共查询到20条相似文献,搜索用时 156 毫秒
1.
在以服务为核心的网格计算体系结构中,为了实现信任域之间安全任务调度,服务和用户被赋予信任度标签,利用置信度策略成为解决网格计算资源调度安全的一种手段。基于面向服务体系结构,提出了一种服务资源交换协商的参考模型,来解决跨信任域的服务请求和响应问题。文中首先列举了相关的概念,给出参考模型结构,阐述了跨信任域的服务交换协商安全步骤,最后指出了该参考模型中面临的两个重要问题,为进一步研究基于服务交换的网格服务资源分配模型设定方向。 相似文献
2.
《计算机应用与软件》2013,(7)
为了支持跨地域、跨网域的各军兵种军事应用的信息共享,提出标绘图形处理系统服务化的需求。在研究面向服务的相关技术以及桌面版标绘系统的体系结构后,提出面向服务的标绘图形处理系统设计思想,设计了客户端/和服务器的模块,搭建了原型测试系统,验证了在局域网的环境下能够满足响应需求。 相似文献
3.
由于普适计算的高度移动性,通信的双方经常位于不同的区域,为了保证服务的合法访问以及消息的安全传输,需要进行跨域认证以及安全会话密钥建立。提出了一种新的跨域认证与密钥建立协议,该协议采用生物加密技术省去了证书管理的负担,合理设计了通信双方及其各自服务器之间的交互,完成了跨域双向认证,并采用签密技术为通信双方派生密钥。对协议进行了安全及性能的分析,并用经典的SVO逻辑证明了其正确性。 相似文献
4.
5.
6.
7.
为了适应网络中心战的发展需求,针对传统军事系统的多方面缺陷,文中基于综合集成的思想,采用网格计算技术和Agent技术相结合的方法,提出了一种军事应用网格(MAGrid)构想。它是一种新型综合电子信息系统,文中着重对它的体系结构、总体视图和服务层次进行了具体设计和分析。其中,科学合理的体系结构为具体应用研究提供了平台和基础;从综合集成角度描述的军事应用网格总体视图,体现了该网格的内部构件及其相互关系;服务层次的设计和描述则体现了该应用网格面向服务的本质特征。 相似文献
8.
由于分布式环境下的网格应用程序往往要跨域访问资源,如何构建统一的跨域安全令牌交换机制就成了网格应用中需解决的一个重要的问题.针对此问题,提出了一个可以进行跨域安全令牌交换的框架,此框架由认证中心和个体安全域组成,单个安全域的用户可以通过认证中心来获取不同安全域的安全令牌,从而为跨域安全令牌的交换提出了一种解决方法,最后框架在欧中网格合作项目(Bridge项目)中进行验证. 相似文献
9.
军事应用网格(MAGrid)体系结构研究 总被引:1,自引:0,他引:1
为了适应网络中心战的发展需求,针对传统军事系统的多方面缺陷,文中基于综合集成的思想,采用网格计算技术和Agent技术相结合的方法,提出了一种军事应用网格(MAGrid)构想。它是一种新型综合电子信息系统,文中着重对它的体系结构、总体视图和服务层次进行了具体设计和分析。其中,科学合理的体系结构为具体应用研究提供了平台和基础;从综合集成角度描述的军事应用网格总体视图,体现了该网格的内部构件及其相互关系;服务层次的设计和描述则体现了该应用网格面向服务的本质特征。 相似文献
10.
面向网格服务的标准件库系统集成 总被引:3,自引:0,他引:3
基于开放网格服务体系结构提出了面向服务的标准件库系统集成的体系结构.将标准件库系统中与数据库、CAD系统交互的功能组件封装在网格服务容器中,并与后台数据库一起部署成为网格服务节点,现有的标准件库系统只需提供服务的行为接口即可方便地集成到网格环境中.开发部署了一类标准件库网格服务节点,验证了该体系结构和实现技术的有效性. 相似文献
11.
In an ideal gadget-free environment the user is interacting with the environment and the services through only “natural” means. This imposes restrictions on many aspects of the interaction. One key element in this is user authentication, because it assures the environment and related services of the legitimacy of user’s actions and empowers the user to carry out his tasks. We present five high-level categories of features of user authentication in the gadget-free world including security, privacy and usability aspects. These are adapted and extended from earlier research on web authentication methods. We survey existing authentication methods together with some emerging technologies and evaluate these according to the features in our categories. Our results show, that no single authentication method can realise all these requirements for authentication. In conclusion, we give future research directions and open problems that stem from our observations. Especially, finding combinations of authentication factors and methods that achieve all requirements is an interesting problem in the gadget-free scenario. 相似文献
12.
讨论了如何保护一个基于面向服务架构(SOA)的生产环境和利用WebLogic安全基础来使用网关验证用户身份,分析了在WebLogic中基于周边身份验证的身份验证网关架构之优点。通过身份验证机制被公开为一个服务,而SOA之下可用的所有其他服务都重用该服务,基于WebLogicServer服务器实现跨域启用集中式身份验证的面向服务架构。 相似文献
13.
通过分析军事网格中资源发现对安全认证的需求和网格中已有的认证模型,提出一种基于身份的资源发现认证模型。该模型以基于身份的公钥密码体制ID-PKC为基础,能够一次完成一个资源请求者和多个资源提供者之间的安全认证,同时完成临时会话密钥的共享。对比分析表明该模型能够提高多信任域环境中多个实体之间双向认证的效率,更符合军事网格环境中资源发现的实际需要。 相似文献
14.
