Research Of Service Computing Security Model Based On Attributes And Trust Evaluation

Service-Oriented computing is a new computing discipline by the field of computertechnology, information technology, business services and business management. In servicecomputing environment, each agent is independent by building a relationship of trust to accesseach other effectively. Service-Oriented computing has characteristics of heterogeneous,dynamic, open, complexity, and these characteristics make anonymous malicious agents oruntrusted agents bring a large number of security threat to legitimate agent by false information.The security problem has become a key factor restricting healthy development ofService-Oriented computing. How to implement a mechanism to isolate malicious proxy inservices computing environment to minimize security threats brought about by malicious agents,is the main measures to solve the problem of service computing security. This paper includes thefollowing three aspects：(1) Research of Web service access control security in service computing environmentThe analysis of Web service system safety is the foundation of the research in servicecomputing environment. This paper analyzes the current security challenges of Web servicesystem, single sign-on system, studies solution of security, and to point out the problems in Webservice access control. This section includes: security problem of service computing; theinsufficiency in Web service access control system. Determine the final access control strategyaccording to trust value comparison of object; It don’t need to make any changes to realize thestrategy unified management,fine grain access control and resources authority management.(2) Attribute-based access control security model in service-oriented computingAccess control model is used widely, but difficult to adapt to characteristics of distributeddeployment, the agile interaction between service information and complex access controlstrategy, so Web service system access control model is still a problem to study. This part of theresearch content includes: the defect analysis of traditional access control model; attributes-basedaccess control model and its system structure; Pointing out the application advantages ofattributes-based access control. Define trust-based access control in service computingenvironment, the necessary concepts and relationship, then formally analysis authorization ofaccess control strategy and authorization decision-making mechanism in service computingenvironment.(3) Trust-based access control security model in service-oriented computingTraditional access control model is based on the identity of the subject for access control,the existing service computing access control model although owns more information for accesscontrol such as time, network status, however, it did not consider the change of historicalbehavior or credible degree, therefore this paper introduced trust management technology andtrust evaluation model into the service computing environment to compute services requestercredibility, and for agile, dynamic authorization according to the environmental context. The trust management is introduced into the access control to put forward a kind of new servicecomputing trust evaluation security model (SOC-TPM).The model introduced direct trust view,recommendatory trust view, recommendatory credit views and group credit view, and candistinguish general agent between authoritative agency. This weaken the influence of themulti-agent evaluation mechanism of malicious trust evaluation.