共查询到20条相似文献,搜索用时 109 毫秒
1.
2.
为了有效管理云系统间跨域互操作中安全策略的实施,提出一种适用于云计算环境的多域安全策略验证管理技术。首先,研究了安全互操作环境的访问控制规则和安全属性,通过角色层次关系区分域内管理和域间管理,形式化定义了基于多域的角色访问控制(domRBAC)模型和基于计算树逻辑(CTL)的安全属性规范;其次,给出了基于有向图的角色关联映射算法,以实现domRBAC角色层次推理,进而构造出了云安全策略验证算法。性能实验表明,多域互操作系统的属性验证时间开销会随着系统规模的扩大而增加。技术采用多进程并行检测方式可将属性验证时间减少70.1%~88.5%,其模型优化检测模式相比正常模式的时间折线波动更小,且在大规模系统中的时间开销要明显低于正常模式。该技术在规模较大的云系统安全互操作中具有稳定和高效率的属性验证性能。 相似文献
3.
提出一种扩展的基于角色的访问控制ERBAC模型,以解决RBAC在多域云系统的资源使用约束、策略管理和互操作安全性等方面存在的不足。首先,通过引入容器元素和两类角色基数约束,构建了基于容器元素+动态角色基数约束的资源使用策略;其次,深入研究了多域角色继承管理,提出基于先检测后建立角色关系的域间策略管理函数,并给出各类安全策略冲突检测算法。分析表明,ERBAC模型实现了资源使用约束、支持高效的安全策略管理,提高了跨域互操作的安全性,且性能测试说明了该模型在多域云系统中具有适应性和可行性。 相似文献
4.
多域安全互操作的可管理使用控制模型研究 总被引:4,自引:0,他引:4
多域环境的异构、动态和区域自治的特点为安全互操作访问控制研究提出了新的挑战。近来在多域安全互操作访问控制方面做了大量研究,大多在单域内基于角色访问控制的前提下,将外域角色映射到本地角色来实现访问控制,在外域和本地角色的管理上缺乏系统化的统一。本文提出了可管理的使用控制模型,对外域和本地用户角色指派进行统一管理,弥补了原有模型的安全漏洞。该模型提供了足够的灵活性,可以区分外域用户和本地用户,并且对外域用户实施更为严格的控制,同时保留了传统 RBAC 模型的优点。该访问控制模型正在实践中实施。 相似文献
5.
多自治域互操作中的风险评估是异构环境下信息安全的重要内容。本文在分析风险特征的基础上给出了基于模糊评判的多自治域互操作风险事件关联算法;同时引入确信度学习方法来为保证精确性,有效检测和识别重复风险事件发生,提取风险事件类别;最后引入互操作服务风险指数概念,实时评估多自治域互操作服务的安全态势和风险状况。
相似文献
相似文献
6.
多域环境下安全互操作研究进展 总被引:2,自引:1,他引:1
多域安全互操作是通过认证机制、访问控制机制和审计机制来实现多个分布、异构、自治区域间安全的资源共享和信息交互的过程.系统介绍了这一新型研究领域的理论基础和应用现状,从解决访问控制安全和域间策略冲突的角度,对域间角色转换技术、基于信任管理、基于PKI和基于时间限制等方向的多项研究成果和关键技术进行分析和点评,重点探讨了多域环境下各自治域间策略集成算法的建模和实现,最后针对目前研究工作中存在的问题,对该领域未来的发展方向和趋势做出展望. 相似文献
7.
8.
多自治域协同环境中群组通信的安全访问控制 总被引:4,自引:0,他引:4
支持多自治域协作的安全通信环境是大规模分布式应用的基础,群通信由于高效、可伸缩等特点,成为这种协作环境的一种基本通信方式.然而,由于没有集中的控制中心,实体分别隶属于异构的自治域且动态变化,引发了大量新的安全访问控制问题.针对多域协作的异构性和动态性特点,提出一套基于角色的分布式信任管理的解决方案,重点解决了动态联合授权以及基于属性的委托授权.在此基础上建立了一套较完整的安全通信体系,包括安全策略的协商、信任证的颁发、信任证与安全策略的一致性验证以及用户访问权限论证等.它为多域协作环境的群通信提供了更加灵活、可靠、安全的访问控制模式. 相似文献
9.
10.
11.
12.
《Multimedia, IEEE Transactions on》2009,11(4):765-779
13.
