Research On Access Control For Distributed Services In The Military Enterprise Condition Assurance System

The Military Enterprise Condition Assurance System is the distributed services system for thewhole construction process management of the military projects. Because of the characteristics ofopen, highly dynamic and uncertain user behavior, it’s very difficult to ensure the security of Webservices. As one of the five major security technologies, access control mechanism can effectivelyprevent the Web services resources from the access of unauthorized users. The traditional accesscontrol models can’t meet the requirements for the authorization of Web services system, so it’s verynecessary to establish an efficient, safe and reliable access control mechanism oriented Web servicesfor the Military Enterprise Condition Assurance System.According to the access control requirements for the Military Enterprise Condition AssuranceSystem, this paper designs the access control mechanism oriented Web services. The access entity ofWeb services is divided into two categories with different characteristics, including register entity andstrange entity. A TRBAC-based Dynamic Multilevel Web Services Access Control (DWMSTRBAC)Model is proposed for register entity. The model introduces Web services and their attributes intoresource category and designs three levels control mechanism of resources. The constraint rules areextended and strictly defined. Through the Role Actor and Task Manager, the model achievesfine-grained, strict and safe authorization. A Trust-based Dynamic Web Services Access Control(DWTBAC) Model is proposed for strange entity. By introducing objective factors such as timeweighting factor, interaction context, recommendation level and recommendation strength, itimproves the trust value calculation method and achieves partial authorization according to the threeelements mapping relationship among trust interval, trust level and permission strength. To restrainthe malicious behavior and force the entity engaged in the best integrity interaction, it proposes adirect interaction experience value updating algorithm based on the punishment mechanism accordingto the quality of services. The simulation results show the effectiveness of the algorithm.Finally, the access control mechanism oriented Web services is implemented and applied in theauthorization management subsystem of the Military Enterprise Condition Assurance System. Thepractice indicates that the mechanism can solve the access control problem of register entity andstrange entity and then ensure the security of Web services.