CAJ | 학술논문

Web服务具有开放性、高度动态性、松散耦合性及跨平台性等特点，传统的访问控制方式已不能满足其跨域访问的安全需求。通过集成信任管理及可信平台度量扩展了XACML访问控制模型，提出基于信任度量的跨域访问控制模型。该模型在对用户统一身份认证的基础上，通过分析用户历史访问行为，引入用户信任度、平台配置完整度和域间信任度，提高了跨域访问控制的动态性和安全性。同时，给出了域内信任度管理点和跨域信任度管理点两个功能模块的具体实现描述，采用信任度缓存实时更新的方法分析了海量历史访问行为的复杂度问题，提高了系统效率。
Web복무구유개방성、고도동태성、송산우합성급과평태성등특점，전통적방문공제방식이불능만족기과역방문적안전수구。통과집성신임관리급가신평태도량확전료XACML방문공제모형，제출기우신임도량적과역방문공제모형。해모형재대용호통일신빈인증적기출상，통과분석용호역사방문행위，인입용호신임도、평태배치완정도화역간신임도，제고료과역방문공제적동태성화안전성。동시，급출료역내신임도관리점화과역신임도관리점량개공능모괴적구체실현묘술，채용신임도완존실시경신적방법분석료해량역사방문행위적복잡도문제，제고료계통효솔。
For the Web services is open,highly dynamic,loose coupling,cross-platform and traditional access control methods cannot meet the security demand of the cross-domain access anymore.By integrating the trust management and trusted platform measuring,the XACML access control model was expanded and a cross-domain access control model based on trust measurement was proposed.Based on the users’uniform identity authentication,the user’s trust degree, platform configuration integrity and inter-domain trust degree were introduced in the model through the analysis of us-ers’historical access behavior.And therefore the dynamics and security of the cross-domain access control were im-proved.At the same time,according to the complexity of the analysis of massive historical access behavior,the imple-mentation of Inside Trust Manager Point and Outside Trust Manager Point were described in detail.The trust degree cache and real-time updating method were put forward,which improves the efficiency of the system effectively.