跨域云环境下基于动态异构网络的风险访问模型

针对在动态异构网络中传统的访问控制机制复杂度高、灵活性差、数据安全性支持不足的问题，提出一种引入风险管理机制的多级安全访问模型。为每一个域设定动态风险阈值，对发起访问的主体和被访问的客体进行风险预审核。在设定的访问周期内对访问次数、累计访问风险值、最大访问风险值进行比较并给出限制条件，对频繁发起访问的低风险主体给予风险预支额度，在未透支风险额度的情况下允许其进一步访问。访问结束后，会动态调整本域风险阈值，使之具有一定的动态适应性。

Risk access model based on dynamic heterogeneous network in cross-domain cloud environment

Aiming at the high complexity, poor flexibility and security problem in the traditional cross-domain access under the dynamic heterogeneous network environment, this paper proposed a multi-level security access model that introduced the risk management mechanism, where a dynamic risk threshold is set for each domain and a risk pre-audit is performed on both subject and object of the access. The model compares the number of access, the cumulative access risk values, and the maximum value within the set access period and then stipulates restriction conditions. For low-risk entities that frequently initiate access, a risk advance limit is offered, and further access is allowed in case of non-overdraft risk limit. After the access, the risk threshold of the domain will be adjusted dynamically to make it a certain dynamic adaptability.