共查询到20条相似文献,搜索用时 343 毫秒
1.
Automated Trust Negotiation (ATN) is an important method to establish trust relationship between two strangers by exchanging their access control policies
and credentials. Unfortunately, ATN is not widely adopted because of the complexity and multiformity of negotiation policies,
especially in virtual computing environment, where the situation becomes worse than in traditional computing environment,
due to the fact that a host with multiple virtual machines needs to be deployed with multiple negotiation policies. Moreover,
all of these policies for each virtual machine must be upgraded and checked. To ease the burden on the administrator when
deploying ATN access control policies and credentials in virtual computing environment, we propose an automated trusted negotiation
architecture called virtual automated trust negotiation (VATN) to centralize ATN policies and credentials for multiple virtual machines in a physical node into a privileged virtual
machine. VATN puts policy compliance checker and credential verification control in each virtual machine to improve the execution
efficiency of trust negotiation. We implement VATN in Xen virtualization platform. Finally, we discuss the correctness of
policy consistency checking and make performance analysis of VATN implemented in Xen. 相似文献
2.
自动信任协商及其发展趋势 总被引:29,自引:0,他引:29
属性证书交换是一种在不同安全域里共享资源或进行商业事务交易的陌生人之间建立双方信任关系的重要手段.自动信任协商则通过使用访问控制策略提供了一种方法来规范敏感证书的交换,从而保护了用户的敏感证书信息、敏感访问控制策略与个人隐私,以及提高协商效率和协商成功率.对自动信任协商的研究动态进行了调研,对该领域的相关技术进行了归类及介绍.在认真分析现有技术的基础上,总结了当前自动信任协商的不足,并指出了自动信任协商继续发展应遵守的原则以及自动信任协商的未来发展趋势. 相似文献
3.
4.
5.
6.
Automated trust negotiation (ATN) is an approach to establishing mutual trust between strangers wishing to share resources
or conduct business by gradually requesting and disclosing digitally signed credentials. In ATN, there are conflicts between
negotiation success and sensitive information protection, that is, these two needs cannot be given priority at the same time,
which is a challenging problem to resolve. In this paper, a language independent ATN framework, which is dynamic, flexible
and adaptive, is presented to address this problem, ensuring negotiation success without sensitive information leakage. This
framework is independent of the policy language which is used. However, the language used should have the capability to specify
all kinds of sensitive information appearing in credentials and policies, and support the separation of attribute disclosure
from credential disclosure. Thus definitions of new language features, which can be incorporated into existing policy languages,
are given, enabling the used language to support the capabilities mentioned above. 相似文献
7.
自动信任协商是一种在开放网络环境下陌生实体之间通过披露属性证书建立双方信任关系的重要手段。针对传统信任协商中协商规则描述较为严格、协商成功率和效率较低的问题,提出了一种基于模糊逻辑的自动信任协商方案,它通过将模糊逻辑引入信任协商,对信任协商规则进行模糊化处理,可以更简单而灵活地描述协商规则,并由此优化协商路径选择。分析表明,这种协商方案能够在一定程度上提高协商成功率和效率。 相似文献
8.
9.
自动信任协商(ATN)是指通过暴露信任凭证与访问控制策略进行匹配以达到建立信任关系的目的。在开放的分布式环境中,策略一致性管理便于网络用户发现资源,并及时了解访问资源所需具备的条件。当前,自动信任协商中的策略一致性管理由资源方进行维护,这不利于资源被发现,限制了资源的共享,浪费了资源方宝贵的计算资源。针对这些问题,提出了一种有效的策略一致性管理方法。该方法设立可信第三方,使用LDAP协议集中管理资源方的访问控制策略,使用通用语言XML对策略进行描述,可有效检测与避免策略更新、删除等所带来的策略不一致问题。 相似文献
10.
11.
Automated trust negotiation (ATN) offers an attractivemeans for trust establishments, which establishesmutual trust among strangers wishing to share resources or conduct business, but it comes at the cost of non-trivial computation and communication overheads. The deployment of ATN strategies on a resource-constrained mobile device may lead to user-obstructive latency for operations. In this paper, we propose a trust negotiation strategy called trust target Petri nets negotiation strategy (TPNNS). It highly reduces the negotiation latency in the mobile device compared with other negotiation strategies, since it considers all the alternative responses at each step and chooses the best one. TPNNS supports cycle avoidance and employs skipped TPN which is a new approach presented in this paper. What is more, it is complete and ensures no irrelevant credentials are disclosed during the trust negotiation. 相似文献
12.
自动信任协商中,访问控制策略规范了用户访问资源的行为从而保护敏感信息与资源,当策略本身就包含敏感信息时,则策略的暴露会泄露隐私信息;而对策略的敏感信息再次进行保护时,则增加了协商复杂性。针对策略保护的矛盾,提出一种基于规则的自动信任协商模型——RBAM。对策略进行分解,将非敏感策略与域约束归为一类,并使用Agent技术来协商双方的交互,从而达到降低协商复杂度、提高协商效率的目的。 相似文献
13.
自动信任协商是陌生实体通过交替地披露属性证书建立信任关系的一种方法。主体拥有的不同属性之间可能存在着某种联系,某些属性的披露会导致其它敏感信息的泄露,即推理攻击。本文分析了属性间的线性关系,提出了属性敏感强度的概念,定义了属性敏感强度的偏序关系,在此基础上定义了自动信任协商系统抽象模型。针对几类推理攻击给出了相应的防御方案及其安全性分析。 相似文献
14.
一种基于隐藏证书的自动信任协商模型 总被引:1,自引:0,他引:1
自动信任协商是一种通过逐步暴露证书和访问控制策略以确立协商双方信任关系的安全方法。隐藏证书采用椭圆曲线加密的原理,具有极好的安全保密性与数据完整性。本文将隐藏证书引入到自动信任协商系统中,提出了一种基于隐藏证书的自动信任协商模型(简称为HCBATN)。该模型使用隐藏证书来携带并传递双方交换的证书、访问控制策略、资源等信息,充分保护了证书、策略的敏感信息以及用户个人隐私;同时具有单轮回证书交换、较小的网络开销、较低的证书保存、较高安全保密性等优点。 相似文献
15.
自动信任协商研究 总被引:39,自引:2,他引:39
在Internet日益孕育新技术和新应用的同时,交互主体间的生疏性以及共享资源的敏感性成为跨安全域信任建立的屏障.自动信任协商是通过协作主体间信任证、访问控制策略的交互披露,逐渐为各方建立信任关系的过程.系统介绍了这一崭新研究领域的理论研究和应用进展情况,并对信任协商中的协商模型、协商体系结构、访问控制策略规范、信任证描述及发现收集、协商策略及协商协议等多项关键技术的研究现状进行分析和点评,最后针对目前研究工作中存在的一些问题,对未来的研究方向及工作进行展望.通过对自动信任协商的研究及其进展的介绍,希望有助于在维护开放网络中主体自治性和隐私性的同时,研究更高效、实用的信任自动建立技术. 相似文献
16.
RNA二级结构预测中动态规划的优化和有效并行 总被引:6,自引:0,他引:6
基于最小自由能模型的方法是计算生物学中RNA二级结构预测的主要方法,而计算最小自由能的动态规划算法需要O(n4)的时间,其中n是RNA序列的长度.目前有两种降低时间复杂度的策略:限制二级结构中内部环的大小不超过k,得到O(n2×k2)算法;Lyngso方法根据环的能量规则,不限制环的大小,在O(n3)的时间内获得近似最优解.通过使用额外的O(n)的空间,计算内部环中的冗余计算大为减少,从而在同样不限制环大小的情况下,在O(n3)的时间内能够获得最优解.然而,优化后的算法仍然非常耗时,通过有效的负载平衡方法,在机群系统上实现并行程序.实验结果表明,并行程序获得了很好的加速比. 相似文献
17.
自动信任协商是跨多安全域的实体间建立信任关系的一种新方法,协商策略规定了协商过程中信任凭证和访问控制策略的披露方式。针对目前的研究中没有区分凭证的敏感度的问题,引入凭证权重的概念,设计了一种基于带权重的树的协商策略,采取局部取优的思想,每次在访问控制策略可选的情况下选取最小权重的凭证进行披露,直至协商成功或失败。经证明,该策略安全、完备且高效。 相似文献
18.
19.
Efficient Graph-Theoretic Algorithms on a Linear Array with a Reconfigurable Pipelined Bus System 总被引:1,自引:0,他引:1
Amitava Datta 《The Journal of supercomputing》2002,23(2):193-211
We present efficient algorithms for solving several fundamental graph-theoretic problems on a Linear Array with a Reconfigurable Pipelined Bus System (LARPBS), one of the recently proposed models of computation based on optical buses. Our algorithms include finding connected components, minimum spanning forest, biconnected components, bridges and articulation points for an undirected graph. We compute the connected components and minimum spanning forest of a graph in O(log n) time using O(m+n) processors where m and n are the number of edges and vertices in the graph and m=O(n
2) for a dense graph. Both the processor and time complexities of these two algorithms match the complexities of algorithms on the Arbitrary and Priority CRCW PRAM models which are two of the strongest PRAM models. The algorithms for these two problems published by Li et al. [7] have been considered to be the most efficient on the LARPBS model till now. Their algorithm [7] for these two problems require O(log n) time and O(n
3/log n) processors. Hence, our algorithms have the same time complexity but require less processors. Our algorithms for computing biconnected components, bridges and articulation points of a graph run in O(log n) time on an LARPBS with O(n
2) processors. No previous algorithm was known for these latter problems on the LARPBS. 相似文献
20.
《Advanced Robotics》2013,27(8):703-715
This article describes an efficient recursive algorithm for the computation of the operational space inertia matrix of an n-link branching robotic mechanism with multiple (m) operational points. The proposed algorithm achieves the complexity of O(nm + m 3). Since m can be considered as a small constant in practice, as the number of links increases, this algorithm performs significantly better than the existing O(n 3 + m 3) symbolic method. The experimental results of this algorithm are presented using real-time dynamic simulation. 相似文献