JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2014, Vol. 49 ›› Issue (09): 115-122.doi: 10.6040/j.issn.1671-9352.2.2014.342

Previous Articles     Next Articles

A cross-domain access control model of Web service based on trust measurement

YANG Xiao-hui, WANG Hong, JIANG Li-jun, CHANG Si-yuan   

  1. Institute of Network Technology, Hebei University, Baoding 071002, Hebei, China
  • Received:2014-06-24 Revised:2014-08-27 Online:2014-09-20 Published:2014-09-30

PDF (PC)

767

Abstract: For the Web services is open, highly dynamic, loose coupling, cross-platform and traditional access control methods cannot meet the security demand of the cross-domain access anymore. By integrating the trust management and trusted platform measuring, the XACML access control model was expanded and a cross-domain access control model based on trust measurement was proposed. Based on the users' uniform identity authentication, the user's trust degree, platform configuration integrity and inter-domain trust degree were introduced in the model through the analysis of users' historical access behavior. And therefore the dynamics and security of the cross-domain access control were improved. At the same time, according to the complexity of the analysis of massive historical access behavior, the implementation of Inside Trust Manager Point and Outside Trust Manager Point were described in detail. The trust degree cache and real-time updating method were put forward, which improves the efficiency of the system effectively.

Key words: Web service, trust degree, cross-domain access, XACML, access control

CLC Number: 

  • TP393
[1] FERRAIOLO D F, SANDHU R, GAVRILA S, et al. Proposed NIST standard for role-based access control [J]. ACM Transactions on Information and System Security (TISSEC), 2001, 4(3):224-274.
[2] YUAN E,TONG J. Attribute based access control(ABAC) for web services[C]//Proceedings of the IEEE International Conference on Web Services. Piscataway:IEEE Computer Society, 2005:561-569.
[3] 翟征德,冯登国. 一个通用的分布式访问控制决策中间件[J]. 计算机工程与应用, 2008, 44(1):17-20. ZHAI Zhengde, FENG Dengguo. Universal distributed access control decision middleware [J]. Computer Engineering and Applications, 2008, 44(1):17-20.
[4] 李晓峰,冯登国,陈朝武,等. 基于属性的访问控制模型[J]. 通信学报, 2008, 29(4): 90-98. LI Xiaofeng, FENG Dengguo, CHEN Chaowu, et al. Model for attribute based access control[J]. Journal on Communications, 2008, 29(4): 90-98.
[5] BLAZE M,FEIGENBAUM J, STRAUSS M. Compliance checking in the policymaker trust management system[C]//Financial CRyptography. Berlin-Heidelberg:Springer, 1998: 254-274.
[6] 刘武,段海新,张洪,等. TRBAC:基于信任的访问控制模型[J]. 计算机研究与发展,2011,48(8):1414-1420. LIU Wu, DUAN Haixin, ZHANG Hong, et al. TRBAC: trust based access control model [J]. Journal of Computer Research and Development, 2011, 48(8):1414-1420.
[7] 宋国峰,梁昌勇. 一种基于用户行为信任的云安全访问控制模型[C]//第十五届中国管理科学学术年会论文集 (下). 北京:中国优选法统筹法与经济数学研究会,2013:669-676. SONG Guofeng, LIANG Changyong. A security access control model based on user behavior trust under cloud environment [C]// Proceedings of the 15th Chinese Academic Management Science Annual Meeting(Ⅱ). Beijing: Chinese Society of Optimization, Overall Planning and Economical Mathematics, 2013: 669-676.
[8] 聂晓伟,冯登国. 基于可信平台的一种访问控制策略框架—TXACML[J]. 计算机研究与发展,2008,45(10):1676-1686. NIE Xiaowei, FENG Dengguo.TXACML—an access control policy framework based on trusted platform[J]. Journal of Computer Research and Development, 2008, 45(10):1676-1686.
[9] 谢四江,查雅行,池亚平. 一种基于可信等级的安全互操作模型[J]. 计算机应用研究, 2012, 29(5): 1922-1925. XIE Sijiang, ZHA Yaxing, CHI Yaping. Trust level based secure interoperation model [J]. Application Research of Computers, 2012, 29(5):1922-1925.
[10] 赫芳,刘毅,庄禄. 面向云计算平台的可信度量研究[J]. 信息网络安全, 2013 (1): 5-7. HE Fang, LIU Yi, ZHUANG Lu. Research on trust measurement of cloud computing platform[J]. Information Network Security, 2013(1):5-7.
[11] 梁洪泉,吴巍. 基于动态贝叶斯网络的可信度量模型研究[J]. 通信学报, 2013, 34(9): 68-76. LIANG Hongquan, WU Wei. Research of trust evaluation model based on dynamic Bayesian network[J]. Journal on Communications, 2013, 34(9): 68-76.
[1] TANG Ming-wei, SU Xin-ning, JIANG Xun. The RESTful web services and knowledge base collaborative driven real-time tracking of emergency network opinion [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(6): 49-55.
[2] LI Yu-xi, WANG Kai-xuan, LIN Mu-qing, ZHOU Fu-cai. A P2P network privacy protection system based on anonymous broadcast encryption scheme [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(9): 84-91.
[3] CAI Hong-yun, MA Xiao-xue. Access control based on relationship strength for online social network [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(7): 90-97.
[4] TANG Qian, YANG Fei, HUANG Qi, LIN Guo-yuan. Security transfer model of access control information based on TCB subsets [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(7): 98-106.
[5] ZHAO Bin, HE Jing-sha, ZHANG Yi-xuan. The method of determining decision attribute weight based on information entropy and membership [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(3): 86-90.
[6] LÜ Meng, LIU Zhe, LIU Jian-wei. A trusted inter-domain access control scheme for enterprise WLAN [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(11): 82-88.
[7] ZOU De-qing, YANG Kai, ZHANG Xiao-xu, YUAN Bo-yang, FENG Ming-lu. Protection mechanism research of access control system in virtual domain [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(09): 135-141.
[8] ZHENG Xiao-rong. Measure model for trusted Web services [J]. J4, 2011, 46(9): 53-56.
[9] XIAO Xue-mei1, ZHANG Ren-jin1,2*. The research of SOA-based tourism e-commerce system security model [J]. J4, 2011, 46(9): 81-84.
[10] CHEN Bo. Strong and weak compatibility of services interacting under specific environment and its reachable analysis [J]. J4, 2011, 46(9): 99-105.
[11] GAO Feng1, HE Jing-sha2. A  privacy protection method based on a trust and information flow model [J]. J4, 2011, 46(5): 39-43.
[12] . Research on QoSbased Web service discovery [J]. J4, 2009, 44(7): 89-91.
[13] CHEN Kun,LIU Fang-ai,XING Chang-ming . A retrieval model of an educational resource grid based-on hierarchical P2P [J]. J4, 2008, 43(11): 72-76 .
[14] CHEN Qin,FENG Jian-hua . Design and accomplishment of enterprise multimedia databases [J]. J4, 2007, 42(9): 46-50 .
[15] ZHANG Xiao-guang,LI Yan,WANG Hai-yang . A kind of QoS-sensitive Web services composition method based on genetic algorithm [J]. J4, 2007, 42(9): 56-61 .
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE)
Supported by Beijing Magtech Co.Ltd