TELKOM
NIKA
, Vol.11, No
.1, Janua
ry 2013, pp. 417
~42
4
ISSN: 2302-4
046
417
Re
cei
v
ed Au
gust 13, 20
12
; Revi
sed
No
vem
ber 1
2
, 2012; Accepte
d
No
vem
ber
26, 2012
Role-based Trust Management Model in Multi-domain
Environment
Xianchen Gu
o
1,2,
Jun Zheng
1*
, Qikun Zhang
1
, Hong
chang Liu
1
1
Beijin
g Ke
y L
a
borator
y of Inte
llig
ent Informati
on,
Schoo
l of Comp
uter Scie
nce an
d T
e
chnolo
g
y
,
Beiji
ng Institute
of
T
e
chnolo
g
y
, Beijin
g, 100
0
81, Chi
na)
2
T
he 6th Rese
arch Institute o
f
China El
ectr
o
n
ics Cor
porati
o
n, Beiji
ng, 10
0
081, Ch
in
a
*Corres
p
o
ndi
n
g
author, e-ma
il:
zh
engj
un
@bit.edu.
cn
A
b
st
r
a
ct
Based
on th
e i
n
-de
p
th a
nalys
is of issues
in
dR
BAC
mo
de
l, w
h
ich incl
ud
e
the lack
of co
mmiss
i
o
n
depth c
ontro
l i
n
distri
bute
d
e
n
viro
nment, th
e in
efficie
n
cy o
f
cascadi
ng r
e
v
o
catio
n
of the
author
i
z
a
t
io
n r
o
les
and th
e i
n
ca
pa
bility
of ju
dgi
ng
w
hether the
commissio
n
vi
ol
ates
the princ
i
ples of
RBAC
mo
de
l bef
ore it
i
s
don
e, this pa
p
e
r prop
ose
d
MD-dRBAC M
o
d
e
l, desi
g
n
ed trust ma
nag
e
m
e
n
t mec
han
is
m for MD-dRBA
C
Mode
l, w
h
ich w
a
s used to contro
l the acc
e
ss, establis
he
d the cr
edib
l
e
authority co
mmiss
i
on tree a
n
d
finally
pro
pos
e
d
the
detectio
n
al
gorit
h
m
f
o
r
implic
it auth
o
r
i
ties u
pgra
d
i
n
g
to avoi
d vi
ola
t
ion of th
e le
a
s
t
privil
eg
e pri
n
ci
ple i
n
RBA
C
mo
de
l Extensi
v
e securi
ty
an
d perfor
m
ance
ana
lysis sh
ow
that the pro
p
o
se
d
sche
m
es ar
e hi
ghly effici
ent a
nd secur
e
.
Key
w
ords
:
MD-dRBA
C
; trust m
u
lti-do
m
a
in; author
ity com
m
i
ssio
n
tree; im
plicit
upgrade
Copyrig
h
t
©
2013
Univer
sitas Ahmad
Dahlan. All rights res
e
rv
ed.
1. Introduc
tion
With the ra
pi
d develop
me
nt of Internet, the
form of reso
urce
sha
r
i
ng ha
s be
en
greatly
cha
nge
d: from clo
s
e
d
, centralized
manag
em
e
n
t and rel
a
tively static local com
puting
environ
ment
s, expanded to open, decentrali
zed
au
tonomy and dynamic
coll
aborative inter-
domain com
puting enviro
n
ment. The cha
nge
s have led to a
lot of challeng
es, mainly in the
acce
ss
pro
g
ress to sh
are
d
re
sou
r
ce, inclu
d
i
ng the
manag
eme
n
t of use
r
’s a
u
t
henticatio
n, the
formulatio
n of authorizatio
n policie
s an
d other
trust manag
eme
n
t tasks1, 2. T
hus, the access
control of share
d
re
sou
r
ce
s has be
come a
n
important re
se
arch
topic i
n
the dynamic
colla
borative multi-dom
ain
environ
ment. No
w, a mature
way to solv
e this pro
b
le
m is to use trust
manag
eme
n
t system.
dRBAC (Di
s
tributed
Role
-Based A
cce
ss Cont
rol)
m
odel is
p
r
op
o
s
ed by Fre
u
denthal,
whi
c
h u
s
e
s
P
K
I to identify the u
s
ers’ id
e
n
tities
an
d co
mmissioni
ng
certificates, in
orde
r to
cont
rol
the cro
s
s-d
o
m
ain acce
ss of shared source
s in
a dynamic
colla
borative envi
r
onm
ent. To a
certai
n
cro
ss-dom
ain Inte
rnet a
ppli
c
ation sy
st
em,
dRBAC i
s
a
scalabl
e, d
e
ce
ntrali
zed
trust
manag
eme
n
t and a
c
cess
control me
ch
anism
s, in which
role
s def
ined in a
cert
ain dom
ain could
be assig
ned t
o
role
s in oth
e
r dom
ain
s
transitively.
