中文摘要：

数据空间是一种新型的数据管理方式，能够以“pay-as-you-go”模式管理海量、动态、异构的数据。然而，由于数据空间环境下数据的动态演化、数据描述的细粒度和极松散性等原因，难于构建有效的访问控制机制。该文提出一个针对数据空间环境下极松散结构模型，重点支持更新操作的细粒度和动态的访问控制框架。首先定义更新操作集用于数据空间的数据更新，提出支持更新操作的映射方法，可将动态数据映射到关系数据库中；给出支持更新操作权限的数据空间访问控制规则的定义，并分析与关系数据库的访问控制规则二者转换的一致性；然后提出具有可靠性和完备性的访问请求动态重写算法，该算法根据用户的读/写访问请求检索相关访问控制规则，使用相关权限信息重写访问请求，从而实现支持动态更新的细粒度数据空间访问控制。理论和实验证明该框架是可行和有效的。

英文摘要：

Dataspace is a new type of data management, which can manage the mass, heterogeneous, and dynamic data in a pay-as-you-go fashion. However, it is difficult to construct an effective access control mechanism in dataspace environment, because of the data dynamic evolution, the fine-grained and extremely loose data description. A fine-grained and dynamic access control mechanism supporting secure updates is presented in this paper for very loosely structured data model which is commonly used in dataspace. Firstly, a set of update operations are defined for modifying data in the dataspace, and the mapping functionsare provided for mapping the updates data into relational databases. Secondly, the fine-grained access control rule supporting secure updates is given, and the consistency of the conversion between this rule and relational database access control rule is analyzed. Thirdly, an access request rewriting algorithm, which is sound and complete, is also presented for dynamically controlling read/write access to the data. The algorithm retrieves the related access control rules based on user＆#39;s access request, and then rewrites the request by utilizing the relevant authority. Finally, the validity of the work in this paper is proved by the theory and the experiment.