中文摘要：

空间数据库的广泛应用给人们的生活带来极大便利的同时,也带来了严重的安全威胁.空间应用要求授权系统支持灵活的细粒度授权策略以及否定策略,提供高效的授权实现技术.针对这些安全需求,提出一种基于谓词的矢量数据授权模型,并依据空间数据库管理系统在实现上的特征,采用谓词改写的方法实现对矢量数据的有效授权.和现有工作相比,该模型利用授权谓词表示授权区域,具有更灵活的表达能力,且支持否定授权;所提出的谓词改写的方式不仅避免授权判定时额外增加的一次空间查询,而且可以保证与空间数据库管理系统的低耦合度,还有利于空间谓词的优化,减少空间谓词的冗余.实验证明,该授权模型和实现方法能够满足空间应用的安全需求,实现对空间数据库矢量数据的访问控制和有效授权.

英文摘要：

Spatial DBMS and its applications have become more and more popular today. It makes our daily life more convenient and comfortable, but it also brings serious threats to security and privacy. Most applications require a fine-granularity flexible access control model which supports negative authorization; meanwhile, they also require an authorization implementation with high performance. According to the security requirements of the applications of vector data in spatial DBMS, a predicate- based access control model （PBAC） is presented, and predicate rewrite technique is adopted to implement the authorization model in spatial DBMS. Compared with the existing works, in our model, spatial predicate is adopted to specify the authorized objects which improves the flexibility of expression, and negative authorizations are also supported; in our implementation, predicate rewrite technique is used which not only avoids an additional spatial query in authorization enforcement but also assures the low coupling degree between implementations of vector data＇s authorization and spatial DBMS and the convenience of eliminating spatial predicate redundancies. Experiments results show that our method could satisfy the security requirements and realize the effective authorization of vector data in spatial DBMS.