Unstructured data (mostly text data) have become a vital part in the era of big data. Hence, it has become increasingly difficult to identify the internal relations among data and describing the access control object during the design of access control (especially fine-grained access control) policies. Furthermore, in recent years, security incidents have frequently occurred due to the leakage of secrets by insiders, in both enterprises and government agencies around the world. Due to dynamic user behavior, it is difficult to determine “curious accesses” and grant authority based on traditional static access control models. Therefore, we need a dynamic access control model that is content-driven and can be used to find curious users in daily practice. This paper proposes a risk-aware content-based access control model (RCBAC) which can be used to solve over-authorization problems and can grant file-level authority to users. Based on the relevance of the data content and the duties of each user, RCBAC can quantify the risk of both the access behavior and the access history; accordingly, each user's access ability can be adjusted dynamically. The experimental results show that the RCBAC model can separate curious users from normal users and limit the access ability of curious users.

非结构化数据（主要是文本数据）已成为大数据时代的重要组成部分。因此，在访问控制（尤其是细粒度的访问控制）策略的设计过程中，越来越难以识别数据之间的内部关系并描述访问控制对象。此外，近年来，由于内部人员在世界各地的企业和政府机构中泄露的机密信息，安全事件屡屡发生。由于动态的用户行为，很难基于传统的静态访问控制模型来确定“好奇的访问”并授予权限。因此，我们需要一个由内容驱动的动态访问控制模型，该模型可用于在日常实践中查找好奇的用户。本文提出了一种基于风险的基于内容的访问控制模型（RCBAC），该模型可用于解决过度授权问题并可以向用户授予文件级权限。根据数据内容的相关性和每个用户的职责，RCBAC可以量化访问行为和访问历史的风险；因此，可以动态地调整每个用户的访问能力。实验结果表明，RCBAC模型可以将好奇用户与正常用户区分开，并限制了好奇用户的访问能力。