摘要
现有的可信网络连接模型只对接入网络前的终端进行授权判断,缺乏接入网络过程中对终端的动态实时控制和自动调用网络接入授权判断,因而无法应对复杂多变的网络环境和突发的网络攻击。文章充分利用使用控制模型的属性可变性和授权决策持续性的优势,把可信网络连接和使用控制模型有机结合,将可信网络连接中远程证明机制评估远程用户的可信度作为系统在进行授权判断时的重要依据,提出了一种基于改进的使用控制模型的可信网络连接的全生命周期授权模型,保证了终端接入网络全生命周期的完整性。最后,基于该模型提供了电子消费领域的一个应用实例。
The terminal is only measured before it accessed network in existing trusted network connection model, and can not be measured in the process of accessing network, so it is unable to be supposed to the mutable complex network environment and the sharp-edged network attack. This article makes full of usage control model superiority, and unifies the usage control model and the trusted network connection. The trusted degree that remote attention mechanism evaluated is added to the process of authorization. A entire lifecycle authorization model of trusted network connection based improved usage control model is proposed, thereby ensure the integrity of terminals all lifecycle. In the end, a application is described.
出处
《计算机与数字工程》
2009年第8期118-123,共6页
Computer & Digital Engineering
关键词
属性可变性
过程中授权
电子商务
全生命周期完整性
mutability of attitude, authorization during process, E-commerce, integrity of entire lifecycle