dRBAC mo
d
e
l is a distrib
u
ted trust ma
nagem
ent an
d access con
t
rol mech
ani
sm with
good
scala
b
il
ity, which h
a
s
the follo
win
g
thre
e featu
r
es: thi
r
d
-
pa
rty commi
ssi
o
n
, the value
of
prop
erty, bo
okin
g of the certificate.
Ho
weve
r, d
R
BAC model
also h
a
s
so
me sho
r
tcom
ings,
inclu
d
ing the
followin
g
asp
e
cts:
①
La
ck of control on
third-party commissio
n d
epth;
②
Becaus
e
of the ways
of commi
ssi
o
n
manag
eme
n
t, commiss
i
on ch
ain ma
y form a ring
, but there is no
discu
ssi
on ab
out how to av
oid the rin
g
3
;
③
There m
a
y be pro
b
le
m of implicit enha
ncement
of
role
s’ autho
rit
i
es, whi
c
h i
s
contrary to the role
s’
hie
r
a
r
chi
c
al
relatio
n
shi
p
s in
RBAC model 4,
5;
④
Use
RBAC model to manag
e the domain
s
, but
there is no detectio
n
for the principl
e
o
f
sep
a
ratio
n
of duties 6, 7.
In this pape
r, aimed at the above pro
b
l
e
ms, a rea
s
o
nable solutio
n
would b
e
p
r
opo
se
d
based on th
e
deeply an
alysis of the
cu
rrent d
R
BAC t
e
ch
nolo
g
y de
velopment, to
further expl
o
r
e
and to pro
m
o
t
e dRBAC to safer, mo
re p
r
acti
cal di
re
ction.
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
2302-4
046
418
Role
-ba
s
e
d
T
r
ust Ma
nag
e
m
ent Model in
Multi-dom
ai
n Environm
ent (Xianchen
Guo)
2. Mult
i D
o
main-
d
RBAC
model
2.1 MD-dRBAC Tr
ust Mo
del
The Bayesi
a
n
deci
s
io
n theory: Assumi
ng
the overal
l proba
bility distributio
n is
(,
)
f
x
,
is the
un
kno
w
n p
a
ramet
e
r, sample
dra
w
n from
the overall i
s
X
1
,…X
n
, param
eter
estimation
ca
n be derive
d
as follo
ws by
usin
g the sa
mple and
8.
1) Bayesian
E
s
timation
(a). Ta
ke the unkn
o
wn para
m
eter
as a random variabl
e (or random vecto
r), and befo
r
e
sampli
ng take the alread
y known info
rmation of
as prio
ri kno
w
ledge. Use a certain
probability di
stribution
()
h
to rep
r
e
s
ent
su
ch a
pri
o
ri
knowl
edge,
a
nd this prob
ability
distrib
u
tion
()
h
is called th
e
“pri
ori
distri
bution”
of
. This
distri
but
ion refle
c
ts the
prob
ability di
stributio
n of t
he informatio
n obtain
ed a
bout the u
n
known pa
ram
e
ter
before
experim
ent.
(b)
Define the di
stributio
n fun
c
tion
1
(
,
)...
(
,
)
n
fx
fx
of the sample
X
1
,…X
n
, containin
g
the
para
m
eter
as the condition
al distributio
n
function of
X
1
,…X
n
on condition of the
given
.
So the joint
prob
ability density function
of
1
(,
,
.
.
.
,
)
n
X
X
is
1
()
(
,
)
.
.
.
(
,
)
n
hf
x
f
x
, and
the margi
nal
probability density of
X
1
,…
X
n
is
.
(c)
Propo
se the
con
d
itional di
stributio
n fun
c
tion of
on co
ndition of the given
X
1
,…X
n
is
:
(1)
whi
c
h is
called “posteri
or probability density” of
. The function represent
s the probability
distrib
u
tion
of knowl
edg
e about
after obtainin
g
the sam
p
le
; and
comp
re
hen
si
vely reflects the priori distribution of
and the information brou
g
h
t by
the
sampl
e
.
(d)
Make the infe
ren
c
e of
by
1
(|
,
.
.
