军工企业条件保障系统中分布式服务访问控制研究
发布时间:2018-09-11 19:40
【摘要】:军工企业条件保障系统是管理军工项目建设全过程的分布式服务系统。Web服务具有开放性、高度动态性、用户及其行为不确定性等特点,其安全性很难得到保证。访问控制作为五大安全技术之一,能有效防止Web服务资源被非授权用户访问。然而,传统的访问控制模型不能满足Web服务系统的授权要求。因此,为军工企业条件保障系统建立一个高效的、安全可靠的、面向Web服务的访问控制机制是非常必要的。 本文根据军工企业条件保障系统对访问控制的需求,设计了面向Web服务的访问控制机制。将Web服务访问实体分为两类:注册实体和陌生实体。针对注册实体,提出一种基于TRBAC的动态多级Web服务访问控制模型(DWMSTRBAC)。该模型将Web服务及其属性纳入资源范畴,设计了三级资源控制机制,扩充并严格定义了模型的约束规则,通过角色扮演者和任务管理者,达到了细粒度、严格、安全的动态授权。针对陌生实体,提出一种基于信任的Web服务动态访问控制模型(DWTBAC)。通过引入时间权重因子、交互情况上下文、推荐级数和推荐强度等客观因素,,改进信任值的计算方法,根据信任区间-信任等级-权限强度的三元映射关系进行授权管理,实现部分授权。提出一种基于服务质量惩罚机制的直接交互经验值更新算法,抵制恶意实体的不良行为,迫使实体从事最佳诚信交互,通过仿真实验验证了算法的效果。 最后,将面向Web服务的访问控制机制实现并初步应用于军工企业条件保障系统的授权管理子系统中,实践表明,该机制能有效解决注册实体和陌生实体的访问控制问题,从而保证Web服务的安全。
[Abstract]:As one of the five security technologies, access control can effectively prevent Web service resources from being visited by unauthorized users. Question. However, the traditional access control model can not meet the authorization requirements of the Web service system. Therefore, it is necessary to establish an efficient, secure and reliable Web service-oriented access control mechanism for the military enterprise conditional support system.
According to the requirement of access control in military enterprise condition guarantee system, this paper designs a Web service-oriented access control mechanism. Web service access entities are divided into two categories: registered entities and unknown entities. A TRBAC-based dynamic multilevel Web service access control model (DWMSTRBAC) is proposed for registered entities. A three-level resource control mechanism is designed to extend and strictly define the constraint rules of the model. The fine-grained, strict and secure dynamic authorization is achieved by role-playing and task manager. A trust-based dynamic access control model for Web services (DWTBAC) is proposed for unfamiliar entities. The objective factors, such as time weighting factor, interaction context, recommendation series and recommendation intensity, are improved to calculate trust value. Authorization management is carried out according to the ternary mapping relationship of trust interval-trust level-authority intensity, and partial authorization is realized. Resisting the bad behavior of malicious entities, forcing entities to engage in the best trust interaction, the simulation results show that the algorithm is effective.
Finally, a Web service-oriented access control mechanism is implemented and preliminarily applied to the authorization management subsystem of the Military Enterprise Conditional Support System. The practice shows that the mechanism can effectively solve the access control problems of registered entities and unknown entities, thus ensuring the security of Web services.
【学位授予单位】:南京航空航天大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2237678
[Abstract]:As one of the five security technologies, access control can effectively prevent Web service resources from being visited by unauthorized users. Question. However, the traditional access control model can not meet the authorization requirements of the Web service system. Therefore, it is necessary to establish an efficient, secure and reliable Web service-oriented access control mechanism for the military enterprise conditional support system.
According to the requirement of access control in military enterprise condition guarantee system, this paper designs a Web service-oriented access control mechanism. Web service access entities are divided into two categories: registered entities and unknown entities. A TRBAC-based dynamic multilevel Web service access control model (DWMSTRBAC) is proposed for registered entities. A three-level resource control mechanism is designed to extend and strictly define the constraint rules of the model. The fine-grained, strict and secure dynamic authorization is achieved by role-playing and task manager. A trust-based dynamic access control model for Web services (DWTBAC) is proposed for unfamiliar entities. The objective factors, such as time weighting factor, interaction context, recommendation series and recommendation intensity, are improved to calculate trust value. Authorization management is carried out according to the ternary mapping relationship of trust interval-trust level-authority intensity, and partial authorization is realized. Resisting the bad behavior of malicious entities, forcing entities to engage in the best trust interaction, the simulation results show that the algorithm is effective.
Finally, a Web service-oriented access control mechanism is implemented and preliminarily applied to the authorization management subsystem of the Military Enterprise Conditional Support System. The practice shows that the mechanism can effectively solve the access control problems of registered entities and unknown entities, thus ensuring the security of Web services.
【学位授予单位】:南京航空航天大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 魏永合;王成恩;舒启林;马明旭;;面向任务的工作流访问控制模型[J];东北大学学报(自然科学版);2008年03期
2 徐宇茹;李瑛;郭天杰;;基于TRBAC的分布式指挥系统访问控制建模[J];海军航空工程学院学报;2010年04期
3 刘武;段海新;张洪;任萍;吴建平;;TRBAC:基于信任的访问控制模型[J];计算机研究与发展;2011年08期
4 安小明;王小明;王巧玲;;具有时空约束的角色访问控制模型[J];计算机工程与应用;2010年07期
5 张绍莲;欧阳毅;杜鹏;谢俊元;;角色层次关系的分析与研究[J];计算机科学;2002年03期
6 陈军冰;王志坚;艾萍;许发见;;关于RBAC模型中约束的研究综述[J];计算机工程;2006年09期
7 戴常英;张广志;;Web服务中的信任评估模型[J];计算机工程;2009年09期
8 马晓宁;冯志勇;徐超;;Web服务中基于信任的访问控制[J];计算机工程;2010年03期
9 许峰 ,赖海光 ,黄皓 ,谢立;面向服务的角色访问控制技术研究[J];计算机学报;2005年04期
10 沈海波;洪帆;;基于属性的授权和访问控制研究[J];计算机应用;2007年01期
本文编号:2237678
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2237678.html
