Research For Trust-based Access Control Of Service Computing

Service Computing is a new subject area which crossing the field of computers andinformation technology, business management, business services and so on. It is a directproduction of bridging the gap between commercial services and information technology withthe application of Service-oriented Architecture. The service which is structured according toSOA principles, due to its loose coupling of cross-organization and application program, makesit easier to expose the weaknesses or limitations of existed security implementation in suchenvironment, so if there is no good security mechanisms, it will threaten the application ofService Computing seriously. As one of the most important security technologies, access controlmechanism can safeguard the security of Service Computing application effectively. Byresearching and analyzing access control mechanism and trust mechanism, this article proposeddirectly trust, friend entity recommendation trust and strange entity recommendation to calculatethe trust value of interactive entities to determine trust grade of the entities, and only grantpermission to corresponding trust grade of trusted entities. By this, the entities’ interactivesuccess rate is improved; the security of Service Computing is enhanced.The main content of this article are:1. A comprehensive survey of Service Computing knowledge, the security problems it has,trust mechanism, and traditional access control technologies and their models.2. By researching and analyzing imperfections of the existed trust evaluation model, the authorgives a general conclusion that the trust evaluation has one-sidedness and low accuracy, as wellas the weaknesses which applied it to Service Computing environment; it proposed the basicrequirements of trust based access control technology design.3. By introducing the time decay factor, penalty parameter, and other objective factors toreflect the dynamic characteristics of entities’ trust change as the time and the behavior of entities.By introducing trust recommendation strength, recommendation credibility and recommendationuncertainty into Service Computing, it can reduce the affection to trust evaluation which is fromthe malicious recommendation of the malicious entities, reduces the bad effects of maliciousrecommendations from malicious entities in trust evaluation in Service Computing environment;4. This article proposed a Service Computing access control model based on multi-levelrecommendation based on the research of trust access control models. The model calculates thecomprehensive trust values using directly trust values, and friend entities recommendation trustvalues and strange entities recommendation trust values. And the comprehensive trust values arebasis of authorization decision to judge a service resources requestor is worth to be trusted or not,and which trust grade it belongs to. At last, the model grants the different strength of permissionaccording to the different trust grade, reaches the purpose of granting permission flexibly anddynamically, and it improves the interactive entities’ success rate, enhances the ServiceComputing application security.5. This article proposed and designed the architecture of access control system of ServiceComputing based on trust, described and designed the modules, and proposed security policies and process of system. The experimental results showed the effectiveness of the access controltechnology and its model.In the last part of dissertation, several issues for further in-depth research and explorationare given.