Access Control Decision Based On Reputation Values

In modern time, with the development of Internet, people have paid more attention to the security of network information and it’s obviously important to ensure the security of network information. Access control is one of the security service functions which are defined in network security system by international organization for standardization. As a method of resource protection, access control prevents unauthorized user from accessing resource and also prevents authorized user from accessing resource illegally.In recent years, there are more and more reputation service systems appear in the network. Reputation service systems could provide network users with reputation of what they want to access, in the same way, those systems offer the web site the reputation of users who visit the web sites. Both network users and web sites could estimate the risk and decide whether to continue to visit or accept access. From the above, the reputation as the important property of network entity could be one of the conditions of making decision during the decision-making process of access control.In the first part, this thesis introduces the related concepts and implementation technology of Web service. And it makes a short introduction of access control technology, including several access control models:discretionary access control (DAC), mandatory access control (MAC), Role Based Access Control (RBAC) and attribute-based access control (ABAC).In the next place, this paper recommends SAML and XACML, both of which belong to information security markup language. It studies their specific content and applications in the basis of introduction of these two languages.Finally, we apply SAML and XACML to establish an ABAC model combining with web service access control requirements and we introduce the system structure, implementation technique and implementation method of the model in detail. This paper shows how to take the attribute of reputation as discriminate condition and how to apply reputation to the access control decision-making in experiment.