| 基于反馈机制的网格动态授权新模型 |
| |
| 引用本文: | 李明楚,杨彬,钟炜,田琳琳,江贺,胡红钢.基于反馈机制的网格动态授权新模型[J].计算机学报,2009,32(11). |
| |
| 作者姓名: | 李明楚 杨彬 钟炜 田琳琳 江贺 胡红钢 |
| |
| 作者单位: | 1. 大连理工大学软件学院,辽宁,大连,116621
2. 中国科学院软件研究所信息安全国家重点实验室,北京,100049 |
| |
| 基金项目: | 国家自然科学基金,辽宁省自然科学基金,高等学校博士学科点基金,重庆科技局自然科学计划项目,国家"九七三"重点基础研究发展规划项目基金 |
| |
| 摘 要: | 网格现有的授权系统存在静态性问题,表现为没有提供机制来反馈用户对授予的权限的使用情况.当一个本来可信的用户或服务变成不可信时,授权系统不能及时发现,对其权限进行调整可能导致恶意用户对网格系统的破坏.因此,在授权系统中建立反馈机制,根据用户的行为动态地调整用户角色,对于网格系统的安全具有重大意义.文中分析了网格中现有的授权系统及信任模型的特点,指出它们存在的不足.在此基础上提出一种基于反馈机制的动态授权新模型,很好地解决了现有授权系统的静态性的缺点.该模型是对CAS授权系统的改进,增加了反馈机制和信任度计算机制.其中,信任度计算机制中提出的基于行为的分层信任新模型较以往的信任模型相比,使用服务权值来区分重要服务和普通服务,从而保护了网格中的重要服务并且能有效地抑制恶意节点的行为;文中提出了一种新的更加精确地计算域间推荐信任度的方法,从而解决了不诚实反馈的问题.反馈机制则利用基于行为分层信任模型给出的用户信任度的变化,实现了根据用户的行为动态调整他的角色.文中还设计了三组模型实验,分别验证新模型的特点、对网格中恶意实体行为的抑制情况,从不同的角度对模型进行了实验,对基于行为的分层信任模型对行为的敏感性、收敛性、有效性及合理性加以了证明.
|
| 关 键 词: | 反馈机制 群组授权服务 信任模型 动态授权 网格计箅 |
Grid Dynamic Authorization Model Based on Feedback Mechanism |
| |
| LI Ming-Chu,YANG Bin,ZHONG Wei,TIAN Lin-Lin,JIANG He,HU Hong-Gang.Grid Dynamic Authorization Model Based on Feedback Mechanism[J].Chinese Journal of Computers,2009,32(11). |
| |
| Authors: | LI Ming-Chu YANG Bin ZHONG Wei TIAN Lin-Lin JIANG He HU Hong-Gang |
| |
| Abstract: | There is a problem of static status in the existing authorization systems of grids that don't provide feedback mechanism to feedback the use of permission by users. When a user or a service with creditability at the past would become unlikelihood, the authorization systems could not find this status in time to adjust the user's permission, so that it is possible for malicious us-ers to destroy the grid systems. Thus, building feedback mechanism in authorization to adjust us-ers' roles by their behavior dynamically is necessary to the security of grid systems. In this pa-per, we analyze the characteristics of the existing authorization systems and trust models in grid, and point out their shortcomings. This paper proposes a new dynamic authorization model based on feedback mechanism to solve static state of mechanisms. This model improves the authoriza-tion system for CAS, and adds trust degree computing mechanism and feedback mechanism to CAS. This paper proposes a new trust model with two layers based on behavior in the trust de-gree computing mechanism to distinguish important services and common services by using service weight, so it effectively protects important services in grid from the attack of malicious nodes; This paper also use a new method to account trust degrees between domains to solve the problem of dishonesty feedback. By using two-layer trust model based on behavior to get the changes of trust degrees, the feedback mechanism can adjust users' roles by users' behavior. In this paper, a series of simulation experiments are designed such as validating the characteristic of new model, controlling to malicious nodes. These experiments validate the sensitivity, astringency, validity and rationality with behavior in the two-layer trust model based on these behaviors. |
| |
| Keywords: | feedback mechanism CAS trust model dynamic authorization grid computing |
| 本文献已被 万方数据 等数据库收录! |
|
