The Research Of Access Control Model Based On Multi-dimensional Safety Assessment

In an open environment, the ubiquitous network allows legal end users easily access to specific information system to deal affairs or access information, but it is also a convenient way for illegal users connects to the network at any place and any time to conduct attacks or spread the viruses, which seriously threat the security of internal information systems.The access control technology is one of the important means of information system security protection. The current mainstream access control models are mostly adopt unitary authorization mode that only based on user's identity, and the user will be given appropriate role or authority once his identity is confirmed. The unitary authorization mode is proved that only meets the access control application that needs simple and low level security, and if the system grants permission to the subject that has hidden danger will bring a great deal of risk to the system. The current access control models do not consider the terminal's security and the variability of environment, and they also can not meet the security and affairs requirement of the sensitive information systems. So, the function of existing access control models needs to be extended.After researching on current access control models and security technology, this paper puts forward an access control model based on multi-dimensional safety assessment. First, the paper describes the proposed model, then introduces a specific algorithms of the context constraints, particularly analyzes the process of the role's state transformation, and by adding the context mechanism on the role authorization control makes the model better support the dynamic open environment. In the study of trust degree computation of multi-dimensional safety assessment method, For the user's identity is complex, the paper uses the probability of authentication means being compromised to calculate the authentication trust degree, which can be calculated and has rationality; for the user's behavior is difficult to determine, the paper uses the successful interaction probability that the user request to access the system in history as behavior trust degree, which adds punishment for the user that has illegal operation behavior; for the request terminal may have hidden danger, the paper uses a fuzzy hierarchy estimation method to assess the terminal trust degree, which can fully demonstrates the safety of the access terminal. Finally, this paper designs the prototype system of the proposed model and gives an example to validate the model, which proved the proposed model is effective and better.