.
,
)
n
hX
X
.
MD-dRBA
C
Tru
s
t Model:
In multiple
trus
t dom
ain
s
enviro
n
me
nt, model of access
control me
ch
anism fo
r inte
r-d
omain i
s
shown a
s
“Fig
ure 1
”
, ea
ch
domain
ha
s a
resou
r
ce server,
a trusted pro
xy server and
multiple loca
l users,
resou
r
ce serve
r
provides
the se
rvice of doma
i
n
resou
r
ces, trusted
serve
r
is set to facilitat
e the manag
ement o
f
trust and the proxy se
rver
maintain
s two trust tabl
es, one of whi
c
h re
cords
th
e
trust of local
use
r
s
and th
e other
re
cords
the dire
ct tru
s
t value
s
am
ong d
o
main
s (tru
st value
of dire
ct interaction
with th
is dom
ain
)
. Each
local
user m
a
intains
a reco
rd
she
e
t, on
whi
c
h record
s the trust b
e
t
ween th
e ot
her
users in t
h
is
domain a
nd itself.
2) Trust Calculation
(a)
Cal
c
ulation of
direct tru
s
t value withi
n
do
main
Cal
c
ulate the
direct trust within domai
n by
using Bayesia
n
deci
s
ion theo
ry to estimate
the su
ccess a
nd failure
rate
of a certain
service.
Assu
ming th
e intera
ction
betwe
en n
ode
i
a
nd n
ode
j
i
s
ra
n
dom, the ev
aluation
seq
uen
ce of node
i
to
node
j
is
12
.
{
.
,
.
,
...,
.
}
N
ij
ij
i
j
ij
ES
Rat
e
s
R
at
e
s
Rat
e
s
R
at
,
1
.
,
rat
es
ES
es
es
ES
n
ij
n
ij
n
ij
n
ij
ij
expresse
s th
e positive
evaluation sequ
ence set
of node
i
to node
j
,
0
.
,
rat
es
ES
es
es
ES
n
ij
n
ij
n
ij
n
ij
ij
repre
s
e
n
ts the negative
1
(
,
.
.
.
,
)
(
)
(
,)
.
.
.
(
,)
in
n
p
XX
h
f
X
f
X
d
1
1
(
)
(
,
)
...
(
,
)
(
|
,
...,
)
(
,
...,
)
n
n
in
hf
x
f
x
hX
X
pX
X
1
,
...,
n
X
X
Evaluation Warning : The document was created with Spire.PDF for Python.
419
ISSN: 23
02-4
046
TELKOM
NIKA
Vol. 11, No
. 1, Janua
ry 2013 : 417– 4
2
4
evaluation se
quen
ce set
o
f
node
i
to
n
ode
j
,
supp
o
s
ing th
e nu
m
ber
of po
sitive evaluatio
ns is
||
ij
ij
Z
ES
and the num
ber of neg
ative evaluation
s
is
||
ij
ij
FE
S
.
Figure 1. MD-dRB
CA tru
s
t model
Suppo
se the
pro
bability
of su
ccessful
intera
ct
ion
s
is p
and th
e failed i
s
q
,
the Bayesi
an
con
d
itional ex
pectatio
n
esti
mates of p an
d q will be
1
,
2
1
,
2
1
~
~
~
~
q
p
N
F
q
N
Z
p
ij
ij
ij
ij
(2)
Therefore, n
ode
i
ca
n e
s
timate the p
r
obability of
succe
ss
of th
e interactio
n
betwe
e
n
node
j
an
d itself.
Suppo
se n
o
d
e
i
and
nod
e
j
are not co
nne
cted,
||
0
ij
ij
ZE
S
, and
11
ij
Z
;
||
0
ij
ij
FE
S
, and
11
ij
F
. The original probability density of p is
(,
)
(
1
,
1
)
Bet
a
Bet
a
, which is evenly distribut
ed on [0, 1], therefo
r
e
~
1
2
p
. When
they are
co
n
necte
d, whi
c
h is to
say t
hat
2,
2
,
~
21
22
2
p
. With the increm
ent
of
evaluation, n
ode
i
will kno
w
more abo
ut node
j
, and p will be mo
re
accurate.
