Research On Risk Based Multi-domain Security Strategy And Security Validation Model

As the rapid development of distributed systems and network technologies security access control models which apply to the situations are presented and gradually abstracted to the general ones of strategies. These models are comprehensively used in environments with distributed heterogeneours systems. The current typical access control model is Role Based Access Control model, which is not applicable to permission management in multi-domain environment and is not able to meet the requirement of security maintenance well.Aiming at credit and risk problems related to mapping relations based secure inter-operation of application level of users and roles among different domains in multi-domain environment this paper introduced a risk based dynamic access control model for multi-domain secure inter-operation. Quantifying credit between domains and adding risk factor in traditional role based access control strategy makes it dynamic. The introduction of risk is able to settle the problems in multi-domain environment where resource owners and askers perhaps belong to different domains. The real-time attribute of multi-domain can be abstracted through dynamic regulation strategies of risk rank, in which strategy model analyzes and controls its process.On the basis of above this paper established a security analysis and validation model to risk based role access control strategy and presented a risk based security validation system in multi-domain. The former is based on state-transition system and guides system behavior and maintains system critical security attributes by creating and analyzing security analysis instances with combination of the latter. Depending on analysis, it is conceivable that risk based role access control strategy and its security analysis and validation model are applicable to access control applications in multi-domain environment and are able to settle well the problems of inter-operation and security ensuring in heterogeneous systems resulting from multi-domain.