WO2012009877A1 - Access method based on computable credibility in distributed multi-trust domain environment - Google Patents

Access method based on computable credibility in distributed multi-trust domain environment Download PDF

Info

Publication number
WO2012009877A1
WO2012009877A1 PCT/CN2010/077303 CN2010077303W WO2012009877A1 WO 2012009877 A1 WO2012009877 A1 WO 2012009877A1 CN 2010077303 W CN2010077303 W CN 2010077303W WO 2012009877 A1 WO2012009877 A1 WO 2012009877A1
Authority
WO
WIPO (PCT)
Prior art keywords
role
behavior
user
target
trust
Prior art date
Application number
PCT/CN2010/077303
Other languages
French (fr)
Chinese (zh)
Inventor
李斓
黄恺
李建华
蔡伟
范磊
Original Assignee
上海交通大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海交通大学 filed Critical 上海交通大学
Publication of WO2012009877A1 publication Critical patent/WO2012009877A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • Access control method based on computable credit degree in distributed multi-trust domain environment
  • the invention relates to an access control method in the field of network technology, in particular to an access control method based on computable credit degree in a distributed multi-trust domain environment.
  • a role-based trust policy can facilitate distributed system batch authorization for the trust domain or other trust domain users, but cannot flexibly adjust the authorization policy according to the behavior of a certain user.
  • a behavior-based trust strategy allows users to gain more credibility by accumulating credibility through legitimate behavior in the system. Both strategies have their own advantages and disadvantages. They are suitable for different types of distributed systems. For example, role-based trust policies are suitable for distributed Web services environments, and behavior-based trust policies are more suitable for P2P network environments. However, in order to implement a more flexible and secure authorization policy, two trust policies should be combined. Authorization can be performed through trust in the user role, and the authorization policy should be adjusted in time according to the user's behavior.
  • the method is based on the community authorization service, mainly for the dynamic characteristics of the grid environment.
  • the resource control module By adding the resource control module, the resource layering, monitoring, dynamic access control is implemented, and the community authorization server and database are modified to enable the user to be implemented according to the user.
  • the context of the user dynamically changes the user role and interacts with the resource control module to achieve dynamic, transparent access and seamless integration of resources in the grid environment.
  • this method can A good description of the dynamic trust parameters of the context, but the disadvantage is that the user who performs the good behavior holds the same role as other users, but cannot obtain high trust, and thus cannot dynamically adjust the trust according to the cumulative behavior of the user. And authorization.
  • Cipheral patent application number CN200810118258.6, the announcement number is: CN101345627, and the patent name is: "A method of collusion identification based on behavior similarity in P2P networks", which assigns a trust management node to each node in the network. It is used to monitor the scoring behavior of other nodes on the node, and a behavior record node is used to record the scoring behavior of the node to other nodes. By further analyzing the similarity of the scoring behavior between the abnormal nodes, it is judged whether there is a conspiracy group, and finally the global trust value of the node is updated according to the detection result.
  • the object of the present invention is to overcome the deficiencies in the prior art and provide an access control method based on a computable credit degree in a distributed multi-trust domain environment.
  • the control method proposed by the present invention has better flexibility, and can According to the user's volume authorization, the authorization policy can also be adjusted according to the user's behavior, and can be applied in the fields of portal, shared community, information management, and the like.
  • the present invention is achieved by the following technical solutions, and the present invention includes the following steps:
  • Step 1 The user logs in to the target trust domain, and through the role mapping and role conversion, the target domain gives the user a set of roles.
  • the set of roles defines the operational rights of the current user in the context of the trusted domain.
  • Step 2 The user sends an access request to the target domain, and attempts to obtain resource information in the target domain.
  • the administrator of the target domain may define an access period of a specific role to a resource, an amount of resources accessible, a load limit, an access type, and the like.
  • Step 3 The target trust domain queries the authorization policy database according to the role set and access request granted and converted by the user: If the user's role set has the permission to execute the request, the user is given the corresponding local resource: Otherwise, the user is rejected. Request.
  • the user behavior will ultimately be generated based on the user's access request, either a successful access request or a failed request. Because of the large number of users and the behaviors they perform, it is impossible for the trust domain to perform trust and reputation calculations for each specific behavior. Therefore, local trust domains need to be properly screened, merged, and classified for behavior.
  • the purpose of screening is to record and calculate only those behaviors that have a greater impact on local resources or other users, and to exclude those that are not important: the merging of behaviors is that the multiple executions of the user are interrelated and not separate.
  • the operations that produce direct results are combined to form a chain of behavior, and a new definition of behavior is assigned to it:
  • the classification of behaviors is to consider different behaviors and the resulting gains and losses to set trust on meaningful behaviors.
  • the quantified standard value is the source of data for subsequent role reputation calculations.
  • Step 4 Calculate the updated value of the user's behavior variable according to the execution result of the user behavior, and update the user behavior variable value in the cumulative behavior library: According to the execution result, the behavior is merged into the behavior of a certain trust criterion, and the behavior is updated. Evaluate the number of user behavior executions corresponding to the foreign domain role in the library.
  • Step 5 Perform a behavior-based role transition.
  • the role transformation is based on the user's initial character set as the source node set of the conversion, and the query role conversion strategy library, for each strategy, there is a corresponding establishment condition, these conditions are expressions composed of multiple behavior variables : According to the behavior ID and the user/D query, the behavior variable value corresponding to the current user in the cumulative behavior library, if and only if the user's behavior variable value satisfies the discriminant expression, the conversion strategy can be established, and the user obtains the conversion character of.
  • Step 6 According to the role /o, all users corresponding to the role are obtained, the user is classified according to the behavior /o, and the evaluation value and the number of executions of each behavior are counted, and the behavior evaluation vector is generated, and finally the execution times of different behaviors are used as The weight, with the evaluation value as the weight, calculates the reputation value of the character.
  • Step 7 According to the change of the role reputation value, use the reputation expression as a judgment condition to adjust the role mapping strategy associated with the role.
  • the role mapping relationship can be established if and only if the role reputation value reaches the discriminant expression. Therefore, the dynamic adjustment of the trust relationship between roles is realized through the reputation feedback mechanism based on behavior statistics.
  • the behavior-based role transition is specifically an optimal path discovery in the role transition directed graph. It involves role conversion strategies, role conversion directed graphs, and so on.
  • the role conversion strategy includes three elements: a source role expression, a target role, and a transition condition, where: the source role expression is an input of the role conversion strategy, and has two forms, a single role or multiple A group of roles that are connected by roles.
  • Each role in a role expression can be a role granted by a trust domain, or a target role after multiple conversions within a trust domain:
  • the target role is the output of the role transition strategy, which can only be in the form of a single role, and sets the priority and variable threshold for each target role.
  • Each target role has a priority. The higher the priority, the greater the authority of the role:
  • Each target role contains multidimensional variables, each of which is used to describe the cumulative initial of a specific behavior for that role. Value:
  • the conversion condition is a set of comparison relations quantified based on the cumulative behavior of the user.
  • the historical behavior of the user is quantitatively evaluated by limiting the accumulated value of each behavior to determine whether the user has good or bad in the trust domain. Performance records that drive role transitions.
  • the character transformation directed graph is a visual representation of a set of role transformation strategies, and is described by a set of vertex sets, a set of directed edges, and a set of transition conditions, wherein:
  • Each element in the vertex set is a role defined by the trust domain:
  • the role transition comes from the set of input directed edges corresponding to the vertex:
  • the role The transformation comes from the set of output directed edges corresponding to the vertex:
  • the directed edge set consists of the role conversion strategy: Each edge contains the source node, that is, the role before the conversion, the target node, that is, the converted role: each directed edge corresponds to the conversion condition and the group attribute, and the conversion condition is The judgment of the directed edge path, the group attribute identifies whether the source node of the directed edge belongs to an element in the group role: if the group attribute is null, it indicates that the directed edge corresponds to a role conversion strategy: If the group attribute is a non-null value, it indicates that the directed edge and the remaining directed edges with the same group attribute together constitute a role conversion strategy.
  • the role conversion process of the directed graph combines two processes of forward search and backward search: the forward search uses the initial set of characters held by the user as the source node set, and the output edge of each node is passed.
  • the behavior-based transition condition is judged to obtain the target role node, and the source node set is updated:
  • the backward search starts from the highest priority role in the local trust domain, and obtains the source by determining the input side based on the behavior-based transition condition.
  • the end role node, and update the target node set, each backward search starts from a certain role by priority, so each target node set is derived from a starting role of the backward search.
  • the target role is the starting node of the backward search if and only if the target character set currently being searched for and the target character set of the backward search contains the same role expression element.
  • the reputation value of the character described in step 6 is obtained by the following method:
  • Equation (4) calculates the reputation of the character D.R
  • Each trust relationship Z corresponds to a reputation expression as a condition for its establishment. If RepExpr is true, then Z is valid, otherwise Z is invalid, and if there is another trust relationship in the Z-linked role mapping policy set, if it is not established, it indicates the total user group corresponding to the role in a certain period of time in the past. Poor behavior, resulting in lower reputation, the local trust domain temporarily revoked the trust relationship from the foreign domain role to the local domain.
  • the trust domain described in the above seven steps is an entity or a service site that implements an access control method for a user through a role and behavior evaluation policy.
  • the static roles and dynamic behaviors of combining users within a trust domain include:
  • the behavior variable is a behavior variable corresponding to the user's access request, and the variable value represents a cumulative evaluation of the user performing the behavior.
  • the role is converted into role conversion based on the cumulative behavior of the user, so that the user who performs well can obtain more rights, thereby enhancing the role of the user: enabling the user who performs poorly to obtain less rights, thereby reducing the role of the user.
  • the behavior evaluation vector sets different trust quantization standards for different types of behaviors, and calculates an evaluation value and an execution number of a certain behavior corresponding to a certain role according to the cumulative behavior of the user, as a behavior evaluation vector. To describe the overall performance of a certain behavior of the user group.
  • the role reputation described is a comprehensive representation of all cumulative behaviors of a user group over a period of time. Reflects the trust of a local trust domain for a role.
  • the role expressions, behavior variables, role conversion strategies, and role mapping strategies described in the above seven steps follow a unified XML Schema file definition format.
  • the use of hierarchical extension structure packaging effectively simplifies the system design, improves the flexibility of data analysis, and improves the system's ability to process data: using behavior variable quantized values, behavior evaluation values, etc., to ensure access control methods within the trust domain. Sensitivity, safety, reliability.
  • the present invention describes a role with variables, a role conversion policy, and a role mapping strategy by defining corresponding XML Schema documents and a valid XML structure.
  • the XML format facilitates the preservation and exchange of data.
  • the present invention has the following beneficial effects:
  • the prior art method only provides a single role-based access control, and the definition and description of trust is too singular to effectively solve the trust and authorization problems in the trust domain.
  • the invention combines the user's static role and dynamic behavior to evaluate the user's behavior in two aspects. First, the behavior variable is used to judge the role conversion to enhance the user's authority, and the second is to calculate the role reputation through the behavior statistics, thereby improving the trust management. mechanism.
  • the prior art does not consider the behavior of the user, and there is no good feedback evaluation mechanism to adjust the security policy in the trust domain.
  • the role relationship based trust relationship adjustment can effectively calculate the overall reputation value according to the user's behavior. , thus affecting the trust relationship between domains. Helps better control access to local domain resources.
  • FIG. 1 is a structural diagram of a behavior-aware trust and authorization model in an embodiment of the present invention.
  • 2 is a behavior-based role transition directed graph in an embodiment of the present invention.
  • This example includes the following steps:
  • Step 1 The user logs in to the target trust domain, obtains the local role set through role mapping and role conversion, and the local role set is based on the behavior because each role transformation may generate a new target role and delete the old source role. Dynamic change collection.
  • the target role is connected to the local role set, and there is a process of feedback update.
  • a local role set can contain multiple roles, but each time a user action is performed, only one of the highest priority target roles can be generated as the converted optimal target role.
  • Step 2 The user sends an access request to the target domain, and the request processing module of the target trust domain queries the authorization policy library according to the local role obtained by the user after mapping and conversion, so as to determine whether the user has the corresponding permission to obtain some Resource information.
  • Step 3 If there is access right, grant the user the corresponding resource, otherwise reject the user's request. Regardless of the form, the user behavior will ultimately be generated based on the user's access request, either a successful access request or a denied access request.
  • Step 4 Store user behavior, as shown in Figure 1, the trust-related behaviors performed are recorded in the user cumulative behavior library and user behavior evaluation database.
  • the User Cumulative Behavior Library provides behavior variable values for behavior-based role transitions:
  • the User Behavior Evaluation Library provides behavior evaluation vectors for role mapping of reputation feedback.
  • the user cumulative behavior library includes: a user ID, a behavior variable name, and a behavior variable value. among them:
  • the user ID is used as the primary key, and the local trust domain assigns each user a unique ID as the identifier.
  • the behavior variable name is used to distinguish the different behaviors performed by the user.
  • Each behavior variable corresponds to a formula to calculate the incremental value of the user performing the behavior, and is added to the original value of the behavior variable. Therefore, the value of the behavior variable is a cumulative value, which serves as the basis for the comprehensive performance of the user's cumulative behavior.
  • the user behavior evaluation library includes: a role ID, a user ID, a behavior ID, a behavior cumulative execution count, and a behavior evaluation value.
  • the behavior ID is used as the primary key.
  • the quantified value is used to set the trust criterion for each behavior. The better the performance, the higher the trust value of the behavior definition.
  • the cumulative number of behaviors records the number of times a user performs the behavior, so that the total number of times a character performs the behavior can be counted as the weight of the reputation statistics based on the behavioral evaluation.
  • the behavioral evaluation value reflects the overall performance of the user's behavior over a certain period of time. It is calculated by the cumulative number of executions of behavior and the value of the trust quantization standard defined by the behavior.
  • Step 5 Behavior-based role transition. Import the role conversion policy file to generate a directed graph of the role transition, as shown in Figure 2. Each role conversion strategy belongs to a directed edge in the directed graph. The initial local character set held by the user is used as the source node set of the conversion, and the conversion condition is determined by querying the value of the corresponding behavior variable in the user cumulative behavior library.
  • the ultimate goal of the conversion is the optimal target role, the local role with the highest priority.
  • the local role set is dynamically changed. If a role transition policy is established, the role represented by the source node of the policy is removed, and the role represented by the target node of the policy is added.
  • the role conversion policy file includes: an identifier of a conversion policy, a source role expression, a target role, a role priority, a behavior variable expression, a conversion condition, and the like, where:
  • the source role expression is the input of the role conversion strategy. There are two forms, a single role or a role group connected by multiple roles. Each role in the role expression can be a local role granted by the trust domain, or a target role after multiple conversions within the trust domain.
  • the target role is the output of the role transition strategy. It can only be in the form of a single role.
  • the target role is set by priority. Each target role has a priority, and a higher priority indicates a greater authority for that role.
  • a behavior variable expression is a set of comparison relations that determine the user's cumulative behavior value, which is defined as follows:
  • the cumulative value of the behavior variable changes accordingly, which may trigger a true or false change in the associated behavior variable expression.
  • the conversion condition is based on the expression of the behavior variable, and the basis for determining the role conversion strategy is established.
  • the user can obtain the converted target role if and only if the user holds all the roles in the source role expression in the role conversion policy and the behavior variable expression in the conversion condition is true.
  • extension base ' 'AtomExprType ">
  • Step 6 Reputation calculation based on behavioral statistics.
  • other domain roles mapped to the target domain role correspond to a group of users, each of which performs different behaviors in the target domain.
  • the user ID and the behavior ID are used as the primary key for classification calculation, and the overall evaluation value of the behavior of a certain role and the total number of executions of the behavior are obtained.
  • the final calculated character reputation value is a statistical value based on user behavior.
  • Step 7 Adjust the trust delegation relationship based on the role reputation.
  • the calculated role reputation value will change and be fed back to the role mapping strategy.
  • the higher the role reputation value the more performance the corresponding user group performs.
  • the role mapping policy file describing the trust delegation relationship contains the mapping relationship between all other domain roles and the local domain roles.
  • the reputation expression is used to determine whether a certain policy is valid, that is, whether another domain role is allowed to be mapped to the domain. A role that gives the role access. If the role reputation value reaches a certain trigger value, so that the reputation expression judges to be true, the role mapping strategy is valid.
  • the role mapping policy file includes: an identifier of a trust relationship, an external domain role expression, a local domain role, a reputation expression, a constraint, a policy validity identifier, and the like, where:
  • the role expression is in the same form as the source role expression in the role conversion policy, and includes a single role or a group role.
  • a reputation expression is similar to a behavior variable expression in a role conversion strategy, and is a comparison relation group recursively derived from an atomic expression. Among them, each comparison relation is an atomic expression, which is triggered according to the role reputation value to judge true and false.
  • the constraint is the basis for judging the role mapping strategy. Limitations on access time, amount of resources accessible, time validity of certificates, type of access, etc.
  • the policy validity identifier is a state in which the mapping policy is in an active state. If the identifier is true, the policy is the basis for determining the local character set obtained after the user logs in the trust domain.
  • extension base "AtomExprType ' ' >
  • extension base M BasicCredentialType M >
  • This embodiment implements a dynamic trust and authorization method, and introduces a behavior-based role transition and a reputation-based trust relationship feedback evaluation mechanism in combination with the expression of roles and behaviors, thereby enhancing access control in a distributed multi-trust domain environment. Flexibility, security, and reliability have effectively solved user authorization and resource management issues in network system services.

