Research On Key Techniques Of Access Controls For E-Service

With the development of e-services, the study of the access control in the e-service environment is paid more and more attention. In addition to denying the unauthorized access, access control for e-services should meet the special requirements with the characteristics brought by the service such as to adapt to different network architectures, different services relationship, and a variety of individual and service provider requirements to provide safe, reliable, flexible and grading access to services. This thesis is intended to contribute on this domain and mainly involves the following hot issues in the tourism e-service as a typical application scenario. The research content and main contributions of this thesis are as follows:1. Based on the description of the service concept and summarization of common features of e-services, the problems of the access control produced in e-service environment including trust, dynamic, intelligent, distributed, the scale and so on are analyzed in detail.2. For the realization of the dynamic service binding and personalized assessing in e-service environment, we proposed a novel RBAC extended model based on the entity state and context constraints. This model can adjust to the external environment and internal constraints, which is used to make up the access control implementation model of service-oriented application and realizing the grading access to the services with the binding of service provider dynamically. The simulation experiment of the tourism e-services shows that the model can meet the personalized access requirements.3. In e-service environment, it is an important way to realize dynamic service by service selection and adjustment according to the context constrain. In order to select service according to the context, we discussed the service constraints in services alliances relationship and then pointed out that the adjustment of context constraints should also be dynamic in this model. So, we proposed a new access control model based on the context-aware and rules reasoning in service alliance, which resolves the intelligence of dynamic constrain conditions'adjustment within service. We exemplified the rule definition and exception handling in the certificate of tourist guide services of this model. Finally, in order to address the security issues of context-aware information transmission, a lightweight context-aware information encryption and signing protocol based on IBE is designed and its security is analyzed. The computing performance experiment of information encryption shows this protocol in limited circumstances is feasible also.4. Using trustworthiness as the threshold for access control is an important way in open e-services environment now. But the delegation relationship is not always included in the existing trust calculations, which easily lead to the possibility of collusion attack. So, we defined the delegation relationship, the delegation trustworthiness and its feature by analyzing the delegation scene in tourism e-service. A novel trustworthiness calculation based on the service-oriented delegation relationship is proposed. The delegation trust calculation is carried on three aspects: local trustworthiness, delegation trustworthiness and the recommendation value of collaboration domain. Base on this delegation trustworthiness, an extended UCON access control model is proposed. The extended UCON access control model encourages the delegation entity to improve the service quality and reduce the possibility of collusion attack in the environment with delegation relationship.