共查询到18条相似文献,搜索用时 109 毫秒
1.
基于标签树的自动信任协商策略分析 总被引:1,自引:0,他引:1
网络实体间的信任建立是彼此进行安全交互的前提,自动信任协商为分布式环境下陌生实体的信任建立提供了方法.但现有的信任协商默认协商中访问控制策略正确,而策略本身很可能存在某些问题,导致协商失败.重点分析协商策略的性质,首先针对可能存在的冲突策略、平凡策略等策略不一致问题,构建了一种基于标签树的逻辑证明方法,进行策略一致性的检测,并证明了此证明方法的可靠性、完备性;其次,通过对策略树进行化简以求得最小证书集,并对其进行一次性披露和匹配,尽快达成成功协商,从而避免策略环问题,提高协商效率及成功率. 相似文献
2.
自动信任协商及其发展趋势 总被引:29,自引:0,他引:29
属性证书交换是一种在不同安全域里共享资源或进行商业事务交易的陌生人之间建立双方信任关系的重要手段.自动信任协商则通过使用访问控制策略提供了一种方法来规范敏感证书的交换,从而保护了用户的敏感证书信息、敏感访问控制策略与个人隐私,以及提高协商效率和协商成功率.对自动信任协商的研究动态进行了调研,对该领域的相关技术进行了归类及介绍.在认真分析现有技术的基础上,总结了当前自动信任协商的不足,并指出了自动信任协商继续发展应遵守的原则以及自动信任协商的未来发展趋势. 相似文献
3.
4.
自动信任协商抗攻击能力分析 总被引:1,自引:0,他引:1
自动信任协商是一种通过逐步暴露证书和访问控制策略以确立协商双方信任关系的方法.与任何接入因特网的开放系统一样,自动信任协商很容易遭受各方面的攻击,如拒绝服务、窃听、隐私截取等.通过分析自动信任协商对系统的需求,指出自动信任协商易遭受攻击的环节,给出自动信任协商对常见攻击的抵制方法,以及自动信任协商中各类协商技术抗攻击的原理. 相似文献
5.
自动信任协商是一种在开放网络环境下陌生实体之间通过披露属性证书建立双方信任关系的重要手段。针对传统信任协商中协商规则描述较为严格、协商成功率和效率较低的问题,提出了一种基于模糊逻辑的自动信任协商方案,它通过将模糊逻辑引入信任协商,对信任协商规则进行模糊化处理,可以更简单而灵活地描述协商规则,并由此优化协商路径选择。分析表明,这种协商方案能够在一定程度上提高协商成功率和效率。 相似文献
6.
自动信任协商是跨多安全域的实体间建立信任关系的一种新方法,协商策略规定了协商过程中信任凭证和访问控制策略的披露方式。针对目前的研究中没有区分凭证的敏感度的问题,引入凭证权重的概念,设计了一种基于带权重的树的协商策略,采取局部取优的思想,每次在访问控制策略可选的情况下选取最小权重的凭证进行披露,直至协商成功或失败。经证明,该策略安全、完备且高效。 相似文献
7.
8.
自动信任协商研究 总被引:39,自引:2,他引:39
在Internet日益孕育新技术和新应用的同时,交互主体间的生疏性以及共享资源的敏感性成为跨安全域信任建立的屏障.自动信任协商是通过协作主体间信任证、访问控制策略的交互披露,逐渐为各方建立信任关系的过程.系统介绍了这一崭新研究领域的理论研究和应用进展情况,并对信任协商中的协商模型、协商体系结构、访问控制策略规范、信任证描述及发现收集、协商策略及协商协议等多项关键技术的研究现状进行分析和点评,最后针对目前研究工作中存在的一些问题,对未来的研究方向及工作进行展望.通过对自动信任协商的研究及其进展的介绍,希望有助于在维护开放网络中主体自治性和隐私性的同时,研究更高效、实用的信任自动建立技术. 相似文献
9.
为了降低自动信任协商中的信任证披露开销,引入资源披露策略树的概念。通过在IKEv2初始交换消息的安全关联载荷中加入完整性级别域和机密性级别域,使之支持自动信任协商策略的安全交换,从而为资源披露策略树的构建提供数据基础。给出最优信任证披露序列搜索算法,它可以从资源披露策略树中搜索效率最优的信任证披露策略。 相似文献
10.
提出一种基于属性的信任协商方法。协商的双方首先交换包含多个加密属性的信任证书,然后双方根据自己的访问控制策略多次交换密钥逐步向对方显示出自己的属性。在这种协商方法中,双方可以控制自己的信任书中属性值的出示,且该协商方法使用椭圆曲线密钥交换算法产生会话密钥,计算量比较小。 相似文献
11.
