The Research Of The Workflow Access Control Temporal Policies Combining Model Based On Risk

As Internet developing,the storage of information becomes from the centralized to distributed.The compute environment that we faced is multi-domains containted distributed,heterogenous,autonomic and dynamic four characteris.Along with the increased and changeful requirements,more and more companies and users make use of resources in multi-domains.This is a new challenge to workflow security.In multi-domains,workflow may be make up of more subtask in non-domains.To ensure the execution security,workflow access policies is consisted of heterogeneous temporal policies in difference autonomic domains,and its requirement is special subjects can access special objects in perodic time or duration time.Subtask may have many access control policies in multi-domians and how to choose a policy has lower risk,high safety is very import to whole workflow security execution.XACML is the most popular policy description language.But there are exist two questions where it cann't express heterogeneous policies combining's temporal constraint systemly and conveniencely and cann't depict policies'risk level difference and policies combining's security level.GTRBAC describe policy temporal constraint completely and detailly.Based on one question, firstly the paper summarize temporal constraints into periodicity constraints and duration temporal completely based on temporal constraints introduced by GTRBAC and illustrate by graph.Secondly,it define periodicity temporal policy and duration temporal policy based on periodicity temporal constraint and duration temporal constraint and formalize two temporal policies.By analyzing these key features of the two kind of policies,these features of the corresponding element of temporal constraints are introduced in XACML to descripe temporal constraints of policies combination simplely and straightforward. It descibe graph instance by extensive XACML lastly.At the same time,this paper give the risk attributes'specific quantitative methods and the extended XACML by introduce the related characteristics of risk elements describe risk difference between policies.Then the paper give the policy combining algorithm based on risk and security level formal description after policies combination. By formalized testify policies combining based on risk that satisfy integrality,consistency and credibility of policy and analyze its safety, policies combining model based on risk satisfy autonomy and safety of policy's two important principle.Finally,the paper show the extended XACML can describe policies combining temporal constraint and risk difference between policies by online shopping example and gives the risk value of all kind of policies and derive the security policy model of the risk level of the overall strategy.