Web服务安全访问的关键技术研究

发布时间：2018-01-29 04:11

本文关键词： Web服务安全访问 Web服务匹配推荐信任路径策略冲突　出处：《解放军信息工程大学》2014年硕士论文　论文类型：学位论文

【摘要】：Web服务在用户体验及企业应用等方面具有重要的作用。然而,由于开放式网络的动态性,服务访问各个参与方之间的交互行为参差不齐,这给Web服务的访问过程带来一系列安全问题。目前,对Web服务安全访问过程的研究主要存在以下几个问题：(1)传统的Web服务匹配算法无法解决模糊语义环境下的Web服务匹配；(2)对Web服务推荐路径的信任评价模型仍然存在一定的不合理性；(3)现有的Web服务安全策略优化算法弱化了安全断言的描述形式。针对上述问题,本文依托国家863计划项目,以提高Web服务匹配准确性、保障多可信路径的最优聚合以及减小Web服务安全策略的冲突为目标,对Web服务安全访问过程中Web服务匹配、Web服务推荐路径的信任评价及Web服务安全策略优化3个关键技术进行研究。主要工作和研究成果如下：1、针对现有的Web服务匹配算法无法解决模糊语义环境下Web服务匹配的现象,提出一种基于动态信任语义库(DTSL)的Web服务匹配算法。首先依据可信推荐实体对Web服务的描述信息,构建DTSL;然后基于DTSL替换模糊语义概念；最后计算概念替换后的服务请求向量与服务描述向量之间的语义相似度,衡量Web服务的匹配程度。仿真实验表明,在模糊语义的Web服务匹配中,该算法与明确语义下Web服务匹配结果的契合度达到91.5%以上。2、针对Web服务推荐路径中可能存在的恶意实体、以及多信任路径导致Web服务请求不一致的现象,提出一种基于灰色-隐马尔科夫模型(G-HMM)的推荐路径筛选及聚合算法。首先对系统中所有推荐实体进行灰色聚类分析,筛选过滤恶意推荐路径；然后基于灰色马尔科夫模型(GMM)预测各推荐路径的推荐接受程度及其所在的灰类观测状态；最后将多推荐路径抽象为隐状态,针对多路径的观测序列构建隐马尔科夫模型(HMM),并基于HMM完成多推荐路径的聚合。仿真实验表明,与现有的具有高交互成功率的算法相对比,该算法在相同比例恶意实体攻击下的交互成功率能提高0.7%到1.8%。3、针对现有Web安全策略优化弱化了安全断言描述形式的问题,提出一种基于最小不相关属性集(MIAS)的Web服务安全策略优化算法。首先从服务请求信息中抽取访问Web资源所需的属性,在服务提供端,以属性取值为基础,通过去相关及无效属性删除处理,构建MIAS;然后将安全断言描述成MIAS的形式,并基于MIAS的断言集将安全策略描述成断言的逻辑“与”操作；最后基于MIAS描述的安全策略,依据属性值的取值编码,以矩阵优化的形式完成安全策略的冗余和冲突检测。仿真实验表明,与经典的安全策略冲突检测算法对比,同等测试环境下该算法的最大检测时长可以降低48%左后。
[Abstract]:Web services play an important role in user experience and enterprise application. However, due to the dynamic nature of open network, the interaction behavior of each participant is not uniform. This brings a series of security problems to the access process of Web services. In the research of Web service security access process, there are several problems as follows: 1) traditional Web service matching algorithm can not solve the problem of Web service matching in fuzzy semantic environment. 2) the trust evaluation model of Web service recommendation path still has some irrationality; 3) the existing Web services security policy optimization algorithm weakens the description of security assertion. In view of the above problems, this paper relies on the national 863 project to improve the accuracy of Web service matching. To ensure the optimal aggregation of multiple trusted paths and to reduce the conflicts of Web services security policies, the Web services matching is performed in the process of secure access to Web services. Three key technologies of Web service recommendation path trust evaluation and Web service security policy optimization are studied. The main work and research results are as follows: 1. The existing Web service matching algorithms can not solve the problem of Web service matching in fuzzy semantic environment. A Web service matching algorithm based on dynamic trust semantic library (DTSL) is proposed. Firstly, based on the description information of trusted recommendation entity to Web service, DTSLs are constructed. Then the fuzzy semantic concept is replaced based on DTSL. Finally, the semantic similarity between the service request vector and the service description vector is calculated, and the matching degree of the Web service is measured. The simulation results show that in the fuzzy semantic Web service matching. The matching degree between the algorithm and the matching result of Web services under explicit semantics is over 91.5%. The algorithm is aimed at the malicious entities that may exist in the recommended path of Web services. And multiple trust paths that cause inconsistent Web service requests. A recommendation path selection and aggregation algorithm based on gray-hidden Markov model (G-HMMM) is proposed. Firstly, all the recommended entities in the system are analyzed by grey clustering to filter malicious recommendation paths. Then, based on the grey Markov model (GMMM), the recommended acceptance degree of each recommended path and the observed state of the grey class are predicted. Finally, the multi-recommendation path is abstracted as a hidden state, the hidden Markov model is constructed for the observation sequence of the multi-path, and the aggregation of the multi-recommended path is completed based on HMM. Compared with the existing algorithms with high interaction success rate, the interaction success rate of this algorithm under the same proportion of malicious entity attacks can be increased by 0.7% to 1.8. 3. The optimization of existing Web security policy weakens the description of security assertions. This paper presents a Web service security policy optimization algorithm based on minimum irrelevant attribute set (MIASS). Firstly, the attributes needed to access Web resources are extracted from the service request information, and the attributes are extracted from the service provider. Based on the value of attributes, the misas is constructed by delinking and deleting invalid attributes. Then the security assertion is described as the form of MIAS, and the security policy is described as the logical "and" operation of the assertion based on the MIAS's assertion set. Finally, based on the security policy described by MIAS, the redundancy and conflict detection of the security policy are completed in the form of matrix optimization according to the value code of attribute value. The simulation results show that. Compared with the classical security policy conflict detection algorithm, the maximum detection time of the algorithm can be reduced by 48% left in the same test environment.
【学位授予单位】：解放军信息工程大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【相似文献】