Abstract

An access method based on computable credibility in distributed multi-trust domain environment in the field of network technology is provided. Said method includes: when a user logs on to a target trust domain, the target domain gives the user a role set by role mapping and role conversion. Said target domain receives access request from the user, queries authorization strategy database and then processes the request accordingly. Said target domain also updates the value of user behavior variables in accumulation behavior database, updates the number of times for performing the user behavior in behavior assessment database, performs role conversion based on behavior, generates behavior assessment vector, calculates the prestige value of the role, and adjusts the role mapping strategy associated with the role. The present invention enables the dynamic trust management of role mapping, role conversion and prestige feedback, improves the interaction ability between trust domain and user, enhances the flexibility, security, and reliability of the access control in trust domain, and effectively solves the problems of user authorization and resource management in network system services.

Description

说 明 书  Description
在分布式多信任域环境下基于可计算信誉度的访问控制方法  Access control method based on computable credit degree in distributed multi-trust domain environment
技术领域 Technical field
本发明涉及一种网络技术领域的访问控制方法, 具体是一种在分布式多信任域环境下基 于可计算信誉度的访问控制方法。  The invention relates to an access control method in the field of network technology, in particular to an access control method based on computable credit degree in a distributed multi-trust domain environment.
背景技术  Background technique
随着网络系统和资源共享的广泛普及和应用, 服务供应商的安全性正经受越来越大的挑 战。 诸如目前十分流行的 Blog系统、 论坛社区、 在线阅读和电子商铺的站点都属于一个独立 的服务提供者。每一个服务提供者可以独立地对不同用户群实施不同的访问控制策略, 从而形 成一个信任域实体。传统的基于属性的访问控制方法显然无法应对庞大的用户数量和跨域的复 杂操作, 而信任有其独特性质, 把信任应用到计算机与网络技术, 是处理这类不确定性的有效 方法。 通过信任的获取、 量化、 统计和更新来灵活地管理信任域内的服务资源和用户授权。  With the widespread adoption and application of network systems and resource sharing, the security of service providers is experiencing increasing challenges. Sites such as the currently popular blogging system, forum community, online reading and e-shopping are all independent service providers. Each service provider can independently implement different access control policies for different user groups to form a trust domain entity. The traditional attribute-based access control method obviously cannot cope with the huge number of users and complex operations across domains. Trust has its unique nature. Applying trust to computers and network technologies is an effective way to deal with such uncertainties. Flexibly manage service resources and user authorization within the trust domain through trust acquisition, quantification, statistics, and updates.
可通过两种策略来建立一个域实体内的信誉度, 第一种是根据用户的角色, 第二种则是 根据用户在一段时期内的行为。基于角色的信任策略可以方便分布式系统批量处理对本信任域 或其他信任域用户的授权,但是却不能根据某个用户的行为灵活地调整授权策略。而基于行为 的信任策略可以让用户在系统中通过正当行为累积信誉度,从而获得更多的权限。两种策略各 有利弊, 适合不同类型的分布式系统, 比如基于角色的信任策略适合于分布式 Web Services 环境,而基于行为的信任策略比较适合 P2P网络环境。然而,为了实现更灵活且安全的授权策 略, 应该结合两种信任策略, 既可以通过对用户角色的信任来进行授权, 同时也要根据用户的 行为来及时调整授权策略。  There are two strategies for establishing credibility within a domain entity, the first being based on the user's role and the second being based on the user's behavior over a period of time. A role-based trust policy can facilitate distributed system batch authorization for the trust domain or other trust domain users, but cannot flexibly adjust the authorization policy according to the behavior of a certain user. A behavior-based trust strategy allows users to gain more credibility by accumulating credibility through legitimate behavior in the system. Both strategies have their own advantages and disadvantages. They are suitable for different types of distributed systems. For example, role-based trust policies are suitable for distributed Web services environments, and behavior-based trust policies are more suitable for P2P network environments. However, in order to implement a more flexible and secure authorization policy, two trust policies should be combined. Authorization can be performed through trust in the user role, and the authorization policy should be adjusted in time according to the user's behavior.
经过对现有技术的文献检索发现, 中国专利申请号: CN200810019667.0, 公告号为: CN101257377, 专利名称为: 《一种基于社区授权服务的动态访问控制方法》, 该专利提出了一 个基于社区授权服务 CAS的动态访问控制方案。 该方法基于社区授权服务, 主要针对网格环 境的动态性特征, 通过加入资源控制模块, 实现对资源分层、 监控、 动态访问控制, 对社区授 权服务器和数据库做修改, 使之能够实现根据用户所在上下文环境动态改变用户角色, 并通过 与资源控制模块交互, 实现网格环境下对资源的动态、透明访问和无缝集成。该方法虽然能够 较好地描述上下文环境的动态信任参数,但其不足在于, 执行好行为的用户与其他用户持有相 同的角色,但是无法获得高的信任度,从而不能够根据用户的累积行为来动态调整信任及授权。 After searching the literature of the prior art, the Chinese patent application number: CN200810019667.0, the announcement number is: CN101257377, and the patent name is: "A dynamic access control method based on community authorization service", which proposes a community-based Authorized service CAS dynamic access control scheme. The method is based on the community authorization service, mainly for the dynamic characteristics of the grid environment. By adding the resource control module, the resource layering, monitoring, dynamic access control is implemented, and the community authorization server and database are modified to enable the user to be implemented according to the user. The context of the user dynamically changes the user role and interacts with the resource control module to achieve dynamic, transparent access and seamless integration of resources in the grid environment. Although this method can A good description of the dynamic trust parameters of the context, but the disadvantage is that the user who performs the good behavior holds the same role as other users, but cannot obtain high trust, and thus cannot dynamically adjust the trust according to the cumulative behavior of the user. And authorization.
中国专利申请号: CN200810118258.6, 公告号为: CN101345627, 专利名称为: 《一种 P2P 网络中基于行为相似度的共谋团体识别方法》, 该方法为网络中每个节点分配一个信任管 理节点,用于监测其它节点对该节点的评分行为, 以及一个行为记录节点用于记录该节点对其 它节点的评分行为。通过进一步分析异常节点之间评分行为的相似度,来判断是否存在共谋团 体, 最后根据检测结果更新节点的全局信任值。 该方法虽然可以识别大多数的团体共谋行为, 但其不足在于其模型中没有角色的概念, 也没有对不同行为的信任进行分类统计,每个节点的 评分是由好的行为和坏的行为共同累积的,因此其行为相似度无法细粒度地反映某个用户群体 的综合信任表现。  Chinese patent application number: CN200810118258.6, the announcement number is: CN101345627, and the patent name is: "A method of collusion identification based on behavior similarity in P2P networks", which assigns a trust management node to each node in the network. It is used to monitor the scoring behavior of other nodes on the node, and a behavior record node is used to record the scoring behavior of the node to other nodes. By further analyzing the similarity of the scoring behavior between the abnormal nodes, it is judged whether there is a conspiracy group, and finally the global trust value of the node is updated according to the detection result. Although this method can identify most of the group collusion behaviors, the disadvantage is that there is no concept of roles in the model, and there is no classification and statistics on the trust of different behaviors. The score of each node is composed of good behavior and bad behavior. Co-accumulated, so its behavioral similarity cannot reflect the comprehensive trust performance of a certain user group in a fine-grained manner.
此外, 不论是上述引证文件中的方法, 还是大多数 P2P中的信任管理机制, 要么偏重于 基于角色的静态方法,要么偏重于基于行为的动态方法。前者缺乏必要的信任反馈机制来灵活 地调整授权策略: 后者过于细粒度, 因为基于单个个体信任的存储量和计算量非常大。  In addition, whether it is the method in the above cited documents or the trust management mechanism in most P2P, it is either focused on role-based static methods or biased on behavior-based dynamic methods. The former lacks the necessary trust feedback mechanism to flexibly adjust the authorization strategy: The latter is too fine-grained because the amount of storage and computation based on the trust of a single individual is very large.
发明内容  Summary of the invention
本发明的目的在于克服现有技术中的不足, 提供了一种在分布式多信任域环境下基于可 计算信誉度的访问控制方法, 本发明提出的控制方法有较好的灵活性, 既可以根据用户来批量 授权, 也可以根据用户的行为来调整授权策略, 可以应用在门户网站, 共享社区, 信息管理等 领域。  The object of the present invention is to overcome the deficiencies in the prior art and provide an access control method based on a computable credit degree in a distributed multi-trust domain environment. The control method proposed by the present invention has better flexibility, and can According to the user's volume authorization, the authorization policy can also be adjusted according to the user's behavior, and can be applied in the fields of portal, shared community, information management, and the like.
本发明是通过如下技术方案实现的, 本发明包括如下步骤:  The present invention is achieved by the following technical solutions, and the present invention includes the following steps:
步骤一: 用户登录到目标信任域中, 通过角色映射和角色转换, 目标域会赋予用户的角 色集。  Step 1: The user logs in to the target trust domain, and through the role mapping and role conversion, the target domain gives the user a set of roles.
所述的角色集限定了当前用户在该信任域的上下文环境中的操作权限。  The set of roles defines the operational rights of the current user in the context of the trusted domain.
步骤二: 用户向目标域发出访问请求, 试图获取目标域中的资源信息。  Step 2: The user sends an access request to the target domain, and attempts to obtain resource information in the target domain.
所述的目标域的管理者可以限定特定角色对资源的访问时段、 可访问的资源量、 负载限 制、 访问类型等。  The administrator of the target domain may define an access period of a specific role to a resource, an amount of resources accessible, a load limit, an access type, and the like.