设计和构建了一个基于结构化对等网络的计算资源共享平台DHT-CRSP。它可以把因特网上用户提交的科学计算作业高效地映射到平台中合适的工作节点上运行,通过容错和安全机制,能保证系统的可靠性和正确性。描述了DHT-CRSP中支持的两种分布式哈希表:Chord协议节点树和CAN协议空间区域;分析了DHT-CRSP中高效的资源匹配算法。通过构建评测环境,运行各种负载与作业场景下的结果表明,DHT-CRSP系统可以获得好的负载均衡性能、低的资源匹配代价,它提供了一种构建高性能的桌面网格平台的新思路。 相似文献
14.
Gupta R. Sekhri V. Somani A.K. 《Parallel and Distributed Systems, IEEE Transactions on》2006,17(11):1306-1320
Internet computing is emerging as an important new distributed computing paradigm in which resource intensive computing is integrated over Internet-scale networks. Over these large networks, different users and organizations share their computing resources, and computations take place in a distributed fashion. In such an environment, a framework is needed in which the resource providers are given incentives to share their resources. CompuP2P is a lightweight architecture for enabling Internet computing. It uses peer-to-peer networks for sharing of computing resources. CompuP2P create dynamic markets of network accessible computing resources, such as processing power, memory storage, disk space, etc., in a completely distributed, scalable, and fault-tolerant manner. This paper discusses the system architecture, functionality, and applications of the proposed CompuP2P architecture. We have implemented a Java-based prototype, and our results show that the system is light-weight and can provide almost a perfect speedup for applications that contain several independent compute-intensive tasks 相似文献
15.
16.
A. MukherjeeAuthor Vitae P. Watson Author Vitae 《Future Generation Computer Systems》2012,28(1):171-183
Grid computing enables users to perform computationally expensive applications on distributed resources acquired dynamically. Users are allowed to combine structured data and analysis components into new applications from distributed sites into new applications. Distributed query processing offers an established way of structuring such computations, and well-known tools like OGSA-DAI and OGSA-DQP provide respectively a common interface to heterogeneous databases, and a way of exploiting distributed resources. Such significant benefits are however often undermined by high communication costs due to the need to move data between distributed resources. This paper describes an approach that addresses this by dynamically deploying query processing engines, analysis services and databases within virtual machines, on an internet-scale, so as to reduce communication costs. Results of internet-scale experiments are presented to demonstrate the performance benefits. Further, the use of dynamic deployment features based on requirements allows the creation of an ad-hoc runtime engine and thus opens up the possibility of creating a virtual marketplace for software and hardware resources. 相似文献
17.
In recent years, a variety of computational sites and resources have emerged, and users often have access to multiple resources that are distributed. These sites are heterogeneous in nature and performance of different tasks in a workflow varies from one site to another. Additionally, users typically have a limited resource allocation at each site capped by administrative policies. In such cases, judicious scheduling strategy is required in order to map tasks in the workflow to resources so that the workload is balanced among sites and the overhead is minimized in data transfer. Most existing systems either run the entire workflow in a single site or use naïve approaches to distribute the tasks across sites or leave it to the user to optimize the allocation of tasks to distributed resources. This results in a significant loss in productivity. We propose a multi-site workflow scheduling technique that uses performance models to predict the execution time on resources and dynamic probes to identify the achievable network throughput between sites. We evaluate our approach using real world applications using the Swift parallel and distributed execution framework. We use two distinct computational environments-geographically distributed multiple clusters and multiple clouds. We show that our approach improves the resource utilization and reduces execution time when compared to the default schedule. 相似文献
18.
19.
Floor control for multimedia conferencing and collaboration 总被引:12,自引:0,他引:12
Floor control allows users of networked multimedia applications to utilize and share resources such as remote devices, distributed
data sets, telepointers, or continuous media such as video and audio without access conflicts. Floors are temporary permissions
granted dynamically to collaborating users in order to mitigate race conditions and guarantee mutually exclusive resource
usage. A general framework for floor control is presented. Collaborative environments are characterized and the requirements
for realization of floor control will be identified. The differences to session control, as well as concurrency control and
access control are elicited. Based upon a brief taxonomy of collaboration-relevant parameters, system design issues for floor
control are discussed. Floor control mechanisms are discerned from service policies and principal architectures of collaborative
systems are compared. The structure of control packets and an application programmer's interface are proposed and further
implementation aspects are elaborated. User-related aspects such as floor presentation, assignment, and the timely stages
of floor-controlled interaction in relation to user-interface design are also presented. 相似文献