2017 2nd International Conference on Computer Science and Technology (CST 2017) ISBN: 978-1-60595-461-5
Trusted PKI based Conflicts Resolution for
Multi-domain Access Control
Da-peng XIONG
1,a*, Liang CHEN
1and Peng WANG
11Academy of Equipment, Beijing, China
*Corresponding author
Keywords: Conflicts Resolution, Trusted degree, PKI, Access Control.
Abstract. In order to meet the requirements of cross-domain resource access under the premise of ensuring the security of multi-domain systems, it is necessary to take into account the security and usability of cross-domain resource access when eliminating the conflict of access control policies. This paper proposes a method of conflict resolution based on trusted PKI authorization. Firstly, the conflict resolution method based on trusted PKI authorization adopts the trustworthiness evaluation method to take a threat assessment of the users and operations involved in the conflict rule. Secondly, eliminate the conflict threats through the termination of domain role mapping and revoking access authorization, while adopting PKI authentication to ensure trusted cross-domain access to continue. Compared with the general conflict resolution method, the trusted PKI authorization based method takes full account of the contribution of inter-domain trust to security and the user's demand for cross-domain resource access.
Introduction
In multi-domain environments, the increasing frequency of cross-domain interaction is increasing, and the complexity of access control strategy continues to rise, while also increasing the risk of conflict. In the inter-domain interoperability, often there are two or more strategies because of the rules described by the description of inconsistencies, resulting in the implementation of the contradictory situation. Such conflicting access control policies can lead to erroneous access decisions, resulting in confusion between inter-domain data accesses, resulting in very low efficiency of the entire system, requiring significant amount of external memory, memory, and data transmission bandwidth [1]. Therefore, it is necessary to study the conflict detection technology of access control strategy and the effective mechanism of conflict resolution.
Related Work
The goal of conflict resolution technology for Multi-domain access control strategy is to eliminate the existence of conflict security strategy. Corresponding to the strategy conflict detection method, there are many ways to resolve the strategy conflict. In recent years, access control conflicts resolution technology is moving toward the direction of automation and intelligent, there have been many excellent results, but also exposed some problems.
Research Status
According to the stage of the digestion process can be divided into two categories: (1) in the implementation of the strategy before the detection and elimination; (2) in the implementation of the strategy to detect and eliminate.
The first is the most straightforward way to change the attributes of entity actions, access rights, etc., or to add additional constraint rules to make them no longer conflicting. But it is often difficult to find a potential conflict before a dangerous interoperation has yet to occur in the formulation of the strategy phase.
The second is to determine the conflict in real time when the system is running and to suspend the implementation of the conflict strategy, and then by modifying the security policy to eliminate the conflict conditions to ensure that the same conflict does not occur, this method is more convenient and practical. At present, the representative methods of conflict resolution are based on the directed graph model [2], the conflict resolution method based on rule state reasoning [3]. The method of conflict resolution is often used in conjunction with the conflict detection method, which is necessary to develop the appropriate strategy conflict resolution method according to the characteristics of the application scenario. Ni Jun [4] Oriented the Security Level Model Based on the knowledge reasoning method, a conflict resolution architecture of access control strategy based on strategy refinement is proposed. LU Jian-feng [5] The security and availability loss caused by the comprehensive measure elimination conflict strategy proposed a priority-based maximum consistency conflict resolution method.
Problem Analysis
proof of difficulties, restricting the automation and intelligent process of strategic security management.
In summary, the current information systems used in the access control mechanism are not the same, the consistency of the conflict detection often rely on the practice of human intervention. The research on the conflict resolution of the access control strategy is still at the stage of finding the temporary compensation of the problem, and the process of conflict resolution is more than the strategy of sacrificing usability for security, which has certain influence on the experience of information system. The conflict resolution technology for multi-domain access control strategy, which can take the security and availability into account, is still on the way.