步骤三: 目标信任域根据用户被授予和转换后的角色集和访问请求, 査询授权策略数据 库: 如果用户的角色集具有执行该请求的权限, 则授予用户相应的本地资源: 否则, 拒绝用户 的请求。 Step 3: The target trust domain queries the authorization policy database according to the role set and access request granted and converted by the user: If the user's role set has the permission to execute the request, the user is given the corresponding local resource: Otherwise, the user is rejected. Request.
无论何种形式, 最终都会根据用户的访问请求而产生相应的用户行为, 可以是一次成功 的访问请求行为, 也可以是一次失败的被拒绝请求的行为。 由于用户的数量庞大, 所执行的行 为也各不相同,信任域不可能对每一个具体的行为都进行信任和声望的计算。 因此本地信任域 对行为需要进行适当的筛选、归并和分类。行为的筛选, 目的是只记录并计算那些会对本地资 源或者其他用户产生较大影响的行为,而排除那些不重要的行为: 行为的归并则是对于用户执 行的多个具有互相关联且单独不产生直接结果的操作进行合并,形成一条行为链, 并赋予其归 并后的新的行为定义: 行为的分类是考虑不同行为及其所产生的收益和损失, 来对有实际意义 的行为设定信任量化标准值, 是后续角色声望计算的数据来源。  Regardless of the form, the user behavior will ultimately be generated based on the user's access request, either a successful access request or a failed request. Because of the large number of users and the behaviors they perform, it is impossible for the trust domain to perform trust and reputation calculations for each specific behavior. Therefore, local trust domains need to be properly screened, merged, and classified for behavior. The purpose of screening is to record and calculate only those behaviors that have a greater impact on local resources or other users, and to exclude those that are not important: the merging of behaviors is that the multiple executions of the user are interrelated and not separate. The operations that produce direct results are combined to form a chain of behavior, and a new definition of behavior is assigned to it: The classification of behaviors is to consider different behaviors and the resulting gains and losses to set trust on meaningful behaviors. The quantified standard value is the source of data for subsequent role reputation calculations.
步骤四: 根据用户行为的执行结果计算该用户的行为变量的更新值, 并更新累积行为库 中的用户行为变量值: 根据执行结果将该行为归并到某一信任标准的行为中, 并更新行为评价 库中该外域角色对应的用户行为执行次数。  Step 4: Calculate the updated value of the user's behavior variable according to the execution result of the user behavior, and update the user behavior variable value in the cumulative behavior library: According to the execution result, the behavior is merged into the behavior of a certain trust criterion, and the behavior is updated. Evaluate the number of user behavior executions corresponding to the foreign domain role in the library.
步骤五: 进行基于行为的角色转换。  Step 5: Perform a behavior-based role transition.
所述的角色转换是以用户的初始角色集作为转换的源节点集, 査询角色转换策略库, 针 对每一条策略, 都会有相应的成立条件, 这些条件是由多个行为变量组成的表达式: 根据行为 ID和用户 /D査询累积行为库中当前用户所对应的行为变量值, 当且仅当用户的行为变量值满 足判别表达式时, 该条转换策略才能成立, 用户获得了转换后的角色。  The role transformation is based on the user's initial character set as the source node set of the conversion, and the query role conversion strategy library, for each strategy, there is a corresponding establishment condition, these conditions are expressions composed of multiple behavior variables : According to the behavior ID and the user/D query, the behavior variable value corresponding to the current user in the cumulative behavior library, if and only if the user's behavior variable value satisfies the discriminant expression, the conversion strategy can be established, and the user obtains the conversion character of.
从所述的源节点集所能达到的转换后角色集中, 选取具有最高优先级的目标角色作为最 终的转换后角色,同时更新用户所持有的角色集,作为下一次用户请求时的初始化本地角色集。  From the set of converted roles that the set of source nodes can reach, select the target role with the highest priority as the final converted role, and update the set of roles held by the user as the initialization local when the next user requests. The set of characters.
步骤六: 根据角色 /o来获取该角色对应的所有用户, 根据行为 /o对用户进行分类, 并 统计每个行为的评价值和执行次数, 生成行为评价向量, 最终通过不同行为的执行次数作为权 重, 以评价值作为权值, 计算出该角色的声望值。  Step 6: According to the role /o, all users corresponding to the role are obtained, the user is classified according to the behavior /o, and the evaluation value and the number of executions of each behavior are counted, and the behavior evaluation vector is generated, and finally the execution times of different behaviors are used as The weight, with the evaluation value as the weight, calculates the reputation value of the character.
步骤七: 根据角色声望值的改变, 以声望表达式作为判断条件, 调整与该角色相关联的 角色映射策略。 当且仅当角色声望值达到满足判别表达式时, 该角色映射关系才能成立。从而 通过基于行为统计的声望反馈机制来实现角色间信任关系的动态调整。  Step 7: According to the change of the role reputation value, use the reputation expression as a judgment condition to adjust the role mapping strategy associated with the role. The role mapping relationship can be established if and only if the role reputation value reaches the discriminant expression. Therefore, the dynamic adjustment of the trust relationship between roles is realized through the reputation feedback mechanism based on behavior statistics.
步骤五中, 所述基于行为的角色转换, 具体为角色转换有向图中最优路径发现。 涉及角 色转换策略、 角色转换有向图等。 所述的角色转换策略包含了源端角色表达式、 目标角色和转换条件这三个元素, 其中: 源端角色表达式是角色转换策略的输入端, 有两种形式, 单一角色或者由多个角色连接 而成的角色组。角色表达式中的每一个角色可以是信任域授予的角色, 或者是在信任域内经过 多次转换后的目标角色: In step 5, the behavior-based role transition is specifically an optimal path discovery in the role transition directed graph. It involves role conversion strategies, role conversion directed graphs, and so on. The role conversion strategy includes three elements: a source role expression, a target role, and a transition condition, where: the source role expression is an input of the role conversion strategy, and has two forms, a single role or multiple A group of roles that are connected by roles. Each role in a role expression can be a role granted by a trust domain, or a target role after multiple conversions within a trust domain:
目标角色是角色转换策略的输出端, 只能是单一角色的形式, 并且为每个目标角色设定 优先级和变量阚值。每个目标角色都含有优先级, 优先级越高表明该角色的权限越大: 每个目 标角色都含有多维变量, 其中每个变量值都用于描述该角色对应的某个具体行为的累计初始 值:  The target role is the output of the role transition strategy, which can only be in the form of a single role, and sets the priority and variable threshold for each target role. Each target role has a priority. The higher the priority, the greater the authority of the role: Each target role contains multidimensional variables, each of which is used to describe the cumulative initial of a specific behavior for that role. Value:
转换条件是基于用户累积行为量化的一组比较关系式, 通过对每个行为的累计值限定阚 值来对用户的历史行为进行量化评估, 从而判断用户在信任域中是否有好的或者坏的表现记 录, 从而驱动角色转换。  The conversion condition is a set of comparison relations quantified based on the cumulative behavior of the user. The historical behavior of the user is quantitatively evaluated by limiting the accumulated value of each behavior to determine whether the user has good or bad in the trust domain. Performance records that drive role transitions.
所述的角色转换有向图是角色转换策略集合的一种可视化表现形式, 用顶点集合、 有向 边集合、 转换条件集合来描述, 其中:  The character transformation directed graph is a visual representation of a set of role transformation strategies, and is described by a set of vertex sets, a set of directed edges, and a set of transition conditions, wherein:
顶点集合中的每一个元素都是信任域定义的一个角色: 当某个顶点作为目标节点时, 角 色转换来自于该顶点所对应的输入有向边集合: 当某个顶点作为源节点时,角色转换来自于该 顶点所对应的输出有向边集合:  Each element in the vertex set is a role defined by the trust domain: When a vertex is used as the target node, the role transition comes from the set of input directed edges corresponding to the vertex: When a vertex is used as the source node, the role The transformation comes from the set of output directed edges corresponding to the vertex:
有向边集合由角色转换策略组成: 每一条边包含了源节点, 即转换前的角色, 目标节点, 即转换后的角色:每条有向边都对应转换条件和组属性,转换条件是该有向边通路的判断依据, 组属性标识该有向边的源节点是否属于组角色中的某一元素:如果组属性为空值, 则表明该有 向边就对应某一条角色转换策略: 如果组属性为非空值, 则表明该有向边和其余具有相同组属 性的有向边共同组成了某一条角色转换策略。  The directed edge set consists of the role conversion strategy: Each edge contains the source node, that is, the role before the conversion, the target node, that is, the converted role: each directed edge corresponds to the conversion condition and the group attribute, and the conversion condition is The judgment of the directed edge path, the group attribute identifies whether the source node of the directed edge belongs to an element in the group role: if the group attribute is null, it indicates that the directed edge corresponds to a role conversion strategy: If the group attribute is a non-null value, it indicates that the directed edge and the remaining directed edges with the same group attribute together constitute a role conversion strategy.
所述的有向图的角色转换过程结合了前向搜索和后向搜索两个过程: 前向搜索以用户所 持有的初始化角色集作为源节点集,通过对其中的每个节点的输出边进行基于行为的转换条件 的判断, 来获取目标角色节点, 并更新源节点集: 后向搜索从本地信任域中优先级最高的角色 开始, 通过判断其输入边基于行为的转换条件, 来获取源端角色节点, 并更新目标节点集, 每 一次后向搜索都按优先级从某一个角色开始,因此每一个目标节点集都源于后向搜索的一个起 始角色。 当且仅当前向搜索的源节点集和后向搜索的目标角色集包含相同的角色表达式元素, 则目标角色即为后向搜索的起始节点。 步骤六中所述的角色的声望值, 通过以下方法获得: The role conversion process of the directed graph combines two processes of forward search and backward search: the forward search uses the initial set of characters held by the user as the source node set, and the output edge of each node is passed. The behavior-based transition condition is judged to obtain the target role node, and the source node set is updated: The backward search starts from the highest priority role in the local trust domain, and obtains the source by determining the input side based on the behavior-based transition condition. The end role node, and update the target node set, each backward search starts from a certain role by priority, so each target node set is derived from a starting role of the backward search. The target role is the starting node of the backward search if and only if the target character set currently being searched for and the target character set of the backward search contains the same role expression element. The reputation value of the character described in step 6 is obtained by the following method:
査找外域角色 AT?对应的用户群,其中的任一用户 在过去的某段时间内执行了不同的行 为, 根据某个行为 所预设定的信任量化标准值 和累积执行次数 ¾, 公式(1)计算出该角 色对应的某一个用户的行为评价值 rAi, 其中"表示信任基因子, 表示递增因子。 随着 ¾的 增加, rAi会逐渐趋向于理想值 。 Find the user group corresponding to the foreign domain role AT?, any of the users performed different behaviors in a certain period of time, based on the pre-set trust quantization standard value and cumulative execution number 3⁄4, formula (1) Calculate the behavior evaluation value r Ai of a certain user corresponding to the character, where "represents the trust gene, indicating the increment factor. As the 3⁄4 increases, r Ai will gradually tend to the ideal value.
7 ,=" + (1- " H "- 1 (1), 以行为 /o为主键对不同的行为进行分组。其中, 每条行为都对应《个不同的执行者。公 式(2)计算某个角色对应的行为 k的评价均值 7;, 公式(3)计算行为 k的执行总次数 ¾, 从而生成角色 W对应的行为 的评价向量: BEk = (R,Tk,Qk), 其中: Tk = (∑Tk i)/n (2) , 7 , =" + (1- " H "- 1 (1), grouping different behaviors with behavior /o as the primary key. Each behavior corresponds to "a different performer. Formula (2) calculates a certain The average value of the behavior k corresponding to each character is 7; and the formula (3) calculates the total number of executions of the behavior k 3⁄4, thereby generating an evaluation vector of the behavior corresponding to the character W: B E k = (R, T k , Q k ) , where: T k = (∑T ki )/n (2) ,
'■=1 α = (3),  '■=1 α = (3),
;=1 根据不同的行为 /0, 以每个行为的总执行次数 ¾作为权重, 以行为的整体评价值 7 作 为权值, 加权统计 个行为的综合评价值, 得出角色声望。 公式(4)计算了角色 D.R的声望 ;=1 According to different behaviors /0, the total number of executions of each behavior is 3⁄4 as the weight, and the overall evaluation value of the behavior 7 is used as the weight, and the comprehensive evaluation value of the statistical behavior is weighted to obtain the role reputation. Equation (4) calculates the reputation of the character D.R
Rep(D.R)。 Rep (D.R).
R^(D.R) = (¾r,*¾)/ ;ft (4)。 步骤七中所述的角色间信任关系的动态调整, 具体为:  R^(D.R) = (3⁄4r, *3⁄4)/ ; ft (4). The dynamic adjustment of the trust relationship between the roles described in step 7 is as follows:
每个信任关系 Z,都对应一个声望表达式 作为其成立的条件。如 RepExpr判断为 真, 则 Z有效, 否则 Z无效, 并査找 Z关联的角色映射策略集中是否存在另一个信任关系 Γ成立, 如果都不成立, 则表明过去的某个时段内角色对应的用户群总体行为表现不佳, 导致声望值降 低, 本地信任域暂时撤销了从该外域角色到本地域的信任关系。  Each trust relationship Z corresponds to a reputation expression as a condition for its establishment. If RepExpr is true, then Z is valid, otherwise Z is invalid, and if there is another trust relationship in the Z-linked role mapping policy set, if it is not established, it indicates the total user group corresponding to the role in a certain period of time in the past. Poor behavior, resulting in lower reputation, the local trust domain temporarily revoked the trust relationship from the foreign domain role to the local domain.
在上述七个步骤中所述的信任域是通过角色和行为评价策略对用户实施访问控制方法的 某个实体或者某种服务站点。 在信任域内结合用户的静态角色和动态行为包括: 所述的行为变量为用户的访问请求对应一个行为变量, 其变量值表示用户执行该行为的 累积评价。 The trust domain described in the above seven steps is an entity or a service site that implements an access control method for a user through a role and behavior evaluation policy. The static roles and dynamic behaviors of combining users within a trust domain include: The behavior variable is a behavior variable corresponding to the user's access request, and the variable value represents a cumulative evaluation of the user performing the behavior.
所述的角色转换为基于用户的累积行为进行角色转换, 使得表现好的用户能够获得更多 权限, 从而提升用户的角色: 使得表现不好的用户获得更少的权限, 从而降低用户的角色。  The role is converted into role conversion based on the cumulative behavior of the user, so that the user who performs well can obtain more rights, thereby enhancing the role of the user: enabling the user who performs poorly to obtain less rights, thereby reducing the role of the user.
所述的行为评价向量为不同类型的行为设定不同的信任量化标准, 并根据用户的累积行 为来计算出某个角色所对应的某个行为的评价值和执行次数,作为一个行为评价向量,来描述 该用户群的某个行为的整体表现。  The behavior evaluation vector sets different trust quantization standards for different types of behaviors, and calculates an evaluation value and an execution number of a certain behavior corresponding to a certain role according to the cumulative behavior of the user, as a behavior evaluation vector. To describe the overall performance of a certain behavior of the user group.
所述的角色声望为用于描述某个用户群在一段时期内所有累积行为的综合表现。 反映了 本地信任域对于某个角色的信任。  The role reputation described is a comprehensive representation of all cumulative behaviors of a user group over a period of time. Reflects the trust of a local trust domain for a role.
在上述七个步骤中所述的角色表达式、 行为变量、 角色转换策略、 角色映射策略都遵循 统一的 XML Schema文件定义格式。 采用层次扩展结构的封装, 有效简化了系统的设计, 提高 了数据解析的灵活性,提高了系统处理数据的能力:采用行为变量量化值、行为评价值等形式, 保证了信任域内访问控制方法的敏感性、 安全性、 可靠性。  The role expressions, behavior variables, role conversion strategies, and role mapping strategies described in the above seven steps follow a unified XML Schema file definition format. The use of hierarchical extension structure packaging effectively simplifies the system design, improves the flexibility of data analysis, and improves the system's ability to process data: using behavior variable quantized values, behavior evaluation values, etc., to ensure access control methods within the trust domain. Sensitivity, safety, reliability.
能够根据用户所持有的角色集和所实施的行为, 根据信任域间的信任委托和基于有向图 的角色转换策略, 确定用户最适合的角色, 以实时调整用户的访问权限。 并且能够根据用户群 的累积行为, 分类统计行为感知的信任值, 计算角色声望, 从而动态调整角色间的信任关系。 本发明通过定义相应的 XML Schema文档和有效的 XML结构来描述带变量的角色,角色转换策 略和角色映射策略。 作为表达能力强大的语言, XML格式能便于数据的保存和交换。 与现有 技术相比, 本发明具有如下有益效果:  According to the set of roles held by the user and the implemented behavior, according to the trust delegation between the trust domains and the role conversion strategy based on the directed graph, the most suitable role of the user is determined, and the access rights of the user are adjusted in real time. And according to the cumulative behavior of the user group, the trust value of the statistical behavior is classified and the reputation of the role is calculated, thereby dynamically adjusting the trust relationship between the roles. The present invention describes a role with variables, a role conversion policy, and a role mapping strategy by defining corresponding XML Schema documents and a valid XML structure. As a powerful language, the XML format facilitates the preservation and exchange of data. Compared with the prior art, the present invention has the following beneficial effects:
1、现有技术的方法只提供单一的基于角色的访问控制,对信任度的定义和描述过于单一, 不能有效地解决信任域内的信任和授权问题。本发明结合用户的静态角色和动态行为,对用户 的行为进行两方面的评估, 一是通过行为变量来判断角色转换来提升用户的权限,二是通过行 为统计来计算角色声望, 从而完善信任管理机制。  1. The prior art method only provides a single role-based access control, and the definition and description of trust is too singular to effectively solve the trust and authorization problems in the trust domain. The invention combines the user's static role and dynamic behavior to evaluate the user's behavior in two aspects. First, the behavior variable is used to judge the role conversion to enhance the user's authority, and the second is to calculate the role reputation through the behavior statistics, thereby improving the trust management. mechanism.
2、现有技术没有考虑用户的行为表现, 没有一种良好的反馈评估机制来调整信任域内的 安全策略, 本发明中基于角色声望的信任关系调整能有效地根据用户的行为来统计整体声望 值, 从而影响域之间的信任关系。 有利于更好地控制对本地域资源的访问。  2. The prior art does not consider the behavior of the user, and there is no good feedback evaluation mechanism to adjust the security policy in the trust domain. In the present invention, the role relationship based trust relationship adjustment can effectively calculate the overall reputation value according to the user's behavior. , thus affecting the trust relationship between domains. Helps better control access to local domain resources.
3、 用 XML Schema格式来描述带变量的角色、 角色转换策略、 信任关系, 形成一套相互 配合的访问控制协议。 附图说明 3. Use XML Schema format to describe roles with variables, role conversion strategies, and trust relationships to form a set of interoperable access control protocols. DRAWINGS
图 1是本发明实施例中基于行为感知的信任及授权模型的结构图。  1 is a structural diagram of a behavior-aware trust and authorization model in an embodiment of the present invention.
图 2是本发明实施例中基于行为的角色转换有向图。  2 is a behavior-based role transition directed graph in an embodiment of the present invention.
具体实施方式  detailed description
下面结合附图对本发明的实施例作详细说明: 本实例在以本发明技术方案为前提下进行 实施, 给出了详细的实施方式和具体的操作过程, 但本发明的保护范围不限于下述的实施例。  The embodiments of the present invention are described in detail below with reference to the accompanying drawings. The present embodiment is implemented on the premise of the technical solution of the present invention, and the detailed implementation manner and the specific operation process are given, but the protection scope of the present invention is not limited to the following. An embodiment.
本实例包括如下步骤:  This example includes the following steps:
步骤一: 用户登录到目标信任域, 经过角色映射和角色转换, 获得本地角色集, 由于每 次角色转换可能会生成新的目标角色, 并删除旧的源端角色, 因此本地角色集是基于行为的动 态变化集合。  Step 1: The user logs in to the target trust domain, obtains the local role set through role mapping and role conversion, and the local role set is based on the behavior because each role transformation may generate a new target role and delete the old source role. Dynamic change collection.
如图 1所示, 本实施例中目标角色与本地角色集相连, 存在反馈更新的过程。 本地角色 集可以包含多个角色,但是每次执行用户行为之后, 只可能产生一个优先级最高的目标角色作 为转换后的最优目标角色。  As shown in FIG. 1 , in this embodiment, the target role is connected to the local role set, and there is a process of feedback update. A local role set can contain multiple roles, but each time a user action is performed, only one of the highest priority target roles can be generated as the converted optimal target role.
