| 自动信任协商中的推理攻击分析 |
| |
| 引用本文: | 杨秋伟,洪帆,郑明辉,廖俊国.自动信任协商中的推理攻击分析[J].计算机科学,2007,34(7):76-79. |
| |
| 作者姓名: | 杨秋伟 洪帆 郑明辉 廖俊国 |
| |
| 作者单位: | 华中科技大学计算机学院,武汉430074 |
| |
| 基金项目: | 国家自然科学基金
,
湖北省教育厅科研项目 |
| |
| 摘 要: | 自动信任协商是陌生实体通过交替地披露属性证书建立信任关系的一种方法。主体拥有的不同属性之间可能存在着某种联系,某些属性的披露会导致其它敏感信息的泄露,即推理攻击。本文分析了属性间的线性关系,提出了属性敏感强度的概念,定义了属性敏感强度的偏序关系,在此基础上定义了自动信任协商系统抽象模型。针对几类推理攻击给出了相应的防御方案及其安全性分析。
|
| 关 键 词: | 信任证 自动信任协商 推理攻击 授权管理 |
The Analysis of Inference Attack in Automated Trust Negotiation |
| |
| YANG Qiu-Wei,HONG Fan,ZHENG Ming-Hui,LIAO Jun-Guo.The Analysis of Inference Attack in Automated Trust Negotiation[J].Computer Science,2007,34(7):76-79. |
| |
| Authors: | YANG Qiu-Wei HONG Fan ZHENG Ming-Hui LIAO Jun-Guo |
| |
| Affiliation: | Department of Computer Science, Huazhong University of Science ~ Technology, Wuhan 430074 |
| |
| Abstract: | Automated trust negotiation is an approach to build trust relationship between strangers by disclosing attribute credentials alternately. The attributes owned by principles are always relevant each other, so disclosing some attributes maybe induce leakage of sensitive information, namely inference attack. We give the definition and partial order of sensitivity intensity of private attribute, then an abstract automated trust negotiation model is proposed, which depicts relevancy not only between principles and attributes, but also between policies and attributes. As a result, several inference attacks in automated trust negotiation are discussed, then defense scheme and security analysis are presented. |
| |
| Keywords: | Credential Automated trust negotiation Inference attack Authorization management |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机科学》浏览原始摘要信息 |
|
点击此处可从《计算机科学》下载全文 |
|
