跨信任域授权模型

该文分析了ISO10181访问控制框架与权限管理基础设施PMI,提出了跨信任域的授权模型CTRA。并用可信的边界安全网关实现了该模型,解决了跨不同信任域的信任与授权问题,建立了跨不同安全域的信息交换与共享的可信计算平台。     

一种新的基于身份的多信任域认证模型研究

为解决基于身份的多信任域跨域认证问题,在分析了IBC和PKI认证框架特点的基础上,提出了一种新的基于身份的多信任域认证模型。该模型综合利用IBC和PKI的优点,实现了不同参数的IBC信任域的跨域认证问题,并通过BAN逻辑对本文设计的跨域认证协议进行了详细的分析和证明。分析结果表明,该模型能够实现跨域认证需求,跨域认证协议是安全有效的。     

新的基于角色的跨信任域授权管理模型

多信任域间的安全访问是一项重要的研究内容。结合基于角色访问控制机制（RBAC）的优势及现有的跨域认证技术构建了一种适用于大规模分布式网络环境的跨信任域授权管理CTDPM（Crossing the Trusted-domain Privilege Management）模型。模型中提出角色推荐和单向角色映射策略,支持分布式环境下任意两个信任域之间的安全访问。运用集合论和谓词逻辑对CTDPM模型进行了系统的形式化描述,提出了一套合理的授权与安全规则,并进行了特性分析,最后给出该模型在访问控制系统中的安全应用。     

PKI跨域信任计算方法

针对PKI跨域方案中信任管理偏重身份信任的问题,对PKI下的信任计算进行探讨,为适应域间信任关系动态变化的特点,提出一种基于PKI安全域的跨域信任计算方法,该方法结合PKI的身份信任网络,能够使资源域在设置与外域根CA的信任关系,并监控跨域用户行为后,对外域各信任实体做出合理的信任评价.     

基于区块链技术的高效跨域认证方案

为解决现有公钥基础设施（PKI）跨域认证方案的效率问题,利用具有分布式多中心、集体维护和不易篡改优点的区块链技术,提出基于区块链技术的高效跨域认证方案,设计了区块链证书授权中心（BCCA）的信任模型和系统架构,给出了区块链证书格式,描述了用户跨域认证协议,并进行了安全性和效率分析。结果表明,在安全性方面,该方案具有双向实体认证等安全属性;在效率方面,与已有跨域认证方案相比,利用区块链不可篡改机制,使用哈希算法验证证书,能减少公钥算法签名与验证的次数、提升跨域认证效率。     

基于SAML标准的信任与授权服务平台设计

在对信任与授权体系的现状进行分析的基础上,针对跨信任域的身份认证和授权问题,引入SAML标准规范,提出基于SAML标准的信任与授权体系架构,并分析了相应的信任与授权平台设计与实现方法。     

网格环境的一种跨域信任模型

针对跨域资源调度中不同信任模型之间的差异,提出了一个由域间代理完成的不同信任机制之间的转换模型,将跨域和域内信任一致处理,实现了跨域信任度的转换和评估。给出了跨域信任中的上下文定义,提出了实现跨域调度并体现上下文含义的调度算法。实验表明,所提出的转换模型和调度算法在跨域范围内选择了信任度高的资源,缩短了任务完成时间,提高了任务满足率,使调度过程得到了优化。     

网络环境下跨域信任调度模型

针对跨域资源调度过程中不同域之间信任度评价差异,域与域之间实体信任度无法比较的现象,提出了一个域间信任度计算模型,并由域代理完成不同信任机制的相互转换。通过对不同域之间资源调度历史记录以及推荐信任度进行综合评价,把域间信任度进行规范化,使域之间的信任度有了可比性;给出了跨域信任体系结构;提出了实现跨域调度的算法。实验表明,提出的信任模型和调度算法在跨域范围内选择了信任度高的资源,提高了任务满足率和调度成功率。     

Web服务中基于信任的跨域安全认证模型

在分析XCAML和WS—Security安全规范的基础上,设计出一种基于信任的跨域安全认证模型TB—WSCDSA。该模型解决了跨域服务双方身份认证的问题,并依据各自安全域的访问控制策略和信任计算所需的数据和算法,计算双方的信任度,根据信任度阈值比较结果对双方进行信任评估和授权,并将结果以信任证书的方式发送给服务双方以保证安全通信。     

基于双向防御的跨安全域访问控制方法研究

实现逻辑隔离的不同网络安全域之间的信息共享与业务协作是一个重要而紧迫的课题。本文提出一种基于双向防御的跨安全域访问控制方法,该方法基于网络安全域已有的信任体系建立跨域信任关系,在访问请求发起方和目标所在域同时实施基于授权策略的访问控制,通过角色映射以代理方式访问目标资源,从而实现了跨域访问过程中网络安全域边界的双向防御,保障了各安全域的边界安全以及信息共享与业务协作的安全运行。     

A framework for understanding trust factors in web-based health advice

Trust is a key factor in consumer decisions about website engagement. Consumers will engage with sites they deem trustworthy and turn away from those they mistrust. In this paper, we present a framework for understanding trust factors in web-based health advice. The framework is derived from a staged model of trust and allows predictions to be made concerning user engagement with different health websites. The framework is then validated via a series of qualitative, longitudinal studies. In each study, genuine consumers searched online for information and advice concerning their specific health issue. They engaged in free searching and were directed towards sites previously reviewed using the framework. Thematic analysis of the group discussions provided support for the framework and for the staged model of trust wherein design appeal predicted rejection (mistrust) and credibility of information and personalization of content predicted selection (trust) of advice sites. The results are discussed in terms of the merits of the framework, its limitations and directions for future work.     