步骤二: 用户向目标域发出访问请求, 目标信任域的请求处理模块根据用户经映射和转 换后获得的本地角色,査询授权策略库, 以此来判断用户是否具有相应的权限来获取某些资源 信息。  Step 2: The user sends an access request to the target domain, and the request processing module of the target trust domain queries the authorization policy library according to the local role obtained by the user after mapping and conversion, so as to determine whether the user has the corresponding permission to obtain some Resource information.
步骤三: 如果有访问权限, 则授予用户相应的资源, 否则拒绝用户的请求。 无论何种形 式, 最终都会根据用户的访问请求而产生相应的用户行为, 可以是一次成功的访问请求行为, 也可以是一次被拒绝的访问请求行为。  Step 3: If there is access right, grant the user the corresponding resource, otherwise reject the user's request. Regardless of the form, the user behavior will ultimately be generated based on the user's access request, either a successful access request or a denied access request.
步骤四: 存储用户行为, 如图 1中所示, 所执行的与信任相关的行为将记录到用户累积 行为库和用户行为评价数据库中。用户累积行为库为基于行为的角色转换提供行为变量值: 用 户行为评价库为声望反馈的角色映射提供行为评价向量。  Step 4: Store user behavior, as shown in Figure 1, the trust-related behaviors performed are recorded in the user cumulative behavior library and user behavior evaluation database. The User Cumulative Behavior Library provides behavior variable values for behavior-based role transitions: The User Behavior Evaluation Library provides behavior evaluation vectors for role mapping of reputation feedback.
所述用户累积行为库, 包括: 用户 ID、 行为变量名、 行为变量值。 其中:  The user cumulative behavior library includes: a user ID, a behavior variable name, and a behavior variable value. among them:
用户 ID作为主键, 本地信任域为每个用户分配一个唯一的 ID来作为标识。  The user ID is used as the primary key, and the local trust domain assigns each user a unique ID as the identifier.
行为变量名用于区分用户所执行的不同行为, 每一个行为变量都对应一个公式来计算出 用户执行该次行为的增量值, 累加到行为变量的原值上。 因此行为变量值是一个累计值, 作为 用户累积行为综合表现的依据。 所述用户行为评价库, 包括: 角色 ID、 用户 ID、 行为 ID、 行为累积执行次数、 行为评 价值。 The behavior variable name is used to distinguish the different behaviors performed by the user. Each behavior variable corresponds to a formula to calculate the incremental value of the user performing the behavior, and is added to the original value of the behavior variable. Therefore, the value of the behavior variable is a cumulative value, which serves as the basis for the comprehensive performance of the user's cumulative behavior. The user behavior evaluation library includes: a role ID, a user ID, a behavior ID, a behavior cumulative execution count, and a behavior evaluation value.
行为 ID作为主键,通过量化的数值为每一种行为设定信任标准,表现越好的行为定义越 高的信任值。  The behavior ID is used as the primary key. The quantified value is used to set the trust criterion for each behavior. The better the performance, the higher the trust value of the behavior definition.
行为累积次数记录某个用户执行该行为的次数, 从而能够统计出某个角色执行该行为的 总次数, 作为基于行为评价的声望统计的权重。  The cumulative number of behaviors records the number of times a user performs the behavior, so that the total number of times a character performs the behavior can be counted as the weight of the reputation statistics based on the behavioral evaluation.
行为评价值反映了该用户行为在过去某段时间内的整体表现。 通过行为累积执行次数和 该行为所定义的信任量化标准值计算而得。  The behavioral evaluation value reflects the overall performance of the user's behavior over a certain period of time. It is calculated by the cumulative number of executions of behavior and the value of the trust quantization standard defined by the behavior.
步骤五: 基于行为的角色转换。导入角色转换策略文件, 生成角色转换的有向图,如图 2 所示。每一条角色转换策略, 都属于有向图中的一条有向边。用户持有的初始本地角色集作为 转换的源端节点集合, 通过査询用户累计行为库中对应的行为变量值来判断转换条件是否成 立。  Step 5: Behavior-based role transition. Import the role conversion policy file to generate a directed graph of the role transition, as shown in Figure 2. Each role conversion strategy belongs to a directed edge in the directed graph. The initial local character set held by the user is used as the source node set of the conversion, and the conversion condition is determined by querying the value of the corresponding behavior variable in the user cumulative behavior library.
如图 1中所示, 转换的最终目的是最优目标角色, 即具有最高优先级的本地角色。 角色 转换过程中本地角色集是动态变化的,如果某条角色转换策略成立, 则移除该条策略的源端节 点所代表的角色, 添加该条策略的目标节点所代表的角色。  As shown in Figure 1, the ultimate goal of the conversion is the optimal target role, the local role with the highest priority. During the role transition, the local role set is dynamically changed. If a role transition policy is established, the role represented by the source node of the policy is removed, and the role represented by the target node of the policy is added.
所述角色转换策略文件, 包括: 转换策略的标识、 源端角色表达式、 目标角色、 角色优 先级、 行为变量表达式、 转换条件等内容, 其中:  The role conversion policy file includes: an identifier of a conversion policy, a source role expression, a target role, a role priority, a behavior variable expression, a conversion condition, and the like, where:
源端角色表达式是角色转换策略的输入端, 有两种形式, 单一角色或者由多个角色连接 而成的角色组。角色表达式中的每一个角色可以是信任域授予的本地角色, 或者是在信任域内 经过多次转换后的目标角色。  The source role expression is the input of the role conversion strategy. There are two forms, a single role or a role group connected by multiple roles. Each role in the role expression can be a local role granted by the trust domain, or a target role after multiple conversions within the trust domain.
目标角色是角色转换策略的输出端, 只能是单一角色的形式, 通过优先级来设定目标角 色。 每个目标角色都含有优先级, 优先级越高表明该角色的权限越大。  The target role is the output of the role transition strategy. It can only be in the form of a single role. The target role is set by priority. Each target role has a priority, and a higher priority indicates a greater authority for that role.
行为变量表达式是判断用户累积行为值的一组比较关系式, 其定义如下:  A behavior variable expression is a set of comparison relations that determine the user's cumulative behavior value, which is defined as follows:
(1)原子表达式 0 i<wnBV¾»: w)  (1) Atomic expression 0 i<wnBV3⁄4»: w)
AtomBVExpr := BV.V = C I BV.V > C I BV.V < C  AtomBVExpr := BV.V = C I BV.V > C I BV.V < C
其中, 表示具体行为变量的值, C为判别常量。  Where, represents the value of the specific behavior variable, and C is the discriminant constant.
(2)递归表达式 BVExpr := AtomBVExpr I AtomBVExpr Λ BVExpr (2) Recursive expression BVExpr := AtomBVExpr I AtomBVExpr Λ BVExpr
I AtomBVExpr v BVExpr I -^AtomBVExpr  I AtomBVExpr v BVExpr I -^AtomBVExpr
用户每次执行某个行为之后, 该行为变量的累计值会发生相应变化, 从而可能触发相关 的行为变量表达式真假的变化。  Each time a user performs a certain behavior, the cumulative value of the behavior variable changes accordingly, which may trigger a true or false change in the associated behavior variable expression.
转换条件是基于行为变量表达式的, 判断角色转换策略成立的依据。 当且仅当用户持有 角色转换策略中源端角色表达式中的所有角色, 并且转换条件中的行为变量表达式为真时,角 色转换策略成立, 用户才能获取转换后的目标角色。  The conversion condition is based on the expression of the behavior variable, and the basis for determining the role conversion strategy is established. The user can obtain the converted target role if and only if the user holds all the roles in the source role expression in the role conversion policy and the behavior variable expression in the conversion condition is true.
用 XML格式描述上述信息, 具体的 Schema定义如下:  The above information is described in XML format. The specific Schema definition is as follows:
<xs: schema xmlns:xs=Mhttp://www. w3.org/200 l/XMLSchemaM> <xs: schema xmlns:xs= M http://www. w3.org/200 l/XMLSchema M >
<!—原子表达式定义》>  <!—Atomic Expression Definition>
<xs: complexType name: ' 'AtomBVExprType , , >  <xs: complexType name: ' 'AtomBVExprType , , >
<xs:complexContent>  <xs:complexContent>
<xs: extension base= ' 'AtomExprType ">  <xs: extension base= ' 'AtomExprType ">
<xs: attribute name=MidM type= MB VidType 11 use=MrequiredM/> </xs:extension> <xs: attribute name= M id M type= M B VidType 11 use= M required M /></xs:extension>
</xs:complexContent>  </xs:complexContent>
</xs: complexTypo  </xs: complexTypo
<!»递归表达式定义 > <!»Recursive expression definition >
<xs: complexType name=MBVExprType "> <xs: complexType name= M BVExprType ">
<xs:sequence>  <xs:sequence>
<!»原子表达式 >  <!»Atomic expressions >
<xs: element name=MAtomBVExprM type= M AtomB VExprType 1 V> <! - 自反关系 -- > <xs: element name= M AtomBVExpr M type= M AtomB VExprType 1 V><! - Reflexive relationship -->
<xs: element name= 11 self relation" type= 11 onelogicType 1 V> <xs: element name= 11 self relation" type= 11 onelogicType 1 V>
<!"二元关系 >  <! "Binary relationship"
<xs: element name= 11 nextrelation" type= M twologicType 1 V> <xs: element name= 11 nextrelation" type= M twologicType 1 V>
<xs: element name= 11 BVExpr" type=MBVExprTypeM <xs: element name= 11 BVExpr" type= M BVExprType M
minOccurs="0"/> </xs:sequence> minOccurs="0"/> </xs:sequence>
</xs: complexTypo  </xs: complexTypo
<!--角色转换策略― > <!--role conversion strategy->
<xs: complexType name="TransformType">  <xs: complexType name="TransformType">
<xs:sequence>  <xs:sequence>
<!»源端角色表达式 >  <!»Source Role Expressions >
<xs:element nanie=MSourceRoleExpr" t pe= "PRidType 1 V> <!" 目标角色 > <xs:element nanie= M SourceRoleExpr" t pe= "PRidType 1 V><!"Targetrole"
<xs: element name:" Targe tRole" type=MPRidTypeM/> <! -转换条件 ~> <xs: element name:" Targe tRole" type= M PRidType M /><! -Conversion condition~>
<xs: element name=MBVExpr" type=MBVExprTypeM/> < xs:sequence> <xs: element name= M BVExpr" type= M BVExprType M /><xs:sequence>
<xs: attribute name=MidM type= 11 RTidType 1 V> <xs: attribute name= M id M type= 11 RTidType 1 V>
</xs: complexTypo  </xs: complexTypo
<! -角色转换策略集合 -> <! - Role Conversion Policy Collection ->
<xs: complexT pe nanie="RTTypeu> <xs: complexT pe nanie="RTType u >
<xs:sequence>  <xs:sequence>