自动信任协商中,访问控制策略规范了用户访问资源的行为从而保护敏感信息与资源,当策略本身就包含敏感信息时,则策略的暴露会泄露隐私信息;而对策略的敏感信息再次进行保护时,则增加了协商复杂性。针对策略保护的矛盾,提出一种基于规则的自动信任协商模型——RBAM。对策略进行分解,将非敏感策略与域约束归为一类,并使用Agent技术来协商双方的交互,从而达到降低协商复杂度、提高协商效率的目的。 相似文献
12.
自动信任协商(ATN)是指通过暴露信任凭证与访问控制策略进行匹配以达到建立信任关系的目的。在开放的分布式环境中,策略一致性管理便于网络用户发现资源,并及时了解访问资源所需具备的条件。当前,自动信任协商中的策略一致性管理由资源方进行维护,这不利于资源被发现,限制了资源的共享,浪费了资源方宝贵的计算资源。针对这些问题,提出了一种有效的策略一致性管理方法。该方法设立可信第三方,使用LDAP协议集中管理资源方的访问控制策略,使用通用语言XML对策略进行描述,可有效检测与避免策略更新、删除等所带来的策略不一致问题。 相似文献
13.
针对自动信任协商(ATN)中的敏感信息保护问题,提出了基于交错螺旋矩阵加密(ISME)的自动信任协商模型。此模型采用交错螺旋矩阵加密算法以及策略迁移法,对协商中出现的3种敏感信息进行保护。与传统的螺旋矩阵加密算法相比,交错螺旋矩阵加密算法增加了奇偶数位和三元组的概念。为了更好地应用所提模型,在该协商模型的证书中,引入了属性密钥标志位的概念,从而在二次加密时更有效地记录密钥所对应的加密敏感信息,同时列举了在协商模型中如何用加密函数对协商规则进行表示。为了提高所提模型协商成功率和效率,提出了0-1图策略校验算法。该算法利用图论中的有向图构造了6种基本命题分解规则,可以有效地确定由访问控制策略抽象而成的命题种类。之后为了证明在逻辑系统中此算法的语义概念与语法概念的等价性,进行了可靠性、完备性证明。仿真实验表明,该模型在20次协商中策略披露的平均条数比传统ATN模型少15.2条且协商成功率提高了21.7%而协商效率提高了3.6%。 相似文献
14.
针对云计算环境带来的安全性问题,在目前云安全模型研究的基础上,对分层的云服务框架模型进行了安全性分析.综合考虑云计算环境特点,在不影响云服务质量的前提下保证数据安全,建立了一个云安全访问控制模型ACCP.该模型利用自动信任协商机制可以不依靠数据中心第三方安全服务,通过双方信任证集的交互和策略的控制自适应地建立组合安全域.通过在用户-服务以及组合服务之间两个场景下信任协商建立过程,表明了模型可行性和有效性. 相似文献
15.
16.
17.
Jianxin Li Dacheng Zhang Jinpeng Huai Jie Xu 《Peer-to-Peer Networking and Applications》2009,2(2):164-177
Service-oriented architecture (SOA) and Software as a Service (SaaS) are the latest hot topics to software manufacturing and
delivering, and attempt to provide a dynamic cross-organisational business integration solution. In a dynamic cross-organisational
collaboration environment, services involved in a business process are generally provided by different organisations, and
lack supports of common security mechanisms and centralized management middleware. On such occasions, services may have to
achieve middleware functionalities and achieve business objectives in a pure peer-to-peer fashion. As the participating services
involved in a business process may be selected and combined at run time, a participating service may have to collaborate with
multiple participating services which it has no pre-existing knowledge in prior. This introduces some new challenges to traditional
trust management mechanisms. Automated Trust Negotiation (ATN) is a practical approach which helps to generate mutual trust
relationship for collaborating principals which may have no pre-existing knowledge about each other without in a peer-to-peer
way. Because credentials often contain sensitive attributes, ATN defines an iterative and bilateral negotiation process for
credentials exchange and specifies security policies that regulate the disclosure of sensitive credentials. Credentials disclosure
in the iterative process may follow different orders and combinations, each of which forms a credential chain. It is practically
desirable to identify the optimal credential chain that satisfies certain objectives such as minimum release of sensitive
information and minimum performance penalty. In this paper we present a heuristic and context-aware algorithm for identifying
the optimal chain that uses context-related knowledge to minimize 1) the release of sensitive information including both credentials
and policies and 2) the cost of credentials retrieving. Moreover, our solution offers a hierarchical method for protecting
sensitive policies and provides a risk-based strategy for handling credential circular dependency. We have implemented the
ATN mechanisms based on our algorithm and incorporated them into the CROWN Grid middleware. Experimental results demonstrate
their performance-related advantages over other existing solutions.