目前,国家电网公司已确立IP多媒体子系统(IP multimedia subsystem,IMS)作为下一代电网行政交换网的主流技术,针对国家电网的信息安全要求,电力IMS网络安全接入问题需要进一步的探讨。文中对IMS网络的安全架构进行详细分析,综合分析了IMS AKA(authentication and key agreement)的接入流程,并指出IMS AKA现存的一些安全漏洞。针对这些漏洞,提出了一种模糊用户身份的IMS网络安全接入认证算法。该算法首先使用基于模幂运算的无密钥加密技术生成一次性标识来模糊用户身份以达到身份保护的目的,然后再通过椭圆曲线加密技术来优化认证密钥协商模块。通过性能和安全性分析,该算法能够有效降低计算成本,减少存储空间,提高了应对攻击的能力,保证了电力IMS业务的安全接入。 相似文献
15.
现有的智能电网身份认证方案大多存在计算成本高和认证流程复杂的问题,不适用于智能电网中资源受限的智能设备。而一些轻量级的方案却存在各种安全漏洞,这些方案都无法在效率和安全性之间实现所需的权衡。针对上述问题,基于椭圆曲线加密算法设计了一个增强的可证明安全的智能电网轻量级匿名认证方案。引入辅助验证器,摆脱在认证阶段对于电力供应商的依赖,在保护智能电表真实身份的条件下实现网关和智能电表之间的相互认证。同时,可以通过伪身份对恶意智能电表进行身份的溯源和撤销。通过在随机预言模型下的安全性分析和仿真工具ProVerif证明了方案具备较高的安全属性。性能分析表明,所提方案能够满足智能电网环境下对于安全性和高效性的要求。 相似文献
16.
There is a potential server bottleneck problem when the Kerberos model is applied in large-scale networks because the model uses centralized management. To enlarge its application scope, researchers must consider how to build a trust relation among those Kerberos servers located on different isolated domains, but have not provided a way to prevent the potential bottleneck that can occur with Kerberos servers. With the development of across-domain authentication techniques, the local server bottleneck problem has not been alleviated; in fact, it has become more serious.Adopting the rigorous binary tree code algorithm, we present an authentication model based on Kerberos. Compared with similar models, our model has several advantages. First, it overcomes the potential server bottleneck problem and can balance the load automatically. Second, it can process across-domain authentication and enlarge the authentication boundary. Finally, its authentication path is short, with no more than two Kerberos servers being involved when authenticating a user. 相似文献
17.
Jason Crampton Hoon Wei Lim Kenneth G. Paterson Geraint Price 《International Journal of Information Security》2011,10(3):137-153
Certificate-based public key infrastructures are currently widely used in computational grids to support security services.
From a user’s perspective, however, certificate acquisition is time-consuming and public/private key management is non-trivial.
In this paper, we propose a security infrastructure for grid applications, in which users are authenticated using passwords.
Our infrastructure allows a user to perform single sign-on based only on a password, without requiring a public key infrastructure.
Moreover, hosting servers in our infrastructure are not required to have public key certificates. Nevertheless, our infrastructure
supports essential grid security services, such as mutual authentication and delegation, using public key cryptographic techniques
without incurring significant additional overheads in comparison with existing approaches. 相似文献
18.
网格环境下多域间的认证机制研究 总被引:5,自引:0,他引:5
随着网格技术的出现与应用,其安全问题也已成为人们研究的重点。网格操作系统Globus的安全体系架构GSI(Globus Security Infrastructure)提供了单个认证域下安全问题的解决方案,但基于网格的广域特性,如何解决其多个域间的安全认证是目前亟待解决的问题。首先简单介绍了GSI的安全认证机制,然后在此模型基础上引入域间映射的思想,提出了一种用于多个认证域间相互认证的方法,完善了网格环境中的安全认证机制。文章最后详细介绍了该方法的实现过程。 相似文献
19.
网格计算系统中的资源共享和协同工作建立在虚拟组织基础之上,各种资源的共享是受认证和授权控制的。可以说,认证授权是网格安全的本质,是网格计算系统成败的关键。因此,研究虚拟组织的认证授权模型具有重要意义。根据GSl模型提出了一种基于VO的统一认证与授权模型。 相似文献
20.
Amina Souag Raúl Mazo Camille Salinesi Isabelle Comyn-Wattiau 《Requirements Engineering》2016,21(2):251-283
Security is a concern that must be taken into consideration starting from the early stages of system development. Over the last two decades, researchers and engineers have developed a considerable number of methods for security requirements engineering. Some of them rely on the (re)use of security knowledge. Despite some existing surveys about security requirements engineering, there is not yet any reference for researchers and practitioners that presents in a systematic way the existing proposals, techniques, and tools related to security knowledge reuse in security requirements engineering. The aim of this paper is to fill this gap by looking into drawing a picture of the literature on knowledge and reuse in security requirements engineering. The questions we address are related to methods, techniques, modeling frameworks, and tools for and by reuse in security requirements engineering. We address these questions through a systematic mapping study. The mapping study was a literature review conducted with the goal of identifying, analyzing, and categorizing state-of-the-art research on our topic. This mapping study analyzes more than thirty approaches, covering 20 years of research in security requirements engineering. The contributions can be summarized as follows: (1) A framework was defined for analyzing and comparing the different proposals as well as categorizing future contributions related to knowledge reuse and security requirements engineering; (2) the different forms of knowledge representation and reuse were identified; and (3) previous surveys were updated. We conclude that most methods should introduce more reusable knowledge to manage security requirements. 相似文献