<xs: element name= 11 Transform 11 type= 11 Transf ormType 11 maxOccurs= ', unbounded, 7> <xs: element name= 11 Transform 11 type= 11 Transf ormType 11 maxOccurs= ', unbounded, 7>
</xs:sequence>  </xs:sequence>
<xs: attribute name=MidM type= xs : string 1 V> <xs: attribute name= M id M type= xs : string 1 V>
</xs: complexTypo  </xs: complexTypo
<!--生成的角色转换原型结构 - > <!--Generated role conversion prototype structure ->
<xs: element name="RT" type="RTType"/>  <xs: element name="RT" type="RTType"/>
</xs:schema> 步骤六: 基于行为统计的声望计算。 如图 1所示, 映射到目标域角色的其他域角色对 应一组用户群, 其中每个用户会在目标域中执行不同的行为。 在用户行为评价库中以用户 ID 和行为 ID作为主键进行分类计算, 得出某个角色的行为整体评价值和行为执行总次数。 最终 计算出的角色声望值是一个基于用户行为的统计值。 </xs:schema> Step 6: Reputation calculation based on behavioral statistics. As shown in Figure 1, other domain roles mapped to the target domain role correspond to a group of users, each of which performs different behaviors in the target domain. In the user behavior evaluation library, the user ID and the behavior ID are used as the primary key for classification calculation, and the overall evaluation value of the behavior of a certain role and the total number of executions of the behavior are obtained. The final calculated character reputation value is a statistical value based on user behavior.
步骤七: 基于角色声望的信任委托关系调整。 如图 1所示, 经过某段时间内的用户行 为表现, 统计出的角色声望值会发生变化, 并反馈到角色映射策略上。角色声望值越高, 表明 对应的用户群执行了越多表现好的行为。描述信任委托关系的角色映射策略文件包含了所有其 他域角色与本域角色之间的映射关系,通过声望表达式来判断某条策略是否有效, 即是否允许 某个其他域角色映射到本域的某个角色,从而赋予该角色相应的访问权限。如果角色声望值达 到一定的触发值, 使得声望表达式判断为真, 则该条角色映射策略有效。  Step 7: Adjust the trust delegation relationship based on the role reputation. As shown in Figure 1, after a certain period of time, the calculated role reputation value will change and be fed back to the role mapping strategy. The higher the role reputation value, the more performance the corresponding user group performs. The role mapping policy file describing the trust delegation relationship contains the mapping relationship between all other domain roles and the local domain roles. The reputation expression is used to determine whether a certain policy is valid, that is, whether another domain role is allowed to be mapped to the domain. A role that gives the role access. If the role reputation value reaches a certain trigger value, so that the reputation expression judges to be true, the role mapping strategy is valid.
所述角色映射策略文件, 包括: 信任关系的标识、 外域角色表达式、 本域角色、 声望表 达式、 约束条件、 策略有效性标识等内容, 其中:  The role mapping policy file includes: an identifier of a trust relationship, an external domain role expression, a local domain role, a reputation expression, a constraint, a policy validity identifier, and the like, where:
角色表达式与角色转换策略中的源端角色表达式的形式一致, 含单一角色或者组角色。 声望表达式与角色转换策略中的行为变量表达式类似, 是由原子表达式递归而成的比较 关系式组。 其中, 每个比较关系式都是一个原子表达式, 根据角色声望值进行触发判断真假。  The role expression is in the same form as the source role expression in the role conversion policy, and includes a single role or a group role. A reputation expression is similar to a behavior variable expression in a role conversion strategy, and is a comparison relation group recursively derived from an atomic expression. Among them, each comparison relation is an atomic expression, which is triggered according to the role reputation value to judge true and false.
约束条件是角色映射策略的判断依据。对访问时段、 可访问的资源量、 证书时间有效性、 访问类型等作了限制。  The constraint is the basis for judging the role mapping strategy. Limitations on access time, amount of resources accessible, time validity of certificates, type of access, etc.
所述策略有效性标识是映射策略是否处于激活的状态, 当且仅当标识为真时该条策略才 是信任域中用于判断用户登录后所获本地角色集的依据。  The policy validity identifier is a state in which the mapping policy is in an active state. If the identifier is true, the policy is the basis for determining the local character set obtained after the user logs in the trust domain.
用 XML格式描述上述信息, 具体的 Schema定义如下:  The above information is described in XML format. The specific Schema definition is as follows:
<xs: schema xmlns:xs="http:〃 www.w3.org 2001/XMLSchema">  <xs: schema xmlns:xs="http:〃 www.w3.org 2001/XMLSchema">
<!--声望原子表达式定义 -- >  <!--Prestige atomic expression definition -->
<xs: complexType name= ' 'AtomRepExprType ' ' >  <xs: complexType name= ' 'AtomRepExprType ' ' >
<xs: complexContent>  <xs: complexContent>
<xs: extension base= "AtomExprType ' ' >  <xs: extension base= "AtomExprType ' ' >
<xs: attribute name="id" type="RepidType" use="required"/> </xs:extension>  <xs: attribute name="id" type="RepidType" use="required"/> </xs:extension>
</xs: complexContent> < xs:complexType> </xs: complexContent> <xs:complexType>
<!--一元逻辑符的定义 -- > <!--Definition of unary logic -- >
<xs:simpleType nanie= 11 onelogicType M> <xs:simpleType nanie= 11 onelogicType M >
<xs: restriction base= M xs : string" > <xs: restriction base= M xs : string">
<xs:enumeration value="yeslV> <xs:enumeration value="yes l V>
<xs:enumeration value=MnotM/> <xs:enumeration value= M not M />
</xs:restriction>  </xs:restriction>
</xs:simpleType> </xs:simpleType>
<! -二元逻辑符的定义 -- > <! - definition of binary logic -- >
<xs:simpleType nanie="twologicType M> <xs:simpleType nanie="twologicType M >
<xs: restriction base="xs:string">  <xs: restriction base="xs:string">
<xs:enumeration value=Mnonetf/> <xs:enumeration value= M none tf />
<xs:enumeration value=MandM/> <xs:enumeration value= M and M />
<xs: enumeration value=MorM/> <xs: enumeration value= M or M />
</xs:restriction>  </xs:restriction>
</xs:simpleType> </xs:simpleType>
<! 声望递归表达式定义 > <! Reputation recursive expression definition >
<xs:complexType name= "RepExprType 11 > <xs:complexType name= "RepExprType 11 >
<xs:sequence>  <xs:sequence>
<!" 原子表达式 >  <! "Atomic expressions >
<xs:element name= 11 AtomRepExpr 11 ty pe= " AtomRepExprTy pe 17> <!" 定义自反关系 > <xs:element name= 11 AtomRepExpr 11 ty pe= " AtomRepExprTy pe 1 7><!" Define Reflexive Relationships >
<xs:element name=Mselfrelation ty pe= f f onelogicType 1 V> <xs:element name= M selfrelation ty pe= ff onelogicType 1 V>
<! 定义与下一层表达式的递归二元关系 >  <! Define a recursive binary relationship with the next level of expression >
<xs: element name=MnextrelationM type= M twologicType 1 V> <xs: element name= M nextrelation M type= M twologicType 1 V>
<!"递归部分 >  <! "Recursive part"
<xs:element nanie=MRepExpru ty pe= 11 RepExprType 11 min Occurs = 1101 V> </xs:sequence> <xs:element nanie= M RepExpr u ty pe= 11 RepExprType 11 min Occurs = 11 0 1 V> </xs:sequence>
< xs:complexType>  < xs:complexType>
<! - 定义角色映射策略的基本结构 > <! - Define the basic structure of the role mapping strategy >
<xs:complexType name=MBasicCredentialTypeM> <xs:complexType name= M BasicCredentialType M >
<xs:sequence>  <xs:sequence>
<!"外域角色表达式 >  <! "Outside domain role expressions >
<xs: element name=MExternalRoleExpressionM <xs: element name= M ExternalRoleExpression M
type=MExRoleExprType , Ί> Type= M ExRoleExprType , Ί>
<!— 映射后的本地域角色— >  <! - mapped local domain roles ->
<xs: element name=MMappedRole 11 type=MprTypeM/> <xs: element name= M MappedRole 11 type= M prType M />
<!—约束条件— >  <! - constraints ->
<xs: element name= 11 Constraints 11 type=MConstraintsTypeM/> </xs:sequence> <xs: element name= 11 Constraints 11 type= M ConstraintsType M /></xs:sequence>
</xs:complexType>  </xs:complexType>
<!一角色映射策略》> <! A role mapping strategy >
<xs:complexType name= 11 CredentialType M> <xs:complexType name= 11 CredentialType M >
<xs: complexContent>  <xs: complexContent>
<xs: extension base=MBasicCredentialTypeM> <xs: extension base= M BasicCredentialType M >
<xs:sequence>  <xs:sequence>
<!— 声望表达式— >  <! — Reputation expression — >
<xs: element name=MRepExprM type= 11 RepExprType 1 V> <!—策略有效性的标识— > <xs: element name= M RepExpr M type= 11 RepExprType 1 V><! - Identification of the effectiveness of the strategy ->
<xs: element name=MActiveM type= M xs : boolean1 V> </xs:sequence> <xs: element name= M Active M type= M xs : boolean 1 V></xs:sequence>
<xs: attribute name=MidM type="CRidType" use=M required M/> </xs:extension> <xs: attribute name= M id M type="CRidType" use= M required M /></xs:extension>
</xs: complexContent> < xs:complexType> </xs: complexContent> <xs:complexType>
<!—角色映射策略集合 -- > <!—Role mapping policy collection -->
<xs:complexType name= 11 CredentialsType 11 > <xs:complexType name= 11 CredentialsType 11 >
<xs:sequence>  <xs:sequence>
<xs: element name= 11 Credential 11 type="CredentialType" <xs: element name= 11 Credential 11 type="CredentialType"
maxOccurs=MunboundedM/> maxOccurs= M unbounded M />
</xs:sequence>  </xs:sequence>
<xs: attribute name=MidM ty e = M xs : string 1 V> <xs: attribute name= M id M ty e = M xs : string 1 V>
</xs:complexType>  </xs:complexType>
<! -生成的角色映射策略原型结构 -- >  <! - Generated role mapping strategy prototype structure -- >
<xs: element name:" Credentials" type= 11 CredentialsType 1 V> <xs: element name:"Credentials" type= 11 CredentialsType 1 V>
</xs:schema>  </xs:schema>
本实施例实现了一种动态信任和授权方法, 结合角色和行为的表达方式, 引入基于行为 的角色转换和基于声望的信任关系反馈评估机制,从而增强了分布式多信任域环境下访问控制 的灵活性、 安全性、 可靠性, 有效地解决了网络系统服务中用户授权和资源管理问题。  This embodiment implements a dynamic trust and authorization method, and introduces a behavior-based role transition and a reputation-based trust relationship feedback evaluation mechanism in combination with the expression of roles and behaviors, thereby enhancing access control in a distributed multi-trust domain environment. Flexibility, security, and reliability have effectively solved user authorization and resource management issues in network system services.

