Research On Risk Assessment For Secure Interoperability In Multi-autonomous Domain

With the transiting from concentrated application system to distributed one,it's very necessary to realize the interoperation among different data soureces in the distributed environment.Otherwise, it is very difficult to share the data and interoperate directly among the different distributed application systems.But it is easier to get and deal with the sharing data in the local and more concentrated network environment,for example,LAN.So the autonomous domain method is used to split the distributed application system.Then,the information sharing in the distributed system can be studied through the interoperation in the autonomous domain system.The most important point in the interoperation is the information safety strategy. Because of the complexity of the autonomous domain,any safety strategy can't ensure the complete security during the interopeation.If a mechanism of risk assessment can be set up to assess the risk of interoperation,then the threat of the information security will be reduced.Because of the weakness in network security of the autonomous system,it's necessary to assess the risk of network security of the autonomous system.The fuzzy-synthesis evaluation method is used to evaluated this risk.If the risk value is larger than the threshold set beforehand,the autonomous will be forbidden to the system integration unless some measures are taked to reduce the risk grade.There are maybe mutual attack and Trojan horse program between two autonomous domain system.Then it's also necessary to assess the network security risk between the two autonomous domain systems.The gray relational analysis method is used to analyse and deal with the risk factor of the two autonomous domain system.Once the risk value is larger than the risk threshold set in advance,the interoperation between two autonomous domain system will be forbidden unless the correlative system takes some measures to reduce the risk influence.If the self risk of an autonomous doamin system and the mutual risk of the two antonomous domain systems are both below the risk threshold,then the interoperation request is allowed.The influence of the interoperation will be evaluated in the use of gray relational analysis method.The assessment result will be used to make the decision to reduce the risk of the interoperation.MuDoRight is a archetypal application system about multi-domain interoperation authorization management.The risk assessment moduel is constructed based on the MuDoRight to deal with the interoperation between two autonomous domain system and design the risk assessment flow.