| Multi-domain secure interoperations provide the largest resource and service shareing in distributed environment and improve the performance and the efficiency of the system.More and more large scale distributed systems have been divided into multi autonomy domains or security domains, called multi-domain systems, to realize secure management and control through secure interoperations. It has been a hot issue in access control area. Multi-domain secure interoperation technology has been widely used in many application areas, such as government, army, finance and medical treatment.With welling up of many new applications in large scale distributed systems, the multi-domain environment has been changed for recent years: the large amount of requests cross domains, the increasing number of domains and the heterogeneous degree between domains.The trust risks and security vulnerabilities triggered by these changes have proposed challenges to current multi-domain systems. Therefore, we need new technologies supplying more autonomous and cooperative to adapt such developments, not only in identity authorizing and trust management, but in role mapping and strategy integration. It has important academic significance and application values.In view of large amount of requests from foreign domains, a simple decision of "trust" or not is too insufficient to deal with potential intrusions, such as authorization risk or illegal accesses. A self-adaptive secure interoperation module based on trust-level is proposed which protects negotiation parts disclosure of credentials in privacy and security. Detecting unknown network events with a self-adaptive mechanism, the tolerance to deal with abnormal situations and accidents is improved. Moreover, it automatically adjusts and monitors a user's trust-level, which can effectively prevent resource sharing among domains from malice intrusions or potential security threatens.To solve the negative impacts of the SERAT module on cross domain role mappings to local domain role hierarchy, an inter-domain mapping based on role ranking module is proposed. It can effectively avoid the circle inherit conflicts and the security problems of broadcasting the authorization information. With a global role rank maintaining the original role hierarchy of each domain, the mapping subjects can be compared at the same level. So the initialized role in the home domain can be correctly mapped to the goal role in the target domain. The security and autonomy of each domain is preferably kept with the inter-domain mappings.In multi-domain environment, there are different access control systems to maintain security and autonomy between domains. And different access control systems use diverse modules, syntax, schemes, data markers and constraints to express their own policies. Describing access control policies at semantic level is an effective method to avoid conceptual and logical conflicts in multi-domain policies integration. In view of domain ontology, a secure policy integration method based on ontology similarity is proposed. Using a machine learning algorithm of Bayesian, it can self-adaptively construct a secure multi-domain interoperation model to satisfy the autonomy and cooperation of all domains.Heterogeneous conflict detecting and disposal is the chief goal of multi-domain interoperation strategy integration. Manual detecting increases the occurance probability of other conflicts and decrease the security of system. For the expressions of conflicts have the features of first-order predication logic, we proposed a self-adaptive conflicts detecting method based on first-order logic. It can automatically judge the kind of conflicts and adopt corresponding measure in process of strategy integration, resolving the seurity risks of manual participation.As we known, a mass of temporary redundancy information may disturb new strategies and make the final integration sytem much more huge and complex. The integration process need optimize. We discuss the optimized method through integration order, concising conflicts detecting process and evaluating balance threshold to improve the self-adaptive ability and performance of the multi-domain strategy integration system.
|
PDF Full Text Request