一种基于Web Service的虚拟化目录服务

给出了一种虚拟化目录服务结构,利用轻量级目录访问协议构建分布式目录服务,形成一体化的逻辑视图,通过访问控制策略在保持信息节点自治性的同时提供安全保障。文中基于Web Service封装目录服务,提供目录查询和管理的API,实现了跨平台和松耦合的资源访问方式。     

Attribute-based lightweight reconfigurable access control policy

Aiming at the severe challenges of access control policy redundancy and conflict detection,the efficiency of access control policy evaluation in complex network environment,an attribute-based lightweight reconfigurable access control policy was proposed.Taking the attribute-based access control policy as an example,the attribute-based access control policy was divided into multiple disjoint atomic access control rules according to the operation type,subject attribute,object attribute,and environment attribute in the access control policy.Complex access control policies were constructed through atomic access control rules and an algebraic expression formed by AND,OR logical relationships.A method for redundancy and collision detection of atomic access control rules was proposed.A method was proposed for decompose a complex access control policy into equivalent atomic access control rules and an algebraic expression.The method for redundancy and collision detection of complex access control policies were proposed through redundancy and collision detection of equivalent atomic access control rules and algebraic expressions.From time complexity and space complexity,the efficiency of the equivalent transformation access control policy was evaluated.It showes that the reconstruction method for access control policy greatly reduces the number,size and complexity of access control policy,improves the efficiency of access control policy redundancy and collision detection,and the efficiency of access control evaluation.     

利用新的模糊免疫分类器的评价模型设计

随着Web服务数量的增加,根据Web服务的多维Qos属性度量Web服务质量成为研究热点之一。提出了一种利用模糊免疫网络记忆分类器的Web服务Qos评价。在该评价中首先结合SOA中Web服务描述给出了Web服务QoS评价模型。然后提出了一种新的人工免疫分类算法——FAINMC,利用该算法利用该算法对大量的Web服务实现准确、高效的分类。通过每类记忆细胞反应的特征得到相对应服务等级,最后使用模糊隶属度和百分法得到了反应Web服务质量优劣评价值。通过原型系统对模拟Web服务属性数据进行测试,表明该方法优选出QoS值尽可能大,QoS向量分量的特征分量一致性好的Web服务。     

访问控制模型研究进展及发展趋势

 访问控制的任务是保证信息资源不被非法使用和访问,冲突检测与消解主要解决不同信息系统安全策略不统一的问题.随着计算机和网络通信技术的发展,先后出现了自主访问控制模型、强制访问控制模型、基于角色的访问控制模型、基于任务的访问控制模型、面向分布式和跨域的访问控制模型、与时空相关的访问控制模型以及基于安全属性的访问控制模型等访问控制模型.本文从理论和应用研究两个角度分析和总结了现有访问控制技术、访问控制策略冲突检测与消解方法的研究现状,提出了目前访问控制模型及其冲突检测与消解研究在面向信息物理社会的泛在网络互联环境中存在的问题,并给出了细粒度多级安全的访问控制模型及其策略可伸缩调整方法的发展趋势.     

属性加密访问控制方法在云环境下的应用研究

随着云计算技术的普遍应用,云环境下云资源的安全性问题也受到了信息安全技术领域研究人员的普遍关注.传统的访问控制方法不能适应云计算环境下的数据存储和处理的安全需要,属性加密访问控制方法在云计算环境下的应用,可以有效的保证云环境下数据的安全性.本文对云安全进行了简单的分析,对基于属性的访问控制方法进行了研究,结合云计算环境数据处理的实际情况,提出了基于属性加密访问控制方法在云计算环境下应用的方案,并进行了研究.     

基于CORBA的WSRF资源封装的研究与设计

Web服务资源框架(WS-Resource Framework,WSRF)规范提供了使用Web服务建模有状态资源的能力。CORBA作为一种流行的分布计算技术,将CORBA规范和WSRF规范结合是目前的一个研究方向。从资源的角度初步探讨了这个问题,分别在不同的层次研究和设计了基于CORBA来建立、管理以及访问资源的框架,该研究为网格环境下,网格用户访问有状态的CORBA服务提供了一个良好的基础和借鉴。     

网格资源访问的一种主观信任机制

针对网格环境资源访问过程中的信任问题,为避免主观随意性,提出了基于贝叶斯函数的信任机制,通过判断并使用推荐能力最强的中间节点作为推荐者,搜索出对资源节点的信任链路,使用贝叶斯函数对由信任链路得到的资源节点的每种属性进行综合判断,最终确定是否访问该资源节点,模拟实验结果表明该信任模型的有效性.     

ASPE: attribute-based secure policy enforcement in vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) are usually operated among vehicles moving at high speeds, and thus their communication relations can be changed frequently. In such a highly dynamic environment, establishing trust among vehicles is difficult. To solve this problem, we propose a flexible, secure and decentralized attribute based secure key management framework for VANETs. Our solution is based on attribute based encryption (ABE) to construct an attribute based security policy enforcement (ASPE) framework. ASPE considers various road situations as attributes. These attributes are used as encryption keys to secure the transmitted data. ASPE is flexible in that it can dynamically change encryption keys depending on the VANET situations. At the same time, ASPE naturally incorporates data access control policies on the transmitted data. ASPE provides an integrated solution to involve data access control, key management, security policy enforcement, and secure group formation in highly dynamic vehicular communication environments. Our performance evaluations show that ASPE is efficient and it can handle large amount of data encryption/decryption flows in VANETs.     

基于信任授权的模糊访问控制模型

在开放式信息系统中,访问控制是保证信息系统安全的一项重要措施。传统访问控制模型在授权过程中没有考虑主体的信任度和权限集合划分等问题。文中引入模糊逻辑的思想,提出了基于信任授权的模糊访问控制模型,运用模糊综合评判法计算出主体在开放式信息系统中的信任度,并建立模糊控制规则,通过模糊判决自动授予主体相应的权限,使其能够更好的满足开放式信息系统中访问控制的要求。     

XeNA: an access negotiation framework using XACML

XeNA is a new model for the negotiation of access within an extended eXtensible Access Control Markup Language (XACML) architecture. We bring together trust management through a negotiation process and access control management within the same architecture. The negotiation process based on resource classification methodology occurs before the access control management. A negotiation module at the core of this negotiation process is in charge of collecting resources required to establish a level of trust and to insure a successful evaluation of access. The access control management is based on an extended Role-Based Access Control (RBAC) profile of XACML. This extended profile responds to advanced access control requirements and allows the expression of several access control models within XACML.