Cal
c
ulation
o
f
direct trust:
sup
p
o
s
e
ij
Z
and
ij
F
each
rep
r
e
s
ents the
num
ber of p
o
sitiv
e
evaluation
s
a
nd negative evaluation
s
,
1
ij
Z
and
1
ij
F
. Suppose p is the probability
of succe
ssful
and q is the proba
bility of
failed intera
cti
ons of node
i
to node
j
,
((
|
,
)
)
Eh
p
,
((
|
,
)
)
Eh
q
each me
an
s the mathem
atical expe
ct
ation of Bayesia
n
estimat
i
on. Then the
cal
c
ulatio
n of dire
ct trust ca
n be as follo
ws:
others
q
h
E
p
h
E
DTV
ij
,
0
,
,
,
(3)
(b)
Cal
c
ulation of
reco
mmen
d
e
d
trust value
within dom
ain
Cal
c
ulation of
recom
m
en
de
d trust of node
i
to node
j
:
Whe
n
finding
the direct tru
s
t table
of node
j
, we
con
s
tru
c
t re
commen
dation
network by recu
rsively se
arching n
ode
k
that is dire
ctly
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
2302-4
046
420
Role
-ba
s
e
d
T
r
ust Ma
nag
e
m
ent Model in
Multi-dom
ai
n Environm
ent (Xianchen
Guo)
intera
cts with
node
j
, calcu
l
ate the reco
mmend
ed tru
s
t throug
h the pass and
synthesi
s
relat
i
on
of trust. In order to avoid finding too de
eply, t
he recursi
on de
pth sho
u
ld be lim
ited, so that the
influen
ce to calcul
ation fro
m
trust path could be ig
nored at the sam
e
time.
Defini
tion1
:
Rust intensity represents the
re
li
ability of trust in
progress
of
recomme
ndat
ion tru
s
t delivery; it reflects the ma
in enti
t
y’s belief de
gree
of dire
ct
trust. Use
I
to
repres
ent the trus
t intens
ity, and
0,
1
I
.
Defini
tion2
:
Re
comm
end
ation tru
s
t in
clud
es the
di
rect trust val
ue of obje
c
t
entity an
d
trust intensity
of direct trust
value, which is to say that re
comm
endatio
n trust consi
s
ts of the
dire
ct trust value and tru
s
t intensity. Re
commen
dat
ion
trust is rep
r
e
s
ente
d
as (T,
I) and is call
ed
recomme
ndat
ion trust ve
ctor or
trust vector in sho
r
t.
3) Delivery of trus
t relation
The recomm
endatio
n tru
s
t will attenuat
e in progr
ess of trust deliv
ery, perfo
rm
s as the
attenuation
o
f
trust inten
s
i
t
y, as sh
own
in “Fi
gur
e 2
”
(a). Su
ppo
se the tru
s
t va
lue of
k to j
go
t
from direct ex
perie
nce is
kj
T
, the trus
t value of i to k
is
ik
T
, th
en the recom
m
endatio
n tru
s
t vector
that k re
co
m
m
end
s to i is
(
kj
T
, 1), after re
ceiving the recommen
dation
trust fro
m
k
and the
other
entities, i
syn
t
hesi
z
e
s
the
m
and fin
a
lly get the
trust
relatio
n
. Th
e attenuatio
n
formula
of trust
intensity is:
ij
ik
k
j
I
TI
. Then the re
comm
end
atio
n trust vecto
r
of entity
i
to
entity
j
is
(
kj
T
,
ik
T
), which mea
n
s that the tr
ust value of
k to j get from
dire
ct experie
nce is
kj
T
, and we can get
ik
T
as the co
ncl
u
sio
n
of cre
d
i
bility of i
to j
.
W
hen there
are multiple
interme
d
iate
entities, the
pro
c
e
ss i
s
as
the same
9.
Synthesis of t
he trust ve
cto
r
To synthe
size the trust vector i
s
to re
sp
e
c
tively synthesi
z
e the
dire
ct trust value and
trust inten
s
ity. Synthesize t
he dire
ct tru
s
t va
lue by taking stre
ngth a
s
the wei
ght of trust.
