The invention belongs to the field of information safety, and particularly relates to a measurement data safety protection method, which comprises the following steps of: 1,
user authentication: when a user accesses a data resource for the first time, firstly applying a safety
certificate from a safety
certificate authority so as to prove the identity of the user when the user accesses the data resource,
safety assurance is carried out on malicious access which does not obtain the safety
certificate by adopting a mode of denying to access
data resources; and step 2: domain positioning: when a user passing identity
authentication accesses
data resources, an access request Req (SAVt, RAVm, EAVn, AAVk) is forwarded to
a domain positioning
server, the domain positioning
server analyzes a subject attribute and a resource attribute, the subject attribute and the resource attribute respectively correspond to the SAVt and the RAVt, and whether local access or cross-domain access is determined according to an analysis result. According to the method, an attribute-based
access control model is adopted, the problems of
user authentication, domain positioning, access decision and module association are solved, the data safety in a
big data environment can be effectively protected, and quick decision and efficient access can be realized.