基于策略的语义远程认证

远程认证在可信计算中起着重要作用,它能提供可信环境存在的可靠证据。目前的方法是测量目标平台的二进制码、配置文件、属性或者安全策略等可信值。所有这些认证方法是静态的,缺乏动态行为认证并且没有对于实际的行为进行说明和规范。为了改进和完善这些认证方式,提出了一种语义远程认证策略,并对其进行了定义、规范和证明。该策略是把使用控制模型和行为结合起来,能够动态测量远程平台的行为。     

移动智能终端平台基于行为的远程证明方案

移动智能终端平台集通信、社交、网上购物、娱乐等众多功能于一身,恶意程序对相关服务的破坏可能威胁到用户财产和个人隐私的安全. 远程证明是可信计算的核心功能之一,它使得移动智能终端能向远程服务提供方证明平台运行状态的安全性. 传统的远程证明方案主要应用于计算机平台,无法很好的适应软件频繁更新、多方服务共同运行的移动智能终端环境. 针对移动智能终端环境的特点,本文设计了一种基于行为的远程证明方案,通过软件开发人员定义软件行为列表,终端系统强制实施行为限制,服务提供方自定义策略对终端环境进行验证的方式,满足了服务提供方保障其服务安全运行的需求. 方案原型的实现和评估表明本文方案兼具较强的安全能力和较高的性能.     

基于XACML的Web服务安全访问控制模型

Web服务已成为新一代电子商务的框架,其安全问题是不可忽视的问题,需要一种灵活高效的访问控制来保护.通过分析可扩展访问控制标记语言(XACML)和授权管理基础设施(PMI),给出了一种适合于Web服务安全的访问控制系统模型.该系统模型基于属性证书和策略集,用XACML作为描述访问控制决策的语言,适用于Web服务的动态性、异构性等特点.     

云环境中可信虚拟平台的远程证明方案研究

云环境中如何证明虚拟平台的可信,是值得研究的问题.由于云环境中虚拟平台包括运行于物理平台上的虚拟机管理器和虚拟机,它们是不同的逻辑运行实体,具有层次性和动态性,因此,现有的可信终端远程证明方案,包括隐私CA （privacy certification authority,简称PCA）方案和直接匿名证明（direct anonymous attestation,简称DAA）方案,都并不能直接用于可信虚拟平台.而TCG发布的Virtualized Trusted Platform Architecture Specification 1.0版中,可信虚拟平台的远程证明方案仅仅是个框架,并没有具体实施方案.为此,提出了一种自顶向下的可信虚拟平台远程证明实施方案——TVP-PCA.该方案是在虚拟机中设置一个认证代理,在虚拟机管理器中新增一个认证服务,挑战方首先通过顶层的认证代理证明虚拟机环境可信,然后通过底层的认证服务证明运行于物理平台上的虚拟机管理器可信,顶层和底层证明合起来确保了整个虚拟平台的可信,有效解决了顶层证明和底层证明的同一性问题.实验结果表明,该方案不仅能够证明虚拟机的可信,而且还能证明虚拟机管理器和物理平台的可信,因而证明了云环境中的虚拟平台是真正可信的.     

度量行为信息基的可信认证

为了提高远程认证的灵活性和效率,提出将Merkle哈希树应用到基于可信平台的行为动态验证中,给出创建认证度量行为信息基AM_AIB的过程。通过度量当前行为,计算得到行为发生时根哈希值,然后远程认证。根哈希值由可信平台模块(TPM)签名,传递给服务器端验证,如果和服务器端的根哈希值一致,表明该行为是可信的。可根据行为特性设计不同粒度的行为信息基。实验结果表明,该模型能提高时间性能,验证方式灵活,保护平台隐私,克服了基于属性验证的静态特点,确保了平台应用软件运行时可信。     

动态Huffman树平台配置远程证明方案

为了进一步提高平台配置远程证明方案的效率,在基于Merkle哈希树的远程验证机制RAMT的基础上,改进了可信实体散列值的存储方案,提出了基于动态Huffman树的平台配置远程证明方案RADHT,给出了算法效率的理论证明过程。认真讨论了可信实体的散列值存储方案,详细描述了动态Huffman树平台配置远程证明方案的体系结构、度量及验证过程,给出了一个完整性度量算法示例,并讨论了新机制的隐私保护能力和验证效率。与RAMT方案相比,新机制考虑了可信实体的散列值被查询的概率及其概率的动态更新问题。结果表明,新机制改进了平台配置远程证明方案的效率。     

Web服务中基于XML的RBAC策略模型

访问控制系统由于分布式网络的发展而日趋复杂,并且已经延伸到了多个领域,由于没有统一的描述语言,为各系统之间带来了互操作性问题。简要介绍了可扩展访问控制标记语言XACML的原理,针对Web服务中的访问控制问题,将XACML与基于角色的访问控制模型相结合,提出了一种基于角色的访问控制策略模型。策略模型适应网络分布式发展,提供了一种解决不同系统之间访问控制的互操作问题的方法。     

Web服务中基于SAML和XACML的RBAC模型

针对Web服务中安全性方面所存在的问题,引入角色来设定用户的访问策略,在用户访问具体资源时根据资源拥有者设置的权限来确定该用户的访问权限,使用角色作为行使权限的中介,通过SAML协议对该类角色实现单点登陆,并使用XACML对服务端的受保护资源进行访问控制.在此基础上给出了基于SAML和XACML的RBAC模型,该模型具有良好的灵活性、可扩展性及跨平台性.     