Claims

权 利 要 求 书 Claim
1、一种在分布式多信任域环境下基于可计算信誉度的访问控制方法, 其特征在于, 包括 如下步骤:  A method for access control based on a computable reputation in a distributed multi-trust domain environment, comprising the steps of:
步骤一: 用户登录到目标信任域中, 通过角色映射和角色转换, 目标域会赋予用户的角 色集:  Step 1: The user logs in to the target trust domain, and through the role mapping and role conversion, the target domain gives the user a set of roles:
步骤二: 用户向目标域发出访问请求, 试图获取目标域中的资源信息;  Step 2: The user sends an access request to the target domain, and attempts to obtain resource information in the target domain.
步骤三: 目标信任域根据用户被授予和转换后的角色集和访问请求, 査询授权策略数据 库: 如果用户的角色集具有执行该请求的权限, 则授予用户相应的本地资源: 否则, 拒绝用户 的请求:  Step 3: The target trust domain queries the authorization policy database according to the role set and access request granted and converted by the user: If the user's role set has the permission to execute the request, the user is given the corresponding local resource: Otherwise, the user is rejected. Request:
步骤四: 根据用户行为的执行结果计算该用户的行为变量的更新值, 并更新累积行为库 中的用户行为变量值: 根据执行结果将该行为归并到某一信任标准的行为中, 并更新行为评价 库中该外域角色对应的用户行为执行次数:  Step 4: Calculate the updated value of the user's behavior variable according to the execution result of the user behavior, and update the user behavior variable value in the cumulative behavior library: According to the execution result, the behavior is merged into the behavior of a certain trust criterion, and the behavior is updated. Evaluate the number of user behavior executions corresponding to the foreign domain role in the library:
步骤五: 进行基于行为的角色转换;  Step 5: Perform a behavior-based role transition;
步骤六: 根据角色 H?来获取该角色对应的所有用户, 根据行为 //?对用户进行分类, 并 统计每个行为的评价值和执行次数, 生成行为评价向量, 最终通过不同行为的执行次数作为权 重, 以评价值作为权值, 计算出该角色的声望值:  Step 6: According to the role H?, all the users corresponding to the role are obtained, the users are classified according to the behavior ///, and the evaluation value and the number of executions of each behavior are counted, a behavior evaluation vector is generated, and finally the number of executions of different behaviors is performed. As the weight, the reputation value of the character is calculated by using the evaluation value as the weight:
步骤七: 根据角色声望值的改变, 以声望表达式作为判断条件, 调整与该角色相关联的 角色映射策略, 当且仅当角色声望值达到满足判别表达式时, 该角色映射关系才能成立。  Step 7: According to the change of the role reputation value, the reputation mapping is used as a judgment condition to adjust the role mapping strategy associated with the role, and the role mapping relationship can be established only when the role reputation value reaches the discriminant expression.
2、根据权利要求 1中所述的在分布式多信任域环境下基于可计算信誉度的访问控制方法, 其特征是, 步骤一中所述的角色集限定了当前用户在该信任域的上下文环境中的操作权限。 2. The method according to claim 1, wherein the set of roles described in step one defines the context of the current user in the trust domain. Operational permissions in the environment.
3、根据权利要求 1中所述的在分布式多信任域环境下基于可计算信誉度的访问控制方法, 其特征是,步骤二中所述的目标域的管理者限定特定角色对资源的访问时段、可访问的资源量、 负载限制、 访问类型。 3. The method according to claim 1, wherein the administrator of the target domain in the second step defines access to the resource by the specific role in the distributed multi-trust domain environment. Time period, amount of resources accessible, load limit, access type.
4、根据权利要求 1中所述的在分布式多信任域环境下基于可计算信誉度的访问控制方法, 其特征是,步骤五中所述的角色转换是以用户的初始角色集作为转换的源节点集, 査询角色转 换策略库, 针对每一条策略, 都会有相应的成立条件, 这些条件是由多个行为变量组成的表达 式: 根据行为 H?和用户 H?査询累积行为库中当前用户所对应的行为变量值, 当且仅当用户的 行为变量值满足判别表达式时, 该条转换策略才能成立, 用户获得了转换后的角色。 4. The method according to claim 1, wherein the role conversion described in step 5 is based on a user's initial character set as a conversion control method according to claim 1 in a distributed multi-trust domain environment. The source node set, the query role conversion strategy library, for each policy, there will be corresponding conditions for the establishment, these conditions are expressions composed of multiple behavior variables: According to the behavior H? and user H? query cumulative behavior library The value of the behavior variable corresponding to the current user, if and only if the value of the behavior variable of the user satisfies the discriminant expression, the conversion strategy can be established, and the user obtains the converted role.
5、根据权利要求 1或者 4中所述的在分布式多信任域环境下基于可计算信誉度的访问控 制方法, 其特征是, 从步骤五中所述的源节点集所能达到的转换后角色集中, 选取具有最高优 先级的目标角色作为最终的转换后角色, 同时更新用户所持有的角色集, 作为下一次用户请求 时的初始化本地角色集。 5. The access control method based on the computable credit degree in a distributed multi-trust domain environment according to claim 1 or 4 , characterized in that, after the conversion can be achieved from the source node set described in step five In the role set, select the target role with the highest priority as the final converted role, and update the role set held by the user as the initial local character set when the next user requests.
6、根据权利要求 1中所述的在分布式多信任域环境下基于可计算信誉度的访问控制方法, 其特征是, 步骤五中所述的基于行为的角色转换, 具体为角色转换有向图中最优路径发现, 涉 及角色转换策略、 角色转换有向图。 The method according to claim 1, wherein the behavior-based role conversion in the fifth step is specifically directed to role conversion. The optimal path discovery in the figure involves a role transformation strategy and a role transformation directed graph.
7、根据权利要求 6中所述的在分布式多信任域环境下基于可计算信誉度的访问控制方法, 其特征是, 所述的角色转换策略包含了源端角色表达式、 目标角色和转换条件这三个元素, 其 中: 7. The method according to claim 6, wherein the role conversion strategy comprises a source role expression, a target role, and a conversion in a distributed multi-trust domain environment. Condition these three elements, where:
源端角色表达式是角色转换策略的输入端, 有两种形式, 单一角色或者由多个角色连接 而成的角色组,角色表达式中的每一个角色可以是信任域授予的角色, 或者是在信任域内经过 多次转换后的目标角色:  The source role expression is the input of the role conversion strategy. There are two forms, a single role or a role group connected by multiple roles. Each role in the role expression can be a role granted by the trust domain, or Target roles after multiple conversions within the trust domain:
目标角色是角色转换策略的输出端, 只能是单一角色的形式, 并且为每个目标角色设定 优先级和变量阚值, 每个目标角色都含有优先级, 优先级越高表明该角色的权限越大: 每个目 标角色都含有多维变量, 其中每个变量值都用于描述该角色对应的某个具体行为的累计初始 值:  The target role is the output of the role conversion strategy. It can only be in the form of a single role. Each target role is assigned a priority and variable threshold. Each target role has a priority. The higher the priority, the higher the priority. The greater the permissions: Each target role contains multidimensional variables, each of which is used to describe the cumulative initial value of a specific behavior for that role:
转换条件是基于用户累积行为量化的一组比较关系式, 通过对每个行为的累计值限定阚 值来对用户的历史行为进行量化评估, 从而判断用户在信任域中是否有好的或者坏的表现记 录, 从而驱动角色转换。 The conversion condition is a set of comparison relations quantified based on the cumulative behavior of the user. The historical behavior of the user is quantitatively evaluated by limiting the accumulated value of each behavior to determine whether the user has good or bad in the trust domain. Performance records that drive role transitions.
8、根据权利要求 6中所述的在分布式多信任域环境下基于可计算信誉度的访问控制方法, 其特征是, 所述的角色转换有向图是角色转换策略集合的一种可视化表现形式, 用顶点集合、 有向边集合、 转换条件集合来描述, 其中: 8. The method according to claim 6, wherein the role transition directed graph is a visual representation of a set of role transition strategies in a distributed multi-trust domain environment. The form, described by a set of vertices, a set of directed edges, and a set of transformation conditions, where:
顶点集合中的每一个元素都是信任域定义的一个角色: 当某个顶点作为目标节点时, 角 色转换来自于该顶点所对应的输入有向边集合: 当某个顶点作为源节点时, 角色转换来自于该 顶点所对应的输出有向边集合:  Each element in the vertex set is a role defined by the trust domain: When a vertex is used as the target node, the role transition comes from the input directed edge set corresponding to the vertex: When a vertex is used as the source node, the role The transformation comes from the set of output directed edges corresponding to the vertex:
有向边集合由角色转换策略组成: 每一条边包含了源节点, 即转换前的角色, 目标节点, 即转换后的角色:每条有向边都对应转换条件和组属性,转换条件是该有向边通路的判断依据, 组属性标识该有向边的源节点是否属于组角色中的某一元素:如果组属性为空值, 则表明该有 向边就对应某一条角色转换策略: 如果组属性为非空值, 则表明该有向边和其余具有相同组属 性的有向边共同组成了某一条角色转换策略:  The directed edge set consists of the role conversion strategy: Each edge contains the source node, that is, the role before the conversion, the target node, that is, the converted role: each directed edge corresponds to the conversion condition and the group attribute, and the conversion condition is The judgment of the directed edge path, the group attribute identifies whether the source node of the directed edge belongs to an element in the group role: if the group attribute is null, it indicates that the directed edge corresponds to a role conversion strategy: If the group attribute is a non-null value, it indicates that the directed edge and the remaining directed edges with the same group attribute together constitute a role conversion strategy:
所述的有向图的角色转换过程结合了前向搜索和后向搜索两个过程: 前向搜索以用户所 持有的初始化角色集作为源节点集,通过对其中的每个节点的输出边进行基于行为的转换条件 的判断, 来获取目标角色节点, 并更新源节点集: 后向搜索从本地信任域中优先级最高的角色 开始, 通过判断其输入边基于行为的转换条件, 来获取源端角色节点, 并更新目标节点集, 每 一次后向搜索都按优先级从某一个角色开始,因此每一个目标节点集都源于后向搜索的一个起 始角色:  The role conversion process of the directed graph combines two processes of forward search and backward search: the forward search uses the initial set of characters held by the user as the source node set, and the output edge of each node is passed. The behavior-based transition condition is judged to obtain the target role node, and the source node set is updated: The backward search starts from the highest priority role in the local trust domain, and obtains the source by determining the input side based on the behavior-based transition condition. End the role node, and update the target node set. Each backward search starts with a priority according to the priority, so each target node set is derived from a starting role of the backward search:
当且仅当前向搜索的源节点集和后向搜索的目标角色集包含相同的角色表达式元素,则目 标角色即为后向搜索的起始节点。  The target role is the starting node of the backward search if and only the target character set currently being searched for and the target character set of the backward search contains the same character expression element.
9、根据权利要求 1中所述的在分布式多信任域环境下基于可计算信誉度的访问控制方法, 其特征是, 步骤六中所述的角色的声望值, 通过以下方法获得: The access control method based on the computable credit degree in the distributed multi-trust domain environment according to claim 1, wherein the reputation value of the role described in step 6 is obtained by the following method:
査找外域角色 Τ?对应的用户群, 其中的任一用户 i在过去的某段时间内执行了不同的 行为, 根据某个行为 所预设定的信任量化标准值 和累积执行次数 公式 7 , = « + (1- «) * (1 - 产-1计算出该角色对应的某一个用户的行为评价值 7L,其 中 "表示信任基因子, 表示递增因子, 随着 /¾·的增加, 7L会逐渐趋向于理想值 : Looking for a foreign domain role? Corresponding user group, any of the users i performed different behaviors in a certain period of time, based on the pre-set confidence quantization standard value and cumulative execution number formula 7 , = « + (1- «) * (1 - Production - 1 calculates the behavior evaluation value of a user corresponding to the character 7L, where "represents the trust gene, indicating the increment factor. As the /3⁄4· increases, 7L will gradually tend to the ideal value. :
7 , = « + (1— «) * (1 产— 1 , 以行为 H?为主键对不同的行为进行分组, 7 , = « + (1— «) * (1 production - 1 , Different behaviors are grouped by behavior H?
其中: 每条行为都对应 /2个不同的执行者:  Where: Each action corresponds to /2 different performers:
Tk =(∑Tkl)/n计算某个角色对应的行为 k的评价均值 7;; T k =(∑T kl )/n calculates the evaluation mean 7 of the behavior k corresponding to a character;
'■=1  '■=1
Qk =(∑Pk l) 计算行为 的执行总次数 ft: Q k =(∑ Pk l ) The total number of executions of the calculation behavior ft:
;=1 从而生成角色 对应的行为 A的评价向量: BEk = (R,Tk,Qk); 根据不同的行为 ID, 以每个行为的总执行次数 作为权重, 以行为的整体评价值 7 作 为权值, 加权统计 a个行为的综合评价值, 得出角色声望, 以下公式计算了角色 Ζ ?的声望;=1 to generate the evaluation vector of the behavior A corresponding to the character: B E k = (R, T k , Q k ); According to different behavior IDs, the total number of executions of each behavior is used as the weight, and the overall behavior The evaluation value 7 is used as the weight value, and the comprehensive evaluation value of a behavior is weighted and statistically calculated to obtain the role reputation. The following formula calculates the reputation of the role Ζ ?
R^(D.R) = (¾r, 。 R^(D.R) = (3⁄4r, .
10、 根据权利要求 1中所述的在分布式多信任域环境下基于可计算信誉度的访问控制方 法, 其特征是, 步骤七中所述的角色间信任关系的动态调整为: 每个信任关系 1, 都对应一个 声望表达式 作为其成立的条件, 如果 判断为真, 则 7有效, 否则 7无效, 并 査找 7关联的角色映射策略集中是否存在另一个信任关系尸成立, 如果都不成立, 则表明过 去的某个时段内角色对应的用户群总体行为表现不佳, 导致声望值降低, 本地信任域暂时撤销 了从该外域角色到本地域的信任关系。 10. The access control method based on the computable reputation in the distributed multi-trust domain environment according to claim 1, wherein the dynamic adjustment of the trust relationship between the roles described in step 7 is: Relationship 1, both correspond to a reputation expression as a condition for its establishment. If it is judged to be true, then 7 is valid, otherwise 7 is invalid, and it is found whether there is another trust relationship in the 7-linked role mapping policy set. If not, It indicates that the overall behavior of the user group corresponding to the role in the past period is not good, resulting in a decrease in the reputation value. The local trust domain temporarily revokes the trust relationship from the foreign domain role to the local domain.
PCT/CN2010/077303 2010-07-20 2010-09-26 Access method based on computable credibility in distributed multi-trust domain environment WO2012009877A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010230853.6 2010-07-20
CN 201010230853 CN101888341B (en) 2010-07-20 2010-07-20 Calculable creditworthiness-based access control method under distributed environment of multiple trusting domains