As sho
w
n in
“Figu
r
e
2”
(b), according t
o
the atten
u
a
t
ion pri
n
cipl
e
in previou
s
se
ction,
upon the
re
commen
dation
of intermedi
ate entities
a
and b, i can
get two re
co
mmend
ation trust
v
e
ct
or
s
11
,
ij
ij
TI
and
22
,
ij
ij
TI
. Then b
a
sed o
n
the ab
ove a
nalysi
s
, the synthetic tru
s
t value of
i to j is
11
2
2
12
ij
ij
i
j
i
j
ij
ij
ij
I
TI
T
ID
T
V
II
(4)
Whe
n
there
are multiple i
n
terme
d
iate reco
m
m
en
ded
entities in parallel, the synthetic
trust value of
i to j will be:
1
1
kk
k
n
ij
i
j
k
ij
n
ij
k
I
T
ID
T
V
I
(5)
If the two interme
d
iate re
comm
end
ed
entities a
an
d b have th
e
same
re
com
m
ende
d
trus
t values
,
1
I
and
2
I
, which mean
s th
at there a
r
e
tw
o eviden
ce
s to prove that the
recomme
nde
d co
ncl
u
si
on
is tru
e
, and
the po
ssibili
ties a
r
e
1
I
and
2
I
, so fo
r
comp
rehe
nsi
v
e
con
s
id
eratio
n
,
the possibili
ty (synthetic trust in
ten
s
ity) that the reco
mmend
ed co
nclu
sio
n
is true
is:
12
11
1
I
II
(6)
Evaluation Warning : The document was created with Spire.PDF for Python.
421
ISSN: 23
02-4
046
TELKOM
NIKA
Vol. 11, No
. 1, Janua
ry 2013 : 417– 4
2
4
Figure 2. Tru
s
t delivery an
d synthe
sis
Figure 3. Implicit enh
an
ce
ment of role’
s
authori
z
atio
n
Whe
n
there
are multiple i
n
terme
d
iate reco
m
m
en
ded
entities in parallel, the synthetic
trust intensity will be:
1
11
n
k
k
I
I
(7)
But if the recommen
ded trust values from
the intermediate re
co
mmend
ed en
tities are
different, we
s
h
ould firs
tly s
y
nthes
i
ze the direc
t
tru
s
t
value an
d the
n
get the
synthetic trust val
ue.
In this
c
a
s
e
, intermediate entities
firs
tly s
y
nthes
iz
e the dire
ct trust value by th
e trust values of
themselve
s
, and then
cal
c
ulate the synt
hetic tru
s
t value by usin
g the above formula10, 11, 1
2
.
4) Cal
c
ul
ation
of direct tru
s
t value betwe
en entities
Cal
c
ulation o
f
direct trust
betwe
en enti
t
ies:
By calculating the di
rect tru
s
t value and
recomme
ndat
ion trust valu
e, the trust value bet
we
e
n
entities ca
n be cal
c
ul
ated
by the formula
(1
)
,
(
0
1
)
i
j
ij
ij
T
V
DT
V
I
DT
V
with an app
ropriate
weig
h
t
ing factor
.
5) Cal
c
ul
ation
of trust value
acro
ss dom
a
i
ns
The cal
c
ulati
ons of the direct tru
s
t value and the recomme
nde
d trust value acro
ss
domain
s
a
r
e
as the
same
with the calculation
s
withi
n
domai
n. Th
e formula fo
r calculating t
h
e
cro
s
s-domai
n
trust value is
((
1
)
)
(
1
)
,
(
0
1
)
,
0
1
)
ij
ij
ij
i
D
O
M
T
V
D
OM
DT
V
DOM
I
D
T
V
,
ij
DO
MD
T
V
means th
e
dire
ct
trust value
s
betwee
n
doma
i
ns,
ij
D
OMID
T
V
rep
r
e
s
en
ts the recom
m
ende
d trust
values of a certain
domain,
i
is the tru
s
t valu
e of nod
e i
got from the
trust table
kept by proxy
serve
r
in thi
s
domain.
2.2 Detection of implicit enhan
cement of role’s authorization
In dynamic al
liance enviro
n
ment ea
ch
orga
nization manag
es
it
s acce
ss co
ntrolling
by
usin
g the RBAC model. But now there may be some
detection tha
t
are contra
ry to
the princip
l
es
of RBAC model, as sho
w
n in “Figure
3”, role
A.a has hig
her le
vel than A.c, but A.a
can
be
con
c
lu
ded to
have the authorities of A.c accordi
ng
to the right authori
z
ation
chain, whi
c
h i
s
clea
rly cont
ra
ry to the role hiera
r
chie
s principl
e of RBAC model.