基于无证书环签名的虚拟机可信证明方案

由于虚拟环境的复杂性和动态性,使用传统方法证明其安全状态时会出现运算效率低下的情况;而环签名具有运算效率高、匿名性强的特点,利用无证书公钥系统可解决密钥管理问题。为此,提出一种采用无证书环签名机制的虚拟机可信证明方案。私钥生成中心（PKG）验证平台物理环境的状态可信后,由PKG和虚拟可信平台模块（vTPM）管理器利用无证书算法共同生成vTPM签名密钥,虚拟机对外证明时采用环签名机制,将证明者的信息隐藏在环成员列表中,从而实现虚拟机对外的匿名身份证明和状态证明。在完成证明准备工作后,虚拟机不需要在每次证明和迁移时重复生成虚拟身份证明密钥（vAIK）证书,因此大大提高了证明效率;另外方案具有很强的安全性和匿名性,适用于虚拟机数量巨大的云计算环境。     

基于策略的可控服务发现与动态路由模型

如何改进现有服务发现模型使之适应动态可变的服务运行环境并选择最符合用户需求的Web服务正在引起研究领域关注.提出了一种基于策略的可控服务发现与动态路由模型(P-WSDRM).该模型支持抽象服务、服务实例和服务发现者的属性定义,支持携带属性描述信息的服务发布与发现,引入了策略判定机制,支持服务发现者基于已定义的策略进行服务发现和实例路由.目前已经于Linux平台和目录服务实现了该模型的一个原型系统.     

A simulation-based approach for dynamic process management at web service platforms

Web services technology is being adopted as a viable deployment approach for future distributed software systems that enable business-to-business and business-to-consumer interactions across the open and dynamic internet environment. Recent research is focused on developing support technologies for web service discovery, on-demand service composition, and robust execution to facilitate web services based deployment of business processes. Developing techniques to cope with the volatile and open nature of the web during execution of composite services at the service platform is essential for delivering reliable and acceptable performance in this new process delivery framework. In this paper, we propose a simulation-based framework to guide scheduling of composite service execution. Online simulation of the dynamics of the open environment is used for scheduling service requests at the service platform. Comparison of the look-ahead simulation for different scheduling policies with the current execution state provides guidelines for service execution in order to cope with system volatility. We have implemented a prototype of the proposed framework and illustrate the feasibility of our approach with experimental studies.     

可信虚拟平台中的双AIK签名机制

在Xen虚拟平台中,用于完整性认证的虚拟可信平台模块(TPM)存在身份证明密钥(AIK)泄露隐患。为此,提出一种适用于可信虚拟平台的双AIK签名机制,以及与之配合的远程完整性认证协议,使用不同AIK对物理平台完整性信息及虚拟机内部完整性信息进行分开签名。安全性分析表明,该机制能解决Xen平台的身份密钥泄露问题。     

An extended XACML model to ensure secure information access for web services

More and more software systems based on web services have been developed. Web service development techniques are thus becoming crucial. To ensure secure information access, access control should be taken into consideration when developing web services. This paper proposes an extended XACML model named EXACML to ensure secure information access for web services. It is based on the technique of information flow control. Primary features offered by the model are: (1) both the information of requesters and that of web services are protected, (2) the access control of web services is more precise than just “allow or reject” policy in existing models, and (3) the model will deny non-secure information access during the execution of a web service even when a requester is allowed to invoke the web service.     

开放网络环境下的属性远程证明

为解决基于完整性验证的可信平台证明机制中存在的诸多问题,给出了一个基于平台属性的远程证明抽象模型,借助可信第三方实现平台属性的有效验证。并使用逻辑安全语言对该模型进行了形式化描述和可行性验证。这种新的可信平台证明方式丰富了平台证明的安全语义,并且更适用于公平、开放的网络环境。     

基于XACML的Web服务访问控制研究

详细介绍了Web服务授权和访问控制机制中一个重要规范：可扩展访问控制标记语言（XACML）,给出了基于XACML的访问控制模型的执行流程,使用SUN公司提供的XACML工具包实现了一个具体应用。最后得出此模型更加灵活、安全的结论,特别适用于异构的Web服务环境,并对XACML的发展作了展望。     

Meta web service: building web-based open decision support system based on web services

Web services are currently one of the trends in network-based business services, which intuitively will be applied to build a semantic web-based decision support system (DSS). Since web services are self-contained, modular business process applications, based on open standards, enable integration models for facilitating program-to-program interactions. Decision modules in a semantic web-based DSS can be viewed as a web service. However, according to the current features, web services know only about themselves, they are neither autonomous, nor are they designed to use ontologies; they are passive until invoked, and they do not provide for composing functionalities. These lead to the motivation on building a sophisticated web service to contain these features and to utilize web services on behalf of the user. This paper aims to propose a new concept of Meta Web Service, a web service-based DSS. The meta web service understands the user's problem statement with ontology, performs web service discovery, web service composition, and automatically generates codes for composite web service execution. Case-based reasoning is applied to quickly find past histories of successful service compositions. A prototype of research web service has been developed to show the feasibility of the proposed idea.     

