| The service integration framework is a set of implementation schemes of service-oriented architecture(SOA),which can realize the reuse and sharing of application resources and meet the real-time requirements of information transmission.The existing service integration framework has two types of users: service developers and consumers.The requests of registration and update of service developers are processed by manual review,and the service consumers are managed in the form of access control lists for user rights.This management method will increase the complexity of system authorization management when the scale of users and services increase,and it is prone to permission assignment errors.In addition,the system only considers whether the user has the service authority granted by the system during access control.The authorization policy is statically fixed,and other dynamic factors such as whether the user's access behavior is malicious or not are not considered.The basis for access control decision-making is not comprehensive.Roles are introduced into this thesis between users and permissions to manage user permissions in response to the above problems,reduces management overhead,divides the dynamic factors that affect the results of access control in the system into different attributes,and adds the attribute decision-making process after user permissions are judged to determine the relevant whether the attribute conforms to the attribute control strategy,the result of whether the user request is passed is obtained according to the user authority judgment and the attribute decision.The main tasks of the thesis are:1.Aiming at the user characteristics of the service integration framework,a user authority management scheme is proposed based on the role-based access control model,which unifies the request processing process of service consumers and service developers in the system,and simplifies the authorization of system administrators' operations.2.Attribute management schemes and attribute control strategies is proposed.the dynamic factors of the system are divided into different attributes,and these attributes are used as the basis of access control decisions.Users must meet the requirements of relevant attributes on the basis of their service permissions,and solve the problem of relatively static access control decisions based on user privileges,which improves the security of the system.3.The trust value is introduced into the user attribute to reflect the change of the system's trust to the user in order to avoid the influence of malicious users on the system,and a trust management scheme is proposed.The subjective trust relationship is calculated to obtain the trust value,the identification of malicious users of the system realizes the safe and reliable operation of the system.4.The prototype system of the above scheme is designed and implemented on the basis of the original service integration framework,and the correctness and effectiveness of the above scheme is proved through related functional tests and performance tests. |
PDF Full Text Request