排序方式: 共有68条查询结果,搜索用时 272 毫秒
1.
鉴于现在的网络越来越复杂,其中,用户数量大、服务类型多、安全机制不统一的特点决定了SOA环境中异构多域的情况,给出了一种基于模糊理论的信任管理方法,并将该方法与证书转换服务结合起来提出了一种 SOA 环境中的跨域认证方案,在该方案中,用户域使用信任管理方法来保证安全性,服务域结合信任管理与证书认证来保证安全性,并且用户可以透明地访问采用不同底层安全机制的域中服务,实现安全跨域认证。分析表明,该方案具有安全与普适的优势,可以满足SOA环境下身份认证的需求。 相似文献
2.
信任管理技术基于授权凭证签发、通过分布式凭证搜索验证信任关系链,有效实现了开放环境下的分布式授权和访问控制过程。然而,由于开放式环境下信任网络的复杂性和动态性,传统的信任管理系统在凭证搜索、凭证链的建立方面效率不高。针对这一问题,提出了一种自治化的信任管理系统,通过引入权限路由表的概念,使得凭证链建立的过程中,凭证的搜索能够始终导向权限请求的客体。在信任网络比较复杂,权限请求频繁的情况下,自治化的信任管理系统能够提高凭证搜索和凭证链建立的效率。 相似文献
3.
针对目前信息安全类游戏缺乏协同机制以及协同过程中敏感信息易泄露的问题,基于改进的信任管理和信任协商技术,设计了一种基于信任协商的网络协同攻防游戏模型,将信任协商技术应用到协同过程中,降低了协同过程中敏感信息泄露的风险,并探讨了自适应信任协商策略模式.通过实验分析证明了自适应信任协商在效率方面的优势. 相似文献
4.
R. Bhaskar K. Chandrasekaran S.V. Lokam P.L. Montgomery R. Venkatesan Y. Yacobi 《Electronic Notes in Theoretical Computer Science》2008,197(2):141
We show the following:
- (i) In existing anonymous credential revocation systems, the revocation authority can link the transactions of any user in a subset T of users in O(log|T|) fake failed sessions.
- (ii) A concern about the DLREP-I anonymous credentials system described in [Stefan Brands: Rethinking public key infrastructure and Digital Certificates; The MIT Press, Cambridge Massachusetts, London England. ISBN 0-262-02491-8] and [Stefan Brands: A Technical Overview of Digital Credentials; February 2002 (was a white paper in credentica.com)].
Keywords: Anonymous credential system; trust certification; DLREP-I 相似文献
5.
一种基于隐藏证书的自动信任协商模型 总被引:1,自引:0,他引:1
自动信任协商是一种通过逐步暴露证书和访问控制策略以确立协商双方信任关系的安全方法。隐藏证书采用椭圆曲线加密的原理,具有极好的安全保密性与数据完整性。本文将隐藏证书引入到自动信任协商系统中,提出了一种基于隐藏证书的自动信任协商模型(简称为HCBATN)。该模型使用隐藏证书来携带并传递双方交换的证书、访问控制策略、资源等信息,充分保护了证书、策略的敏感信息以及用户个人隐私;同时具有单轮回证书交换、较小的网络开销、较低的证书保存、较高安全保密性等优点。 相似文献
6.
7.
信任管理(TM)是面向开放多域环境的分布式授权技术。TM系统从网络中搜索委派凭证以进行分布式授权决策,面临效率和可用性问题。本文提出一种基于SPKI的分布式凭证存储框架,将委派凭证冗余地存储到相关实体,以避免委派凭证的动态搜索过程,有助于解决现有TM系统凭证管理的局限性。 相似文献
8.
Automated trust negotiation (ATN) is an approach establishing mutual trust between strangers wishing to share resources or conduct business by gradually requesting and disclosing digitally signed credentials. The digital credentials themselves are usually sensitive, so they have corresponding access control policies to control their disclosure. Therefore, an ATN strategy must be adopted to determine the search for a successful negotiation based on the access control policies. Previously proposed negotiation strategies are either not complete, disclosing irrelevant credentials, or not efficient enough. In this paper, we propose a novel ATN strategy, that is, Deterministic Finite Automaton Negotiation Strategy (DFANS). DFANS is complete and ensures that no irrelevant credentials are disclosed during the negotiation. Furthermore, DFANS is highly efficient. In the worst case, its communication complexity is O(n), where n is the total number of credentials requested, and its computational complexity is O(m) when not involving the cyclic dependencies, where m is the total size of the both sides' policies looked up during the negotiation. When cyclic dependencies exist, a reasonable additional cost of running OSBE protocol that is a provably secure and quite efficient scheme will be added to the computational cost of DFANS to guarantee the negotiation success whenever possible. 相似文献
9.
In grid computing environment, grid users often need to authorize remote computers acting as original users’ identity. But
the original user may be under the risk of information leakage and identity abused for sending his credential to remote computing
environment. Existing grid security practice has few means to enforce the security of credential delivery. Trusted Computing
(TC) technology can be added to grid computing environment to enhance the grid security. With TC using an essential in-platform
(trusted) third party, Trusted Platform Module (TPM), we can use TC to protect the user credential. In this paper we present
credential migration management (CMM) system, which is a part of Daonity project, to manifest migrating credential in security
between different computers with TPM. 相似文献
10.
Web服务本身的特性和分布式网络环境的复杂性使得访问控制成为一个富有挑战性的问题.该文提出了一种新型访问控制模型,引入了上下文参数,使得模型是上下文可知的,并能根据当时的上下文情况进行控制决策;采用基于用户属性的Web服务访问授权和控制方式,用户通过提供相关的信任证证明其拥有的属性.该模型较好地解决了Web服务的访问控制的新问题,适合分布式的、动态变化的Web服务环境. 相似文献