您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

山东大学学报(理学版) ›› 2014, Vol. 49 ›› Issue (09): 115-122.doi: 10.6040/j.issn.1671-9352.2.2014.342

• 论文 • 上一篇    下一篇

一种基于信任度量的Web服务跨域访问控制模型

杨晓晖, 王虹, 江丽军, 常思远   

  1. 河北大学网络技术研究所, 河北 保定 071002
  • 收稿日期:2014-06-24 修回日期:2014-08-27 出版日期:2014-09-20 发布日期:2014-09-30
  • 作者简介:杨晓晖(1975-),男,教授,博士,研究方向为可信云存储和身份认证.E-mail:yxh@hbu.edu.cn
  • 基金资助:
    国家自然科学基金资助项目(61170254);国家科技支撑计划项目(2013BAK07B04);河北省自然科学基金资助项目(F2014201152)

A cross-domain access control model of Web service based on trust measurement

YANG Xiao-hui, WANG Hong, JIANG Li-jun, CHANG Si-yuan   

  1. Institute of Network Technology, Hebei University, Baoding 071002, Hebei, China
  • Received:2014-06-24 Revised:2014-08-27 Online:2014-09-20 Published:2014-09-30

PDF (PC)

705

摘要: Web服务具有开放性、高度动态性、松散耦合性及跨平台性等特点,传统的访问控制方式已不能满足其跨域访问的安全需求。通过集成信任管理及可信平台度量扩展了XACML访问控制模型,提出基于信任度量的跨域访问控制模型。该模型在对用户统一身份认证的基础上,通过分析用户历史访问行为,引入用户信任度、平台配置完整度和域间信任度,提高了跨域访问控制的动态性和安全性。同时,给出了域内信任度管理点和跨域信任度管理点两个功能模块的具体实现描述,采用信任度缓存实时更新的方法分析了海量历史访问行为的复杂度问题,提高了系统效率。

关键词: Web服务, 信任度, 跨域访问, XACML, 访问控制

Abstract: For the Web services is open, highly dynamic, loose coupling, cross-platform and traditional access control methods cannot meet the security demand of the cross-domain access anymore. By integrating the trust management and trusted platform measuring, the XACML access control model was expanded and a cross-domain access control model based on trust measurement was proposed. Based on the users' uniform identity authentication, the user's trust degree, platform configuration integrity and inter-domain trust degree were introduced in the model through the analysis of users' historical access behavior. And therefore the dynamics and security of the cross-domain access control were improved. At the same time, according to the complexity of the analysis of massive historical access behavior, the implementation of Inside Trust Manager Point and Outside Trust Manager Point were described in detail. The trust degree cache and real-time updating method were put forward, which improves the efficiency of the system effectively.

Key words: Web service, trust degree, cross-domain access, XACML, access control

中图分类号: 