Publications (1)

Publication Number Publication Date
WO2012009877A1 true WO2012009877A1 (en) 2012-01-26

Family

ID=43074069

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/077303 WO2012009877A1 (en) 2010-07-20 2010-09-26 Access method based on computable credibility in distributed multi-trust domain environment

Country Status (2)

Country Link
CN (1) CN101888341B (en)
WO (1) WO2012009877A1 (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101931534A (en) * 2010-08-30 2010-12-29 中兴通讯股份有限公司 Management method and device of operator resource usage license
CN102387135B (en) * 2011-09-29 2015-01-28 北京邮电大学 User identity filtering method and firewall
CA2852916A1 (en) * 2011-10-17 2013-04-25 Intertrust Technologies Corporation Systems and methods for protecting and governing genomic and other information
CN102347958B (en) * 2011-11-18 2013-12-04 上海电机学院 Dynamic hierarchical access control method based on user trust
US9449185B2 (en) * 2011-12-16 2016-09-20 Software Ag Extensible and/or distributed authorization system and/or methods of providing the same
CN102611687A (en) * 2011-12-19 2012-07-25 上海华御信息技术有限公司 System and method for controlling access authority based on feedback
US10139789B2 (en) * 2012-03-02 2018-11-27 Philips Lighting Holding B.V. System and method for access decision evaluation for building automation and control systems
US10277521B2 (en) * 2013-06-04 2019-04-30 International Business Machines Corporation Authorizing an action request in a networked computing environment
US9413784B2 (en) * 2013-09-06 2016-08-09 Microsoft Technology Licensing, Llc World-driven access control
US9967319B2 (en) * 2014-10-07 2018-05-08 Microsoft Technology Licensing, Llc Security context management in multi-tenant environments
CN105590055B (en) * 2014-10-23 2020-10-20 创新先进技术有限公司 Method and device for identifying user credible behaviors in network interaction system
CN105589956B (en) * 2015-12-21 2018-11-27 东软集团股份有限公司 A kind of method and device of user's portrait
CN105871880B (en) * 2016-05-10 2018-11-06 华中科技大学 Across tenant access control method based on trust model under a kind of cloud environment
CN109701275B (en) * 2018-12-11 2022-04-22 北京像素软件科技股份有限公司 Operation interaction method and device based on network game shadow role
CN111343173B (en) * 2020-02-21 2022-08-26 腾讯云计算(北京)有限责任公司 Data access abnormity monitoring method and device
CN113542291A (en) * 2021-07-21 2021-10-22 国网浙江省电力有限公司电力科学研究院 Internet of things security access control strategy
CN114553487B (en) * 2022-01-22 2023-05-26 郑州工程技术学院 Access control method and system based on map
CN114567473B (en) * 2022-02-23 2024-01-09 南通大学 Internet of vehicles access control method based on zero trust mechanism

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1960255A (en) * 2006-09-21 2007-05-09 上海交通大学 Distributed access control method in multistage securities
US20070124579A1 (en) * 2005-11-28 2007-05-31 Jochen Haller Method and system for online trust management using statistical and probability modeling
US20090249050A1 (en) * 2008-03-27 2009-10-01 Datta Sham M System and method for establishing a trust domain on a computer platform
CN101645900A (en) * 2009-08-31 2010-02-10 国家信息中心 Cross-domain rights management system and method
CN101729321A (en) * 2009-12-22 2010-06-09 北京理工大学 Dynamic cross-domain access control method based on trust valuation mechanism

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2003250727A1 (en) * 2003-08-26 2005-03-10 Swiss Reinsurance Company Method for automated generation of access controlled, personalized data and/or programs
CN101136916A (en) * 2007-06-11 2008-03-05 夏莹杰 P2P transmission method based on roles and credit access control mechanism

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070124579A1 (en) * 2005-11-28 2007-05-31 Jochen Haller Method and system for online trust management using statistical and probability modeling
CN1960255A (en) * 2006-09-21 2007-05-09 上海交通大学 Distributed access control method in multistage securities
US20090249050A1 (en) * 2008-03-27 2009-10-01 Datta Sham M System and method for establishing a trust domain on a computer platform
CN101645900A (en) * 2009-08-31 2010-02-10 国家信息中心 Cross-domain rights management system and method
CN101729321A (en) * 2009-12-22 2010-06-09 北京理工大学 Dynamic cross-domain access control method based on trust valuation mechanism

Also Published As

Publication number Publication date
CN101888341B (en) 2013-02-27
CN101888341A (en) 2010-11-17

Similar Documents

Publication Publication Date Title
WO2012009877A1 (en) Access method based on computable credibility in distributed multi-trust domain environment
Shi et al. A blockchain-empowered AAA scheme in the large-scale HetNet
Xu et al. vchain: Enabling verifiable boolean range queries over blockchain databases
Tian et al. Block-DEF: A secure digital evidence framework using blockchain
Xiong et al. Enhancing privacy and availability for data clustering in intelligent electrical service of IoT
Bhatti et al. A trust-based context-aware access control model for web-services
Pang et al. Verifying completeness of relational query results in data publishing
Hei et al. A trusted feature aggregator federated learning for distributed malicious attack detection
EP1997029B1 (en) Method and System for Electing a Reference Point Controller
CN101395597B (en) Legacy device registering method, data transferring method and legacy device authenticating method
CN114465807B (en) Zero-trust API gateway dynamic trust evaluation and access control method and system based on machine learning
Wang et al. Trust and attribute-based dynamic access control model for Internet of Things
Sicari et al. Security&privacy issues and challenges in NoSQL databases
Arshad et al. Efficient and scalable integrity verification of data and query results for graph databases
To et al. Privacy-Preserving Query Execution using a Decentralized Architecture and Tamper Resistant Hardware.
Liu et al. A privacy-preserving resource trading scheme for Cloud Manufacturing with edge-PLCs in IIoT
Halder et al. Enabling secure time-series data sharing via homomorphic encryption in cloud-assisted IIoT
Lahiri et al. Identifying frequent items in a network using gossip
Ning et al. Modeling requests among cooperating intrusion detection systems
Cai et al. Distributed management of permission for access control model
Wang et al. A trust and attribute-based access control framework in internet of things
Al Solami Replication‐aware secure resource administration scheme for Internet of Things‐smart city applications
Zheng et al. Decentralized and Secure Cross-Domain Data Sharing Scheme Based on Blockchain for Application-Centric IoT.
Yang et al. Blockchain-Empowered Token-Based Access Control System with User Reputation Evaluation.
Li An anti-tampering model of sensitive data in link network based on blockchain technology

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10854907

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC OF 270513

122 Ep: pct application non-entry in european phase

Ref document number: 10854907

Country of ref document: EP

Kind code of ref document: A1