针对Web协同的授权用户风险评估方法

认证与授权平台可以很好地防止域外非授权的请求者对用户隐私或敏感数据进行恶意操作和暴露。但是,针对已授权的请求者可能的恶意操作与暴露存在威胁,基于令牌的认证与授权平台很难保护用户隐私与敏感数据。提出一种针对Web协同系统的授权用户风险评估方法,可以有效地防止已授权用户对用户隐私与敏感数据的恶意操作与暴露。利用实例分析了认证与授权平台存在安全问题,对授权用户风险进行建模。模拟实验说明了该模型的可行性与正确性。

RISK ASSESSMENT METHOD FOR AUTHORIZED USERS IN WEB COLLABORATION

The authentication and authorization platform can well prevent unauthorized requesters from malicious operations and exposure of users'privacy or sensitive data outside the domain.However,aiming at the threat of possible malicious operation and exposure for authorized requesters,it is difficult for token-based authentication and authorization platform to protect users privacy and sensitive data.This paper proposes an authorized users risk assessment method for Web collaboration system,which can effectively prevent authorized users from malicious operation and exposure of users’privacy and sensitive data.The security problem of authentication and authorization platform was analyzed by using examples,then we modeled the authorized users risk.We carried out simulation experiments to show the feasibility and correctness of this model.