文章摘要
胡斌* **,赵晓芳*,宋永浩*,于雷*,段东圣***,张程*.基于合约的Web服务个性化访问控制方法[J].高技术通讯(中文),2021,31(9):901~909
基于合约的Web服务个性化访问控制方法
A smart contract based personalized access control method towards Web service
  
DOI:10.3772/j.issn.1002-0470.2021.09.001
中文关键词: Web服务; 信任评估; 个性化; 动态访问控制; 智能合约
英文关键词: Web service, trust evaluation, personalization, dynamic access control, smart contract
基金项目:
作者单位
胡斌* **  
赵晓芳*  
宋永浩*  
于雷*  
段东圣***  
张程*  
摘要点击次数: 891
全文下载次数: 575
中文摘要:
      在无中心Web服务环境中,用户访问服务的历史行为数据由多个服务提供方分散管理,难以形成全局的用户信任度视图,难以根据用户信任度和使用需求实施个性化的访问控制。本文提出一种基于智能合约的个性化访问控制方法(SC-PAC)。通过结合前期的研究成果为SC-PAC提供高质量的用户历史行为数据,实现有可靠数据保障的可信计算服务,通过智能合约中的策略配置及可信度计算模型参数调整,实现服务提供商(SP)对不同用户的个性化的访问控制。在实验环节为SC-PAC设计了一个新的信任模型,并对该信任模型及基于SC-PAC方法的访问控制进行了实验设计。对结果的分析表明,本文提出的SC-PAC方法能够允许SP通过智能合约中的计算信任模型、参数及访问控制策略选择,实现对用户的个性化访问控制,并且依据准确的用户历史行为数据提供更可靠的可信度判断,可以有效保护服务。
英文摘要:
      Trust based dynamic access control (TBAC) is one major technique on protecting service providers’ (SPs) resources. The personalized access control and the reliability of trust are the central problems of TBAC. To solve it, this paper proposes a smart contract based personalized access control method (SC-PAC). It introduces a smart contract-based access control procedure, which allows SPs to flexibly set the trust model, parameters, and the access control policies, to provide a customer-level personalized access control. Combined with the previous work, reliable behavior data of users are provided to ensure a reliable trust evaluation. A new trust model is designed in case study and experiments are designed to test this trust model and the SC-PAC method. The results of experiments show that the SC-PAC can provide a customer-level personalized access control compared with the traditional work and a more reliable trust evaluation through the accurate behavior data of users.
查看全文   查看/发表评论  下载PDF阅读器
关闭

分享按钮