RCBAC: A risk-aware content-based access control model for large-scale text data

Abstract

Unstructured data (mostly text data) have become a vital part in the era of big data. Hence, it has become increasingly difficult to identify the internal relations among data and describing the access control object during the design of access control (especially fine-grained access control) policies. Furthermore, in recent years, security incidents have frequently occurred due to the leakage of secrets by insiders, in both enterprises and government agencies around the world. Due to dynamic user behavior, it is difficult to determine “curious accesses” and grant authority based on traditional static access control models. Therefore, we need a dynamic access control model that is content-driven and can be used to find curious users in daily practice. This paper proposes a risk-aware content-based access control model (RCBAC) which can be used to solve over-authorization problems and can grant file-level authority to users. Based on the relevance of the data content and the duties of each user, RCBAC can quantify the risk of both the access behavior and the access history; accordingly, each user's access ability can be adjusted dynamically. The experimental results show that the RCBAC model can separate curious users from normal users and limit the access ability of curious users.