By using the credi
bility-aut
hority tree
proposed in
this
paper, we can easil
y
check
wheth
e
r an
authori
z
atio
n
make
s impli
c
it enhan
ce
happ
en. As sho
w
n in “Fi
gure 3
”
, sup
pose
authori
z
atio
n
s
A.c->B.b an
d C.c->A.a h
a
ve been
d
o
n
e
, then B.b->C.c cann
ot h
appe
n be
cau
s
e it
is co
ntra
ry to prin
ciple
s
of
RBAC mod
e
l
. So it
’s necessary to che
ck the a
u
tho
r
ization
sou
r
ce’s
authorities and authori
z
ed entity’
s credibility-authority tree bef
ore each authori
z
ation. Take
“Figu
r
e 6
”
for example, by
che
c
king th
e
authori
z
atio
n
tree of B.b a
nd C.
c’s
auth
o
rities
we
ca
n
find that C.c
owe
s
auth
o
rit
i
es of
A.a, but A.c is in the author
i
z
ation
tree of B.b and A.c sh
oul
d
not have the authoritie
s of A.a, so
B.b->C.c is contrary to prin
ciple
s
of RBAC m
odel and
sho
u
ld
be deni
ed 13,
14.
Algorithm of detectin
g
imp
licit enha
nce
m
ent of role’
s
authori
z
ation
:
//Check Whether Certificate c Goes Against Least Privilege Principle
//Input: Certificate c, represented as <sub, obj>, use c.sub and c.obj t
o
represent the
subject and //object of c
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
2302-4
046
422
Role
-ba
s
e
d
T
r
ust Ma
nag
e
m
ent Model in
Multi-dom
ai
n Environm
ent (Xianchen
Guo)
//Output: True/False
Flag
{
If c.sub is an entity Then
Return True //[sub
→
obj] Issuer will not violate Least Privilege Principle
Search delegation tree forward // Search upwards the authorization tree
For each object in c.subject’s delegate tree
{
RS = null //RS means the set of Objects that within the same domain of c.obj
For each delegation c’ in delegation tree
{
If Domain(c’.obj) = Domain(c.sub) Then RS = RS
∪
{c’.obj}
//Domain(x) means to find the name of x’s domain
}
Judge(c.sub, RS, RH) //RH means the Role Hierarchy of c.sub’s domain
}
Return Flag
}
Judge(r, R,
RH)
/
/To judge wh
ether there
are roles th
at have high
er level tha
n r
in R
//Input: Role r, Roles Set R, Role Hierarchy RH
//Output: True/False
{
Flag = True
For each r’
∈
R
{
If <r, r’>
∈
RH Then Flag = False //There are roles that have higher level than r
}
}
3. Simulation and Analy
s
is results o
f
Trus
t Mech
anism
In MD-dRBA
C
mo
del p
r
o
posed in
this pape
r,
we build both trust relation
s betwe
en
entities a
nd d
o
main
s; take
different alg
o
r
ithms to
cal
c
ulate their t
r
u
s
t value
s
a
c
cordin
g to thei
r
nature
s
an
d chara
c
te
risti
c
s, and finally make a
c
cu
rat
e
asse
ssm
en
t of their trust relation
s.
3.1 Simulation Scene
The scena
rio sup
p
o
s
ed in this pape
r is intera
ct
ion
s
betwee
n
entities within a domain, in
whi
c
h a use
r
aims to acce
ssi
ng an interested no
de, and it doesn’t
matter whether he wa
nts to
uploa
d or do
wnlo
ad a re
source he
wa
nts or even
j
u
st a simpl
e
acce
ssi
ng. The co
nce
r
n
s
we
care mo
st a
r
e wh
ethe
r th
e so
urce
no
de is
bein
g
recogni
ze
d b
y
the target
node
and
th
e
recognitio
n
accura
cy. Experime
n
t hard
w
are environ
ment: Intel C
o
re i7 870 2.9
3
Ghz + 4G RAM;
softwa
r
e e
n
vironm
ent: Wi
ndo
ws Xp
O
peratio
n Syst
em and
MyEclip
se. The
r
e
are totally
40
node
s in this experiment,
which is divided into
two types: honest node
s, they use services
provide
d
by t
he net
wo
rk
safely and
rati
onally, and
can a
c
curately rate
colla
bo
rations
betwe
en
entities; dish
one
st entities,
they use the se
rvice
s
unre
a
s
ona
bly, and they
may even cause
threats to the service p
r
ovi
ders. The wei
ght param
ete
r
in trust formula is set to be 0.9, which
mean
s that entities pay more a
ttention
to
the direct
trust value
of acce
ss nodes rath
er than
indire
ct value
s
from othe
r
entities.
3.2 Experimental res
u
lts
and analy
s
is
Experiment 1
:
We obse
r
ve the chang
e
s
of trust rel
a
tions bet
we
en entity
i
an
d
both
hone
st entities and dishon
est entitie
s al
ong with the increa
se of intera
ction
s
. It is sup
p
o
s
ed that
hone
st entities and di
sho
nest entities
have the
sa
me numbe
r in our expe
ri
ment. Simulation
para
m
eters a
r
e sh
own in T
able 1.