  • TP393
[1] FERRAIOLO D F, SANDHU R, GAVRILA S, et al. Proposed NIST standard for role-based access control [J]. ACM Transactions on Information and System Security (TISSEC), 2001, 4(3):224-274.
[2] YUAN E,TONG J. Attribute based access control(ABAC) for web services[C]//Proceedings of the IEEE International Conference on Web Services. Piscataway:IEEE Computer Society, 2005:561-569.
[3] 翟征德,冯登国. 一个通用的分布式访问控制决策中间件[J]. 计算机工程与应用, 2008, 44(1):17-20. ZHAI Zhengde, FENG Dengguo. Universal distributed access control decision middleware [J]. Computer Engineering and Applications, 2008, 44(1):17-20.
[4] 李晓峰,冯登国,陈朝武,等. 基于属性的访问控制模型[J]. 通信学报, 2008, 29(4): 90-98. LI Xiaofeng, FENG Dengguo, CHEN Chaowu, et al. Model for attribute based access control[J]. Journal on Communications, 2008, 29(4): 90-98.
[5] BLAZE M,FEIGENBAUM J, STRAUSS M. Compliance checking in the policymaker trust management system[C]//Financial CRyptography. Berlin-Heidelberg:Springer, 1998: 254-274.
[6] 刘武,段海新,张洪,等. TRBAC:基于信任的访问控制模型[J]. 计算机研究与发展,2011,48(8):1414-1420. LIU Wu, DUAN Haixin, ZHANG Hong, et al. TRBAC: trust based access control model [J]. Journal of Computer Research and Development, 2011, 48(8):1414-1420.
[7] 宋国峰,梁昌勇. 一种基于用户行为信任的云安全访问控制模型[C]//第十五届中国管理科学学术年会论文集 (下). 北京:中国优选法统筹法与经济数学研究会,2013:669-676. SONG Guofeng, LIANG Changyong. A security access control model based on user behavior trust under cloud environment [C]// Proceedings of the 15th Chinese Academic Management Science Annual Meeting(Ⅱ). Beijing: Chinese Society of Optimization, Overall Planning and Economical Mathematics, 2013: 669-676.
[8] 聂晓伟,冯登国. 基于可信平台的一种访问控制策略框架—TXACML[J]. 计算机研究与发展,2008,45(10):1676-1686. NIE Xiaowei, FENG Dengguo.TXACML—an access control policy framework based on trusted platform[J]. Journal of Computer Research and Development, 2008, 45(10):1676-1686.
[9] 谢四江,查雅行,池亚平. 一种基于可信等级的安全互操作模型[J]. 计算机应用研究, 2012, 29(5): 1922-1925. XIE Sijiang, ZHA Yaxing, CHI Yaping. Trust level based secure interoperation model [J]. Application Research of Computers, 2012, 29(5):1922-1925.
[10] 赫芳,刘毅,庄禄. 面向云计算平台的可信度量研究[J]. 信息网络安全, 2013 (1): 5-7. HE Fang, LIU Yi, ZHUANG Lu. Research on trust measurement of cloud computing platform[J]. Information Network Security, 2013(1):5-7.
[11] 梁洪泉,吴巍. 基于动态贝叶斯网络的可信度量模型研究[J]. 通信学报, 2013, 34(9): 68-76. LIANG Hongquan, WU Wei. Research of trust evaluation model based on dynamic Bayesian network[J]. Journal on Communications, 2013, 34(9): 68-76.
[1] 唐明伟,苏新宁,蒋勋. RESTful Web服务和知识库协同驱动的突发事件网络舆情实时追踪[J]. 山东大学学报(理学版), 2017, 52(6): 49-55.
[2] 李宇溪,王恺璇,林慕清,周福才. 基于匿名广播加密的P2P社交网络隐私保护系统[J]. 山东大学学报(理学版), 2016, 51(9): 84-91.
[3] 蔡红云,马晓雪. 在线社会网络中基于关系强度的访问控制机制[J]. 山东大学学报(理学版), 2016, 51(7): 90-97.
[4] 唐乾,杨飞,黄琪,林果园. 基于TCB子集的访问控制信息安全传递模型[J]. 山东大学学报(理学版), 2016, 51(7): 98-106.
[5] 赵斌,何泾沙,张伊璇. 基于信息熵隶属度的决策属性权重确定方法[J]. 山东大学学报(理学版), 2016, 51(3): 86-90.
[6] 吕盟, 刘哲, 刘建伟. 企业级无线局域网可信域间访问控制方案[J]. 山东大学学报(理学版), 2014, 49(11): 82-88.
[7] 邹德清, 杨凯, 张晓旭, 苑博阳, 冯明路. 虚拟域内访问控制系统的保护机制研究[J]. 山东大学学报(理学版), 2014, 49(09): 135-141.
[8] 郑小蓉. 可信Web服务的度量模型[J]. J4, 2011, 46(9): 53-56.
[9] 陈佩剑1,杨岳湘2,唐川2. 基于信任度量机制的分布式入侵检测系统[J]. J4, 2011, 46(9): 77-80.
[10] 肖雪梅1,张仁津1,2*. 基于SOA的旅游电子商务系统安全模型的研究[J]. J4, 2011, 46(9): 81-84.
[11] 陈波. 给定环境下服务接口交互的强弱相容性及可达性检测[J]. J4, 2011, 46(9): 99-105.
[12] 高枫1,何泾沙2. 基于信任和信息流模型的隐私保护方法[J]. J4, 2011, 46(5): 39-43.
[13] 刘琚,郑丽娜. 多跳无线网络中协作ARQ机制和协作MAC技术[J]. J4, 2011, 46(10): 57-65.
[14] . 基于QoS的Web服务发现技术的研究[J]. J4, 2009, 44(7): 89-91.
[15] 陈 钦,冯建华 . 一个企业级多媒体数据库的设计与实现[J]. J4, 2007, 42(9): 46-50 .
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
版权所有 © 2018 《山东大学学报(理学版)》编辑部 
地址: 山东省济南市山大南路27号山东大学中心校区(250100) 电话: +86-0531-88366917 E-mail: xblxb@sdu.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发