中文摘要：

访问控制的任务是在为用户提供最大资源共享的基础上，防止用户对信息的越权篡改和滥用，以保证信息的安全，它是解决当前日益突出的地理空间数据共享与安全矛盾的关键。针对现有地理空间数据文件访问控制存在控制形式单一、缺少合适地理空间数据文件特征的访问控制理论模型支撑的问题，结合地理空间数据的多尺度特征与属性特征，通过扩展元属性、引入加解密机制，提出了一种基于属性的访问控制模型——GDF-ABAC模型。该模型支持多种粒度的访问控制，具有良好的灵活性与可扩展性。最后，研究基于GDF-ABAC模型，实现了Shapefile格式数据的要素级细粒度访问控制，验证了模型的有效性与实用性。

英文摘要：

The task of access control is providing maximum sharing of information for users by preventing users from unauthorized tampering and abuse. It is the key to solve the current increasingly prominent contradictions between geospatial data sharing and security. Compared to spatial database, the geospatial data access control research on the file is relatively rare at present, and the existing geospatial data file access control is not only single in control form but also lack of appropriate access control model which supports the expression of geospatial data characteristics. In this paper, an access control model named GDF-ABAC which is an extension of ABAC is proposed to deal with the problem that the access control of the geospatial data file is not flexible and has limitations. Because of including the multi-scale characteristies, attributes of geospatial data and meta-attributes, this model supports multiple granularity access control which has improved the flexibility and extensibility for the expression of ac- cess control policy. What＇s more, this model makes the geospatial data file more secure by setting the mechanism of encryption- deeryption which keeps the geospatial data file under control. Finally based on the GDF-ABAC model, an access control system is implemented for Shapefile data by the technology of file system filter driver. This access control system supports cross-platform and fine-grained access control which proves the validity and practicability of GDF-ABAC.