The Research Of Cross-Domain Usage Control (UCON) Model In Web Services

Access control in Cross-Domain Web Services has the characteristics of dynamic and openness which have brought uncertainty to access authorization. And the diversity of access control model causes the inconsistency of access control strategy. As a result, security risks of Web Services get enlarged. Therefore, a kind of unified cross-domain access control model is rightly needed to accommodate a variety of authorization strategies in order to ensure the security of Web Services.The present traditional authorization models for access control are DAC (Discretionary Access Control) based on access control list, MAC (Mandatory Access Control) based on security level, and RBAC (Role-based Access Control). Because of the diversity of traditional access control models, it is difficult to effectively judge whether the service requester has the access authority in cross-domain services as well difficult to solve the authorization troubles during cross-domain accesses. As the trust relationship between the service requesters is uncertain, it is necessary to strengthen the agility and rationality of current trust degree evaluation. Therefore, the thesis firstly puts forward a kind of threshold evaluation model based on fuzzy theory for service trust degree after it has brought evaluation arithmetic based on fuzzy theory into Web Services. What's more, rules and objects of evaluation are expanded, and rationality and agility of evaluation models are strengthened; Secondly, cross-domain transformation arithmetic and process are put forward combining with evaluation models. It equivalently transforms those models of different access control domains into the scope of cross-domain usage control models so that authorization operations during cross-domain access get greatly simplified; Finally, a kind of trust management mechanism based on feedback and time decay is put forward combining with cross-domain usage control models to encourage service requesters to provide honest access control behaviors, so that the security of Web Services get guaranteed and the feasibilities of cross-domain models and trust management mechanism get separately proved by means of samples and simulative experiments.