Risk-based Dynamic Access Control System In Multi-domain Environments

In today's information and knowledge driven business environment, there is an increasing need to share information across traditional organizational boundaries and with partners to support informed decision making and to rapidly respond to external events,yet sensitive business information must be protected from unauthorized disclosure. Access control is a crucial security technology. It can control the legal users to sensitive resources effectively and ensure users to access relative resource. It can control the legal users to sensitive resources effectively and ensure users to access relative resource. The distributed, heterogeneous, autonomic and dynamic characteristics of distributed applications bring many new challenges to the access control technology.There are leaks existing in the permission distribution and delegation for the traditional access control based roles. Through introducing the concept of risk, this paper establishes an integrated theoretic framework. This paper represents access control policy and the ordering relation among roles based risk. The concept of risk distance is proposed, it made the security of access control polices can be compared according their various risk bands. It is able to ensure the executions of the policy are under theminimum risk. This method which introduces risk in access control can control the high risky authorization and delegation. And it can advance the security of the system.While the distributed systems are abstracted to the multi-domains, this paper proposes a method to formalize the policies of the interoperations in multi-domains. In this paper, proposes the properties of determinism, consistence and completeness for the interoperation security policies, which are the base of the conflict detection. This paper proposes a request-driven role mapping framework for secure interoperation in multi-domain environments.Based on the theory and research production mentioned above, a risk based multi-domain access control authorization system, is designed and implemented.This system can realize the automatically establishment of the role-mapping between different domain based the users'request expediently. This system can also resolve the conflicts of the role mapping among multi-domain effectively. Finally, we give performance analysis and evaluation through system experiment.