无线传感器网络中的信任管理

作为对基于密码体系的安全手段的重要补充,信任管理在解决WSNSs(wireless sensor networks)中的内部攻击,识别恶意节点、自私节点及低竞争力节点,提高系统安全性、可靠性和公平性等方面有着显著优势.综述了WSNs环境下信任管理的特点、分类方法、框架设计、脆弱性分析、攻击模型及对策,在此基础上介绍了WSNs下的典型信任管理系统.以信任计算模型为中心的WSNs环境下信任管理框架的设计是信任管理系统的核心,从信任要素、信任计算模型和信任值的应用这3个方面对其进行了深入讨论.最后,总结了WSNs环境下信任管理的研究现状,提出了值得参考的研究发展方向.     

Model-driven trust negotiation for Web services

Trust negotiation is an approach to access control whereby access is granted based on trust established in a negotiation between the service requester and the service provider. Trust negotiation systems avoid several problems facing traditional access control models such as DAC (discretionary access control) and MAC (mandatory access control). Another problem is that Web service providers often do not know requesters identities in advance because of the ubiquitousness of services. We describe Trust-Serv, a trust negotiation framework for Web services, which features a policy language based on state machines. It is supported by lifecycle management and automated runtime enforcement tools. Credential retrieval and validation in Trust-Serv rely on predefined Web services that provide interactions with attribute assertion authorities and public key infrastructure.     

一个软件服务协同中的信任管理框架设计

Internet-based Web application systems are gradually built as software service coordination systems. In an open, dynamic and collaborative application environment, traditional methods assumed with closeness, centralization and independence are not able to cope with these security problems efficiently. Trust management is a new method for dealing with security issues of open, distributed network application system. However, the traditional policy-based trust management systems have some shortcomings, i.e. complex in policy making, unable to deal with negative se-curity credentials, etc. So, we design a trust management framework in combination with subjective trust model for software service coordination and security decision in Internet environment. This trust management framework has characteristics of operability, reasonability, and flexibility in policy setting.     

开放多Agent系统信任管理中的信任获取方法研究

信任管理是解决开放多agent系统安全性问题最有前途的思路,而其基础之一就是信任获取。该文在Demp-ster-Shafer证据理论框架内,提出了一种新的证据获取方法,文章认为agent之间一次交互的服务质量提供了关于服务提供者可信任程度的一个证据,多次的服务提供了多个独立的证据,这些证据的合成构成了更准确的证据信任评价。与目前常用的多次服务质量直方图加门限的信任获取方法相比,该方法具有评价结果对门限参数敏感度低,以及对个别a-gent之间交互次数要求少的优点。     

分布式信任模型在电子商务中的应用

本文提出一个通用的,并可以独立使用的动态分布式信任模型(DDTM)。在DDTM中,访问权限直接与信任值相关联。信任值又具体分为直接信任值、间接信任值和信任授权等级。文中已经计算并将每一类型的信任价值用明确的数字形式表示。这个模型的核心是基于推荐的信任模型,被组织成信任授权树(TDT),并以证书链的形式进行授权。     

Disseminating trust information in wearable communities

This paper describes a framework for managing and distributing trust information in a community of mobile and wearable computer users. Trust information in the form of reputations are used to aid users during their social interactions with the rest of the community.     

Promoting cooperation among strangers to access Internet services from an ad hoc network

We envision highly mobile users cooperating by sharing telecommunication connections to support a continuous messaging notification channel. Peer-to-peer sharing would enable a reduction of users’ telecommunication charges and devices’ battery consumption. Nevertheless, without a centralized trust authority, people lack the incentive to cooperate with a group of strangers. We present a new distributed trust framework and a credit system to solve this problem. Trust is evaluated based on a user’s own experience and information obtained from others. The credit system is built on top of the trust system to ensure that each user appropriately takes turns providing the proxy service for the group of peers. No centralized authority or long-term accountability is needed. Simulation results demonstrate that this framework is stable and efficient. Fairness is maintained among users and each user may benefit in proportion to its contribution to the group.     

PKI网络信任模型的分析与研究

信任模型是整个网络安全体系的基础,决定了在网络上采用信任的形式与采用该形式带来的信任风险,并提供了建立和管理信任关系的框架。可见,对于信任模型的研究在网络安全中非常重要。文章着重分析了基于PKI的各类信任模型的信任机制、认证过程及其存在优缺点,指出了各类信任模型对网络信息安全产生影响的主要原因。通过总结与对比,指出了PKI信任模型的设计策略与发展趋势。     

Trust and conflict within virtual inter-organizational alliances: a framework for facilitating knowledge sharing

Trust and conflict are inherent issues of any organizational arrangement and central for knowledge sharing; yet they have received limited attention in the literature. In this paper, we undertake an investigation of both phenomena within the context of virtual alliances. A generic framework for understanding the dynamics of trust and conflict within the context of virtual inter-organizational arrangements is presented, followed by an examination of three distinct structural forms of virtual alliances, and strategies for generating trust and minimizing dysfunctional conflict. The paper concludes with an identification of avenues for further research.