data as a production factor plays an increasingly important role. In order to improve the efficiency of data utilization, power grid enterprises have established a data management and application system based on data middle platform. However, the current data middle platform still faces security problems such as unclear data ownership, lack of traceability mechanism for data sharing, and inaccurate data access control. Based on this, a layered security protection system for data sharing is proposed in this paper. Firstly, the security protection architecture of data middle platform is constructed from data asset layer, analysis layer and application layer. Secondly, we propose a blockchain-based data rights confirmation method and a model-data mapping-based data call trusted record method to provide data rights protection basis for data owners. Finally, a user anomaly recognition model based on data interaction behavior is constructed to identify the user’s abnormal behavior in real-time, and the attack process is blocked by dynamic permission adjustment. The protection system has higher flexibility and accuracy in the extended protection of data sharing, which has important reference value for improving the security protection level of data middle platform.
Attribute-based access control models are widely used in permission management for resource access. By mining access control lists of policies, it can significantly reduce the cost of policy management and streamline the composition of policy rules. However, as resources increase, access policies will become complex. Uncontrolled attribute will lead to policy conflicts and thus policy mining will no longer be reliable. To address this issue, we propose a dynamic access control model based on attribute reachability. Firstly, we analysed the accessibility of attributes to ensure the reliability of authorised attributes. Secondly, we propose a multi-dimensional attribute management mechanism based on precondition-limited attributes, which enables permission passing and inheritance. On the basis of reachability access policy, we finally achieved secure policy mining changes by traversing user permission relationship tuples and constructing candidate rule seeds.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.