基于可信期望的跨域访问安全性研究

访问控制作为保护信息安全的主要手段，能够有效保证用户合法地访问网络资源。随着移动互联网的发展，跨域和跨系统等多域环境下的安全问题面临严峻挑战。为了满足云计算多域环境的访问需求，基于角色访问控制技术，提出一种适用于云计算多域环境的访问控制模型。该模型利用贝叶斯理论得出访问者的可信期望值，然后与预先设定的访问阈值进行比较，决定用户的访问请求是否被允许，且访问权限随着用户可信度动态变化而改变，避免了之前获得高信任值的用户因信任度变化而进行恶意攻击的风险。实验结果表明，提出模型不仅能减少高风险用户的访问请求量，且能满足为用户动态授权的需求。因此该模型可以有效解决云计算多域环境中的安全问题。

Study on cross-domain access security based on trusted expectations

As the main means of protecting information security, access control can effectively guarantee users'' legitimate access to resources. With the development of mobile Internet, security issues in multi-domain environments such as cross-domain and cross-system are facing severe challenges. In order to meet the requirements of cloud computing multi-domain environment, this paper proposed an access control model for cloud computing multi-domain environment based on role access control technology. The model used Bayesian theory to derive the trusted expectation value of the visitor, and then compared it with the preset access threshold to determine whether the user''s access request was allowed. The access permission also was dynamically change with the user''s credibility, which avoided the risk of malicious attack by users who had previously obtained high trust value due to the change of trust value. The experimental results show that the model can not only reduce the number of access requests for high-risk users, but also meet the demand for dynamic authorization for users. Therefore, the model can effectively solve the security problems in the multi-domain environment of cloud computing.