Dynamic cross-domain access control method based on trust valuation mechanism

An access control and dynamic technology, applied in digital transmission systems, electrical components, transmission systems, etc., to solve problems such as security loopholes, unreasonable authorization, and implementation difficulties

Inactive Publication Date: 2010-06-09
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF0 Cites 34 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In addition, after the traditional access control authorizes the entity that satisfies the conditions, it no longer cares about the behavior of the entity after authorization, which may lead to security holes. of users who are themselves malicious
In addition, traditional access control methods need to analyze security logs to find unreasonable authorizations, and then adjust their permissions through administrators, which is quite difficult to implement in a grid environment with many users

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dynamic cross-domain access control method based on trust valuation mechanism
  • Dynamic cross-domain access control method based on trust valuation mechanism
  • Dynamic cross-domain access control method based on trust valuation mechanism

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0167] Example 1: User E11 requests to download the file presentation.ppt:

[0168] First, judge whether the access user E11 is a legal user of the grid. If the user is not a legal user of the grid, the judgment result is returned to the client, and the visit is terminated. If the user is a legal user of the grid, the user submits a request for downloading the file presentation.ppt to the domain trust agent E. The domain trust agent E invokes the entity reputation value table, determines that the user has the right to access this resource, and returns the entities E12 and E22 that have this resource.

[0169] Because entities E12 and E22 with this resource are located in the same domain D as this user E , at this time, the method for determining the trust degree of access control in the domain is called to calculate the trust degree of the user and the entities E12 and E22 respectively, where the trust weight factor β=0.5. The user's trust degree to E12 is greater than its ...

example 2

[0170] Example 2: User E requests to download the file analysis.dll:

[0171] First, it is judged whether the visiting user E is a legal user of the grid. If the user is not a legal user of the grid, the judgment result is returned to the client, and the visit is terminated. If the user is a legal user of the grid, the user submits a request for downloading the file analysis.dll to the domain trust agent. The domain trust agent invokes the entity reputation value table, determines that the user’s entity reputation value is T3, and the role is T3, and determines that the user has the authority to download resources in the grid. According to the user’s request for downloading the file analysis.dll, the domain trust agent, Return all entities F, G that have this resource;

[0172] Since all entities that own this resource are in different domains from this user, the method for determining the trust degree of inter-domain access control is called to calculate user E and domain D...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a dynamic cross-domain access control method based on a trust valuation mechanism, belonging to the technical field of network security. The method is based on the subjective logic theory and sets a credit value for each entity in a grid by introducing the trust valuation mechanism into access control, wherein different entity credit values correspond to different roles, and each role is provided with the relative authority. According to the historic access activities of the entities in the grids and the trust policy, when the credit values of the entities are changed, roles of the entities in the grids are changed, thereby dynamically changing the access authorities of the entities. The dynamic cross-domain access control method based on the trust valuation mechanism is reliable, dynamic and extendable, and can effectively achieve safe and dynamic resource sharing among the grid entities under the grid environment.

Description

technical field [0001] The invention belongs to the technical field of computer network security, relates to a data grid security technology, in particular to a dynamic cross-domain access control method based on a trust evaluation mechanism. Background technique [0002] With the continuous improvement of security protection requirements of various application systems, correspondingly, these systems put forward higher requirements for the access control mechanism in security technology. There are three main modes of existing access control methods: discretionary access control, mandatory access control and role-based access control. [0003] Discretionary access control, also known as identity-based access control, can determine the access mode according to the identity and authorization of the subject. This method achieves multi-user authority isolation and resource protection to a certain extent, and is easy to implement. But its defects are also very obvious: the resou...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L12/56H04L29/06
Inventor 李侃郑军姚凤兰包成刚胡因可李伟孙新高春晓刘琼昕
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap