摘要： 在开放式环境中，用户和资源的高流动性会导致基于角色的访问控制(RBAC)模型在角色指派和权限控制方面异常复杂。为此，提出一种基于信任度的弹性RBAC模型。利用评价机制确定用户与资源间的直接信任度及资源之间的推荐信任度，综合2种信任度计算用户的信任度和资源的权威度，结合用户的访问记录，为用户分配合理的角色和权限，并采用加性增、乘性减算法动态调整实体的信任度，从而防止恶意行为。基于Query Cycle Simulator的实验结果证明，该模型可以保证评价的合理性和准确性。

关键词: 开放式环境, 访问控制, 评价机制, 信任度, 权威度, 基于角色的访问控制模型

Abstract: In open environment, the user nodes and resource nodes are variable, and it is almost impossible to check their priorities to access different kind of resources in the system in which the traditional Role Based Access Control(RBAC) model is adapted. To simplify the access control and standardize security strategy in open system, a flexible RBAC model based on trust degree is proposed. It uses the evaluation between the user node and resource node to calculate they direct trust, and employs the evaluation among the resource nodes to get the recommended trust of the resource nodes. Using the two trust values, together with the session history of user nodes and resource nodes, the system assigns the roles as well as its corresponding priorities for the user node flexibly. It adopts the Additive-increase, Multiplicative-decrease(AIMD) algorithm, which is widely used in TCP congestion control algorithm, in the trust evaluation to punish the node with malicious behaviors.

Key words: open environment, access control, evaluation mechanism, trust degree, authority degree, Role-based Access Control(RBAC) model

中图分类号: 

• TP309