Research On Key Techniques Of Trust Assurance Towards Cross-Domain Alliance Of Services

With the emergence and development of service-oriented architecture, enterprise information system has entered the era of service. Especially in recent years, the emergence of cloud computing, mobile computing and other new computing models has changed the mode of organization and management of information systems, but also makes the design and construction of information system break the traditional security boundaries, which brings the information security new challenges. Especially the attack means of socialization which use the lack of trust in service-oriented information systems are causing increasingly serious impact on the security of service-oriented information system. On the other hand, the exposure of“Prism”firstly makes the hacking which uses existing information systems’ vulnerability to listen, rise to the national level. This kind of incidents aggravate the crisis of confidence in current information systems.Service-oriented information systems currently lack the effective technical means to support the establishment of trust relationship based on socialized agreements and statues,which is difficult to effectively guarantee the accuracy of trust. In this paper, we direct at the trust issues existing in current service-oriented systems, aiming to provide accurate and measurable safeguard mechanism of trust for service-oriented systems, and probing into service-oriented trust models, techniques of trust measurement on service entities,trust assessment techniques of cross-domain collaboration service, and trusted third party techniques that support cross-domain collaboration service. The main research results include:1. We proposed a service trust assessment model that support cross-domain federation. Which combines the characteristics of the service collaboration that support crossdomain federation, and considering the characteristics of service entities, various aspects in service life cycle and inter-domain security policy. Analyzing the basic requirement of the process of dynamic trust establishment of cross-domain federation, formal describing the key concept of the service collaboration involving cross-domain federation. We presented a basic trust security model and further illustrated the embodiments of service entity life-cycle trust measurement model and service cross-domain federation trust assessment model to support the trust dynamic cross-domain delivery and combination of service.2. Design and implementation of a runtime trust measurement technology of service entities based on Java virtual machine. Selecting the most mainstream services development and deployment platform, studying the integrity mechanism for runtime control flow of service entities. Based on the operating mechanism of Java machine, especially the characteristics of memory management and running processes, we analyzed the defects and deficiencies of traditional control flow integrity mechanisms applied to the Java environment. We proposed CFI4 J, a control flow integrity security technology that support Java virtual machine relying on Jikes RVM. The functional testing and performance comparison showed that CFI4 J is able to effectively protect the control flow integrity of service entities under Java environment, improve the detection rate of attack and effectively assess the trustworthiness of a service entity.3. Design and implementation of control-oriented cross-domain collaboration trust assessment technology. We analyzed the structure and principle of usage control model,extracted key factors which is able to reflect the consistency between service provider and service requestor, established a control-oriented cross-domain collaboration assessment model. Further analysis of the specific architecture and language specification, we proposed control strategies and a conversion method of trust model, based on XACML language expression, and computing algorithms of dynamic trust assessment in a session. The test found that the trust assessment model of control-oriented service crossdomain collaboration is able to reflect the coincidence degree about the behavior of service providers and expectation from requestors better.4. Design and implementation of service cross-domain federation trust security framework based on dynamic root of measurement. Analysis of the security and demand of service trust assessment technology. We discussed the objects and modules which are need to be protected in the service trust assessment technology, and proposed an architecture of service cross-domain collaboration trust security based on Intel trust execution technology. We elaborated the design and implementation of security framework separately from key memory protection technology to key module trust certification, and further illustrated the principle and mechanism based on this security framework.The research above is specific to the demand of service-oriented information system,provide a complete trust assessment and security mechanism for service cross-domain collaboration when maintain availability and flexibility of existing mechanism, which is able to effectively support service-oriented information system to build and maintain,improve the ability of service-oriented information system to deal with non-traditional security threats.