Abstract: With the rapid development of information technology today, as the most effective storage data tool, the database stores a large number of data related to user??s privacy. But the traditional database access control model cannot guarantee the security of personal privacy data due to the different degrees of protection for the privacy information between different people. This gives birth to the emergence of purpose based access control model. Existing models concentrate on binding the data with intend purpose dynamically, but rarely concern about the distribution between users and access purpose. On the basis of previous studies, this paper proposes a purpose and context based access control model, which uses the rule reasoning mechanism and takes the context information of users as the trigger condition. In this way, the access purpose can be distributes to user dynamically. The experiment shows that, the new model not only makes up the shortcomings of existing models, but also controls the access behavior from user to database efficiently.

Key words: access control, purpose, context, rule

摘要： 在信息技术高速发展的今天，作为存储数据最有效的工具，数据库存储了大量与用户个人隐私相关的数据。由于每个人对于隐私信息的保护程度不同，传统数据库访问控制无法保证隐私数据的安全，从而产生了基于目的的访问控制模型。现有的基于目的访问控制模型主要针对数据与允许目的的动态绑定方式进行研究，考虑用户与访问目的的动态分配的研究较少。在过去研究的基础上，提出了一种基于目的和上下文的访问控制模型，模型使用规则推理机制，以用户的上下文信息作为规则触发条件，动态地为用户分配访问目的。实验结果表明，该模型不仅弥补了现有模型的缺点，而且能够高效地控制用户对数据库中隐私数据的访问行为。

关键词: 访问控制, 目的, 上下文, 规则