Trusted PKI based Conflicts Resolution
This method is mainly composed of trust evaluation and PKI authorization. First, the trustworthiness of the conflict domain is evaluated to determine whether it is a malicious access request. If it is untrustworthy users or malicious access to refuse to authorize, revoke the role mapping. If it is a trusted user, use PKI authorization to ensure that cross-domain access requests continue. Then, based on the role of multi-domain access control strategy based on the introduction of PKI certificate authorization mechanism, in order to ensure the revocation of non-security role mapping edge while also enabling normal cross-domain access to exercise, we can be issued by issuing a certificate Authorization, that is, by the application domain to the applicant to issue a certificate of authority, so that the applicant can only have the role of the specified role without the role of other inheritance. Combined with the PKI certificate mechanism, we limit the user's authority in the local control of the scope, both to meet the needs of cross-domain access, while putting an end to the risk of disclosure of authority. The workflow is shown in Fig.1
Consistency
NO BEGIN
Conflicts Detector
Trust Evaluation
END PKI Authorize
Trusted YES
YES
NO Automatic adjust strategy
Pretreatment adjust strategyManually
YES
NO
Adjusted strategy Cross - domain
[image:3.612.189.427.429.633.2]mapping
Figure 1. Flowchart of Consecutive Conflict Resolution.
Threat Assessment Based on Trust Degree
The goal of the threat assessment is to determine whether there is a subjective threat in the subject of the conflict and whether it is a malicious access request, so as to provide the determine foundation for the subsequent conflict resolution process. We evaluate
the trustworthiness of the users asθut, and evaluate the threat of current access asθct.
The threat of the assessment conflict strategy can be measured as the comprehension of
user trustworthinessθut and access threatsθct. Is represented by the following formula.
[
(1 )]
total f ut ct
θ = λθ + −λ θ (1)
—θdt means to the User Trustworthiness, caculated in Eq. 3;
—θrt means to the Access Threat, calculated in Eq. 4.
The trust between nodes can be analyzed from the historical access behavior
information of the node. If the nodes x and y can interact directly, you can think of a
successful interaction as a positive feedback to the trust of the two, and vice versa.
Assuming that statistics take a total of n direct interactions in the history of nodes x and
y, where included success interaction u times, and failed interact v times. Assumes that
the historical statistics of the n events are subject to the Beta distributionBeta u v( , ), and
the posterior probability function is
( 2)
( | , ) (1 )
( 1) ( 1)
u v
u v
Beta u v
u v
θ
= Γ + +θ
−θ
Γ + Γ + (2)
The direct trust of nodes x and y can be defined as the probability of the success of
the (n + 1)th interaction, and the formula is
[
( | 1, 1)]
dt E Beta u vθ = θ + + (3)
Where θ >0 is the weight parameter and its value is related to the local domain
security policy and is stored in the authentication database?
Constructing the threat feature vector by selecting four characteristic attributes from
the access behavior involved in the current conflict strategy, Access Frequency f,
Security Degree of Source SRd, Initial Trust Degree Td, Threat threshold Ththre.
Frequency f is the number of historical accesses to the object resources in the current
strategy, and the Security Degree of Source SRd is positively related to the
confidentiality and importance of the resource. The threat of the resource i to the access
event j is calculated as follows:
1 1
( )
, ( )
( )
( ) (1 ) ( ) ( , ) ( ) , ( )
old old
old thre
n m
ct
i d i j d i old thre
i j
e
e Th
e
e f s SR s t T s e Th
μ θ
θ
θ δ θ δ ε θ
= = × < = × + − × × × × ≥
(4)Where θold( )e is the latest threat record of the entity. If θold( )e is below the threat
threshold Ththre, the risk attenuation factor is reassessed. While if θold( )e is higher
thanThthre. Combined with the above (3) and (4) can be solved by the two kinds of
Cross Domain Authorize Based on PKI
Public Key Infrastructure (PKI) is one of the most effective information security technologies in the network environment, which is based on the public key cryptography system for the application to provide encryption, authentication and other security services based on the basis and norms. The PKI uses a unified approach and provides a common security services to solve the common security problems faced by network applications, considered to be more reasonable and universal than traditional solutions.
