基于多维信任度的Web访问控制方法的研究与实现

发布时间：2019-06-10 16:59

【摘要】：随着电子商务、电子政务以及各种电子科技的迅猛发展,人们的生活和工作越来越离不开互联网,互联网的普及已经完全改变了人类的交往和交流方式,人们通过Web服务资源进行交流的同时由于其本身固有的开放性和共享性,也为人们在网络中的交流带来了潜在的风险。访问控制是保障Web服务安全的一个重要的方面,能够使Web服务资源更安全、有效、合法、受控的被请求者访问。本文在研究了传统的信任机制及访问控制方法的基础上,针对当前引入了信任机制的访问控制模型所存在的信任度表征形式单一、没有对用户主观贪婪欲加以限制等问题,提出一种基于多维信任度的访问控制方法,并将该方法运用到路由监测系统中。本文主要进行了以下几方面的工作:1、对本文研究的背景及意义以及在Web服务下访问控制的国内外研究现状进行了综述。2、对本文所需要用到的关键技术进行了研究,包括Web服务的相关特征及安全性分析、访问控制技术以及信任机制技术等,并对相关技术进行对比。3、针对于现有的基于信任度的访问控制模型的不足,提出了一种多维信任度的访问控制方法,通过客体在系统中的信誉值及需求度的变化对其进行动态授权,更新其在系统中的权限范围。阐明了本文模型的原理、多维信任度的构造计算方法及信任度动态更新并给出具体的计算公式与模型逻辑流程并进行了仿真验证。4、将本文所提的访问控制方法应用于某路由监测系统中,设计并实现了支持多维信任的访问控制的路由监测系统,同时对路由监测系统中的管控模块进行详细设计,然后对管控模块中的访问控制子模块进行了详细的功能、流程设计并对其进行了实现。5、根据已完成的设计方案,对路由监测系统进行环境搭建,并对访问控制子模块进行系统测试,得出测试结果并进行分析。
[Abstract]:With the rapid development of e-commerce, e-government and various electronic technologies, people's life and work are becoming more and more inseparable from the Internet. The popularity of the Internet has completely changed the way human beings communicate and communicate. At the same time, because of its inherent openness and sharing, people communicate through Web service resources, which also brings potential risks to people's communication in the network. Access control is an important aspect to ensure the security of Web services, which can make Web service resources more secure, effective, legitimate and controlled access to the requested party. On the basis of studying the traditional trust mechanism and access control method, this paper aims at the problems of single trust representation and no restriction on users' subjective greed in the current access control model which introduces trust mechanism. An access control method based on multidimensional trust is proposed and applied to routing monitoring system. The main work of this paper is as follows: 1. The background and significance of this study and the research status of access control under Web services at home and abroad are reviewed. 2, the key technologies needed in this paper are studied. Including the related characteristics and security analysis of Web services, access control technology and trust mechanism technology, and compare the related technologies. 3, aiming at the shortcomings of the existing access control model based on trust. In this paper, a multi-dimensional trust access control method is proposed, which dynamically authorizes the object through the change of reputation value and demand degree in the system, and updates its authority range in the system. The principle of the model, the construction and calculation method of multi-dimensional trust degree and the dynamic update of trust degree are expounded, and the concrete calculation formula and model logic flow are given and verified by simulation. The access control method proposed in this paper is applied to a routing monitoring system, and a routing monitoring system supporting multi-dimensional trust access control is designed and implemented. At the same time, the control module in the routing monitoring system is designed in detail. Then the access control sub-module in the control module is designed in detail, and the process is designed and implemented. 5. According to the completed design scheme, the environment of the routing monitoring system is built. The access control sub-module is tested systematically, and the test results are obtained and analyzed.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】