Table I. Simulation pa
ram
e
ters
Total numbe
r of
entities
40
Honest entities
50%
Dishonest entities
50%
Original direct tru
s
t value
0.5
Threshold of t
r
ust
0.4
Weight paramete
r
β
0.9
Evaluation Warning : The document was created with Spire.PDF for Python.
423
ISSN: 23
02-4
046
TELKOM
NIKA
Vol. 11, No
. 1, Janua
ry 2013 : 417– 4
2
4
“Figu
r
e 4
”
sh
ows the trend
of trust relati
on ch
ange
s b
e
twee
n entity
i
and both ho
nest
entities a
nd
dish
one
st ent
ities alo
ng
wi
th the in
cr
e
a
s
e of i
n
tera
ct
ions. Sin
c
e t
he o
r
iginal
di
rect
trust value i
s
0.5 and it’
s
a
bove the thre
shol
d 0.
4, so
entities at the
begin
n
ing
ca
n acce
ss ea
ch
other. In “Fig
ure 7
”
, ho
ri
zo
ntal axis
rep
r
ese
n
ts t
he ti
mes
of intera
ction
s
; vertical axis
rep
r
e
s
ents
the trust value; red line repre
s
ent
s
the trend of relations between
entity
i
and hone
st entities
while bl
ue lin
e mean
s tren
d of disho
n
e
s
t entities’.
As we can se
e in “Figure 4
”
, along with the incr
ea
se o
f
interaction times, trust values of
hone
st entitie
s g
r
adu
ally in
cre
a
se while t
he tren
d of
di
sho
n
e
s
t entities i
s
de
crea
si
ng. As a
re
sul
t,
the target entity could pre-j
udge wh
ethe
r the s
ource entity is honest or not and then decide to
permit or
reje
ct the acce
ss.
Experiment 2
:
Compare the trends of accura
cy of detecting malici
ous be
havior in both
our m
odel
an
d EigenT
ru
st
Model. T
he
simulatio
n
pa
ramete
rs are
the same a
s
expe
rime
nt 1,
“Figu
r
e 5
”
sh
ows the re
sul
t
:
Figure 4. Tre
nd of trust rel
a
tions al
ong
with intera
ctio
ns in
cre
a
se
Figure 5. Co
mpari
s
o
n
of malicio
us b
e
h
a
vior dete
c
tin
g
accuraci
es i
n
two model
s
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
2302-4
046
424
Role
-ba
s
e
d
T
r
ust Ma
nag
e
m
ent Model in
Multi-dom
ai
n Environm
ent (Xianchen
Guo)
Red line re
prese
n
ts the accura
cy of MD-d
RBAC Trust Model propo
sed in this pape
r,
while the blu
e
one mean
s the result of EigenTrust
M
odel. Whi
c
h i
s
sho
w
n in “Figure 8” is that
MD-dRBA
C
Trust Mo
del ha
s faste
r
co
nverge
nce than
EigenTrust M
odel.
4. Summar
y
In this paper,
we deeply analyze
d
seve
ral is
sue
s
of
dRBAC mod
e
l, which incl
ude the
lack of com
m
issi
on control depth in a distri
bute
d
environm
ent, the inefficien
cy of casca
di
ng
revocation of
the authori
z
ation role
s a
nd the
inca
p
ability of judging wh
ethe
r the commission
violated the princi
ple of RB
AC model be
fore it
is don
e and so on.
To deal with these pro
b
lem
s
,
we propo
se
d MD-dRBA
C
model, de
sig
ned tru
s
t man
ageme
n
t mechani
sm of MD-d
RBAC M
o
del,
whi
c
h wa
s u
s
ed to co
ntro
l the acce
ss, estab
lished t
he credibl
e authority com
m
issi
on tree
and
finally propo
sed the detection algorith
m
for implic
it upgra
de of the role’
s
au
thority to avoid
violation of th
e lea
s
t privile
ge pri
n
ci
ple i
n
RBAC m
o
d
e
l. The expe
riments a
nd a
nalyse
s
p
r
ov
e
the feasibility, effectiveness and safety of MD-d
RBAC
model.
Referen
ces
[1]
Yu. LN, Gao.
W
L
, W
ang. JQ, Yang. KM, Liu. Z
L
,
W
ang. Q.
Rese
arch of a Massive Distri
b
uted Remot
e
Sensi
ng Data Reso
urce Shar
ing Metho
d
Un
der Grid Environme
n
t.