Jianxin Li is a research staff and assistant professor in the School of Computer Science and Engineering, Beihang University, Beijing china. He received the Ph.D. degree in Jan. 2008. He has authored over 10 papers in SRDS, HASE and eScience etc. Her research interests include trust management, information security and distributed system.
Dacheng Zhang received his BSc. in Computer Science at Northern Jiaotong University. Dacheng then worked at the Beijing Rail Mansion and Beijing Zhan Hua Dong He Ltd. as a software engineer. In 2004, Dacheng received his MSc. degree in Computer Science at the University of Durham. The topic of his thesis was “Multi-Party Authentication for Web Services”. Dacheng is now a PhD student in the School of Computing, University of Leeds, UK. His research area covers Multi-Party Authentication systems for Web services, Long Transactions, and Identity based authentication systems. Currently, he is exploring Coordinated Automatic Actions to manage Web Service Multi-Party Sessions.
Jinpeng Huai is a Professor and Vice President of Beihang University. He serves on the Steering Committee for Advanced Computing Technology Subject, the National High-Tech Program (863) as Chief Scientist. He is a member of the Consulting Committee of the Central Government Information Office, and Chairman of the Expert Committee in both the National e-Government Engineering Taskforce and the National e-Government Standard office. Dr. Huai and his colleagues are leading the key projects in e-Science of the National Science Foundation of China (NSFC) and Sino-UK. He has authored over 100 papers. His research interests include middleware, peer-to-peer (P2P), grid computing, trustworthiness and security.
Professor Jie Xu is Chair of Computing at the University of Leeds (UK) and Director of the EPSRC WRG e-Science Centre involving the three White Rose Universities of Leeds, York and Sheffield. He is also a visiting professor at the School of Computing Science, the University of Newcastle upon Tyne (UK) and a Changjiang Scholar visiting professor at Chongqing University (China). He has worked in the field of Distributed Computer Systems for over twenty years and had industrial experience in building large-scale networked systems. Professor Xu now leads a collaborative research team at Leeds studying Grid and Internet technologies with a focus on complex system engineering, system security and dependability, and evolving system architectures. He is the recipient of the BCS/IEE Brendan Murphy Prize 2001 for the best work in the area of distributed systems and networks. He has led or co-led many key research projects served as Program Chair/PC member of, many international computer conferences. Professor Xu has published more than 150 edited books, book chapters and academic papers, and has been Editor of IEEE Distributed Systems since 2000. 相似文献
Jie XuEmail: |
Jianxin Li is a research staff and assistant professor in the School of Computer Science and Engineering, Beihang University, Beijing china. He received the Ph.D. degree in Jan. 2008. He has authored over 10 papers in SRDS, HASE and eScience etc. Her research interests include trust management, information security and distributed system.
Dacheng Zhang received his BSc. in Computer Science at Northern Jiaotong University. Dacheng then worked at the Beijing Rail Mansion and Beijing Zhan Hua Dong He Ltd. as a software engineer. In 2004, Dacheng received his MSc. degree in Computer Science at the University of Durham. The topic of his thesis was “Multi-Party Authentication for Web Services”. Dacheng is now a PhD student in the School of Computing, University of Leeds, UK. His research area covers Multi-Party Authentication systems for Web services, Long Transactions, and Identity based authentication systems. Currently, he is exploring Coordinated Automatic Actions to manage Web Service Multi-Party Sessions.
Jinpeng Huai is a Professor and Vice President of Beihang University. He serves on the Steering Committee for Advanced Computing Technology Subject, the National High-Tech Program (863) as Chief Scientist. He is a member of the Consulting Committee of the Central Government Information Office, and Chairman of the Expert Committee in both the National e-Government Engineering Taskforce and the National e-Government Standard office. Dr. Huai and his colleagues are leading the key projects in e-Science of the National Science Foundation of China (NSFC) and Sino-UK. He has authored over 100 papers. His research interests include middleware, peer-to-peer (P2P), grid computing, trustworthiness and security.
Professor Jie Xu is Chair of Computing at the University of Leeds (UK) and Director of the EPSRC WRG e-Science Centre involving the three White Rose Universities of Leeds, York and Sheffield. He is also a visiting professor at the School of Computing Science, the University of Newcastle upon Tyne (UK) and a Changjiang Scholar visiting professor at Chongqing University (China). He has worked in the field of Distributed Computer Systems for over twenty years and had industrial experience in building large-scale networked systems. Professor Xu now leads a collaborative research team at Leeds studying Grid and Internet technologies with a focus on complex system engineering, system security and dependability, and evolving system architectures. He is the recipient of the BCS/IEE Brendan Murphy Prize 2001 for the best work in the area of distributed systems and networks. He has led or co-led many key research projects served as Program Chair/PC member of, many international computer conferences. Professor Xu has published more than 150 edited books, book chapters and academic papers, and has been Editor of IEEE Distributed Systems since 2000. 相似文献