A cross-domain access control model based on trust measurement

Based on trust measurement, a new cross-domain access control model is proposed to improve the security performance of the cross-domain access control processes. This model integrates the trust management and trusted platform measurement, defines several concepts (user trust degree, platform configuration integrity and intra/inter-domain trust degree) and calculates them with users’ uniform identity authentication and historical access behavior analysis. Then this model expands the extensible access control markup language (XACML) model by adding inside trust manager point (ITMP) and outside trust manager point (OTMP), and describes the architectures and workflows of ITMP and OTMP in details. The experimental results show that this model can achieve more fine-grained access control, implement dynamic authorization in a simple way, and improve the security degrees of the cross-domain access control.

[1]  Nie Xiaowei and Feng Dengguo TXACML—An Access Control Policy Framework Based on Trusted Platform , 2008 .

[2]  Zhang Hong,et al.  TRBAC: Trust Based Access Control Model , 2011 .

[3]  Feng Dengguo Universal distributed access control decision middleware , 2008 .

[4]  Xie Si-jiang Trust level based secure interoperation model , 2012 .

[5]  Zhang Jianbiao,et al.  A trusted measurement scheme suitable for the clients in the trusted network , 2014, China Communications.

[6]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[7]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[8]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[9]  Li Xiao-feng Model for attribute based access control , 2008 .

[10]  Yi Huang,et al.  Study on Access Control Based on Trusted Computing , 2013 .

[11]  Elsayed E. Hemayed,et al.  Using trusted computing in trusted mail transfer protocol , 2014, Secur. Commun. Networks.

[12]  Wang Wei,et al.  Risk Evaluation of Complex Information System Based on Threat Propagation Sampling , 2015 .

[13]  Chao Wang,et al.  A Cross-Domain Access Control Method for Large Organizations , 2014 .

[14]  Punam Bedi,et al.  Trust-based access control for collaborative systems , 2014, J. Exp. Theor. Artif. Intell..

[15]  Ian T. Foster,et al.  A Flexible Attribute Based Access Control Method for Grid Computing , 2008, Journal of Grid Computing.

[16]  Jan H. P. Eloff,et al.  Web services access control architecture incorporating trust , 2007, Internet Res..

[17]  Song Guo-fen A Security Access Control Model Based on User Behavior Trust under Cloud Environment , 2013 .

[18]  Yichun Liu,et al.  Trust-Based Access Control for Collaborative System , 2008, 2008 ISECS International Colloquium on Computing, Communication, Control, and Management.

[19]  Jiang Li-min Research on trust measure and management for open distributed systems based on dynamic grouping , 2015 .