SENSOR LETTERS
. 2010; 8(1):
11-1
5
.
[2]
Z
hang QK, T
a
n, YA, Z
hang L, W
ang RF
. A Combi
ned K
e
y Man
a
g
e
me
nt Scheme in W
i
reless Se
nsor
Net
w
orks.
SENSOR LETTERS
. 2011; 9(4): 150
1-15
06.
[3]
R Sand
hu, E Co
yne, H F
e
inste
i
n, and
C
Youma
n
. Role-
base
d
Access Control
Mode
ls.
IEEE
Co
mp
uter
. 199
6, 29(2): 38
47.
[4]
Li Ni
ngh
ui, W
i
l
liam H W
i
nsb
o
r
oug
h, John C
Mitchell. Distri
buted cre
d
e
n
ti
al cha
i
n disc
o
v
er
y
i
n
trust
mana
geme
n
t.
Journ
a
l of Co
mputer Secur
i
ty
. 200
3; 11(1): 35
-86.
[5]
Che
n
Ying, Yang Sho
u
b
ao,
Guo Leitao,
Liu Pen
g
zha
n
,
Shen Kai.
Desig
n
and imp
l
e
m
e
n
tation of
Dyna
mic-
Rol
e
Based Acc
e
ss
Control fra
m
e
w
ork in grid
e
n
viro
nment
.
Int. Conf. Inf.
T
e
chnol. Coding
Comp
ut. Apr. 2005; Vol.2: 7
5
8
-
759.
[6]
Bao
y
i W
a
n
g
, Shaom
in Z
h
a
n
g
, Z
h
ilei Z
h
an
g. DRBAC ba
sed access c
ontrol meth
od
in substati
o
n
automati
on s
y
s
t
em. 2008
IEEE Internati
ona
l
Confer
enc
e o
n
Industri
a
l Te
chno
logy
(ICIT)
. 21-24 A
p
ri
l
200
8.
[7]
F
e
rraiol
o
D F
,
Sand
hu R S,
Gavrila S. et al
.
Propose
d
NI
ST
standard fo
r role-b
ase
d
a
ccess contro
l.
ACM T
r
ansacti
on on Infor
m
ati
on an
d Syste
m
s Security
. 200
1; 4(3): 224-2
7
4
.
[8]
Ming Z
h
ima
o
.
T
e
st and Rese
arch
On Ba
y
e
s
w
i
th D
y
nam
ic Parameters.
Nation
al Univ
ers
i
ty of Defense
T
e
chno
logy
. 2
009.
[9]
Yin Gan
g
. Res
earch
and Imp
l
eme
n
tation
on
Authoriz
ation
Mana
geme
n
t i
n
Inter-Dom
ain
Comp
uti
n
g
Enviro
nment.
Natio
nal U
n
ive
r
sity of Defens
e T
e
chno
lo
gy
. 200
6.
[10]
Josan
g
A, Grandis
on T
.
Conditio
nal infer
e
n
c
e in
subjectiv
e
logic. in: Xu
e
z
hi W
ang ed. Procee
din
g
s of
the
6th Intern
ation
a
l C
onfer
ence o
n
Infor
m
ati
on F
u
si
on
.
Cairns, Qld,
Australi
a. 200
3. Gallup, NM,
USA: Univ. Ne
w
Me
xico. 20
0
3
. 6356
42.
[11]
Josan
g
A. A l
ogic for uncer
tain prob
ab
iliti
e
s.
Internation
a
l Journ
a
l of Un
certainty, Fu
z
z
iness and
Know
led
ge-B
a
sed Syste
m
s
. 200
1; 9(3): 279
311.
[12]
Lia
o
Jun
guo. A
Dissertatio
n Submitt
ed to Hu
azho
ng U
n
iver
sit
y
T
e
chnol
og
y. 20
07.
[13]
Z
hong Hu
a, Feng Yul
i
n, an
d Jiang Ho
ng
an. Ex
p
a
n
ded
role hierarc
h
y
m
o
d
e
l and i
t
s applicati
o
n
.
Journ
a
l of Softw
are
. 2000: 77
9-78
4.
[14]
Lia
o
Jungu
o, Hong F
an, and Yang Qiu
w
e
i
.
Z
hang Z
hao
li. Safet
y
an
al
ysis
of dRBAC model.
Journ
a
l of
Chin
ese C
o
mp
uter Systems
.
200
7; 28 (4): 2
2
-31.
Evaluation Warning : The document was created with Spire.PDF for Python.