基于VMI的虚拟机远程证明方案

可信计算组织（TCG,trusted computing group）提出的虚拟机远程证明方案可以为云计算平台提供虚拟机完整性验证服务,而直接使用 TCG 提出的方案性能较低,并且会受到布谷鸟攻击的威胁。利用虚拟机自省技术（VMI,virtual machine introspection）设计了新的虚拟机远程证明方案。通过在虚拟机监视器（VMM,virtual machine monitor）中获取虚拟机远程验证证据的方法消除在虚拟机内执行布谷鸟攻击的路径,利用物理可信平台模块（TPM,trusted platform module）保证虚拟机远程验证证据的完整性,减少了身份证明密钥（AIK,attestation identity key）证书的产生数量,降低了私有证书颁发机构的负载。实验表明,方案可以有效验证虚拟机的完整性状态,在虚拟机数量较多的情况下,性能优于TCG提出的虚拟机远程证明方案。     

Toward a ubiquitous personalized daily-life activity recommendation service with contextual information: a services science perspective

In recent years, services science has emerged as a discipline of increasing importance, and one that aims to promote service innovation and increase service productivity by aligning disparate scientific, management, and engineering perspectives. It emphasizes that service innovation should be capable of creating value for both service providers and consumers. To realize the core thinking of services science, that is, attaining high value and high productivity, service design has to incorporate many factors into its consideration. Based on the ideas of this new research field, we develop a personalized daily-life activity recommendation service that includes: information behavior, business value, and technology architecture as our service design considerations. Our services can be requested in a ubiquitous environment and include users’ contextual information which is an important factor in information behavior. With regard to IT architecture, we use service-oriented architecture (SOA) that provides the flexibility and extensiveness of technology, as well as permits new innovative services to be easily added.     

Business processes oriented heterogeneous systems integration platform for networked enterprises

Supply chains, dynamic alliances, e-business, extended enterprises, and virtual organizations are typical networked enterprises which are formed based on partner companies’ core competencies. Different partners have different infrastructures; the interoperability among heterogeneous systems is the solid foundation for the networked enterprise to work seamlessly and effectively. Due to the distributed and heterogeneous characteristics of different partner companies, it is a big challenge to implement a satisfying and cost effective solution in the networked enterprise.Aiming at the problems of system integration and cross-system interoperability, Service-Oriented Architecture (SOA) provides a new integration pattern and relative system infrastructure. The key for the development and implementation of SOA is services encapsulation and orchestration of applications through certain mechanism to operate a complex business. However, cross infrastructures services access protection and relative services orchestration are still the bottleneck for the SOA implementation.This paper develops a business processes oriented heterogeneous systems integration platform with relative methodology for networked enterprises integration. The platform is a space distributed and management centralized platform for networked enterprises. The service access agent (SAA) mechanism is developed to realize cross-domains identity authentication, service authorization, and information transmission security. Every Web service or SAA in the platform has a unique ID. The interoperating process only relies on IDs, which endows the platform with a loose coupling feature. Aiming at service orchestration, a graphic service process modelling method is developed, with which the developed process model can link atom Web services and form a complex service. The Java based service orchestration tool provides an ESB (Enterprise Service Bus) independent service orchestration and deployment. Those services that are results of orchestration can be orchestrated as an atom service in another orchestrating process. Thus, the platform can support orchestration decomposition. The structure approach of the business process modelling based platform implementation is developed, which provides a guideline for platform installation, services modelling, service encapsulation, service orchestration, and service deployment. Two cases are provided to illustrate the usage of the platform in industries. The development of this platform is an open source project.     

A semantical framework to engineering WSBPEL processes

Web services promise the interoperability of various applications running on heterogeneous platforms over the Internet, and are gaining more and more attention. Web service composition refers to the process of combining Web services to provide value-added services, which has received much interest in supporting enterprize application integration. Industry standards for Web Service composition, such as WSBPEL, provide the notation and additional control mechanisms for the execution of business processes in Web service collaborations. However, these standards do not provide support for checking interesting properties related to Web Service and process behavior. In an attempt to fill this gap, we describe a formalization of WSBPEL business processes, that adds communications semantics to the specifications of interacting Web services, and uses a formal logic to model their dynamic behavior, which enables their formal analysis and the inference of relevant properties of the systems being built.