The mechanism of PKI certificate authorization is introduced in the Role based multi - domain access control strategy. The goal is to revoke the non-security role mapping edge, and in order to make the normal cross-domain access to exercise, we issued a certificate by way to achieve controllable authorization, that is, by the application domain to the user to issue a certificate of authorization, Can only have the authority to specify the role without having other inherited roles.
Specifically, to revoke the non-security role mapping edge, and in order to make the normal cross-domain access to exercise, we issued a certificate by way to achieve controllable authorization, that is, by the domain to apply for the user to issue a role certificate, making the application can only have permission to target roles without having other inheritance roles. Combined with the PKI certificate mechanism, we limit the user's authority in the local control of the scope, both to meet the needs of cross-domain access, while putting an end to the risk of disclosure of authority.
Simulations and Performance Analysis
Based on the simulation experiments, we examine the validity of the proposed conflict-based solution (TPKI) method based on trusted PKI authorization from two aspects: security and availability. The experimental environment is a Lenovo notebook, the specific configuration is as shown in Table1.
Table 1. Experimental configuration.
CPU Memory Disk OS Language
Intel Core-i5 2.20
GHz
8GB DDR2 200GB Windows 7 JAVA
The simulation experiment system was written by Java, and invoked the Alloy solver [7] to simulate the strategy conflicts process. Alloy is a tool for analyzing object models.
The TPKI method is compared with the conflict resolution algorithm (POSS) based on the possibility logic algorithm(POSS)[8] and the conflict resolution algorithm (LEX) [9]based on the dictionary editing optimization algorithm. The following calculation is used to calculate the performance of Security (SSoD) and availability (AB) of strategy.
Figure 2. Comprehensive performance of Security and Availability.
In terms of safety and availability losses, TPKI's overall performance is ideal. Especially when the number of strategies is large, TPKI is significantly better than LEX and POSS.
Summary
Conflict resolution based on trusted PKI can meet the requirements of cross-domain resource access without violating the SSoD strategy. Compared with the general conflict resolution method, the contribution of inter-domain trust to security and cloud tenant Domain resource access requirements. This is a comprehensive policy inconsistency conflict resolution method, through a credible measure to reduce the risk of malicious cross-domain access, and through the PKI trusted to ensure cross-domain access needs. This method mainly adopts the following two aspects to optimize the technology: a. Based on the inter-domain trust assessment, to measure the need to remove the SSoD conflict strategy to resolve the conflict; b. A credible authorization scheme based on PKI authentication is proposed, To ensure that cross-domain resource access continues to be implemented within the controllable range after removing the conflict authorization policy.
Acknowledgement
This research was financially supported by National High Technology Research and Development Application of China (2012AA012902) and “HGJ” National Major Technological Projects (2013ZX01045-004).
References
[1] Chen, C., Yan, S., Zhao, G., et al. A Systematic Framework Enabling Automatic Conflict Detection and Explanation in Cloud Service Selection for Enterprises, International Conference on Cloud Computing. IEEE, 2012:883-890.
[2] Yao, J., Mao, B., Xie, L. A DAG-Based Security Policy Conflicts Detection Method, Journal of Computer Research & Development, 2005.
[4] Jun, N. I., Wuhan, Enshi. Research on Network Security Policy Refinement Consistency of Detection and Conflict Resolution Mechanisms, Computer Science, 2011, 38(2):32-37.
[5] Lu, J., Yan, X., Peng, H., et al. Optimized approach for resolving policy inconsistency conflicts, Journal of Huazhong University of Science & Technology, 2014.
[6] Housley, R., Polk, W., Ford, W., et al. Internet X. 509 Public Key Infrastructure: Certificate and Certificate Revocation List (CRL) Profile[J]. Heise Zeitschriften Verlag, 2002(4):184.
[7] Jackson, D. Alloy: a lightweight object modelling notation[M]. ACM, 2002. [8] Dubois, D., Lang, J., Prade, H. Possibilistic logic, Handbook of logic in artificial intelligence and logic programming (vol. 3), Oxford University Press, Inc. 1994:439-513.
