基于标签树的自动信任协商策略分析

网络实体间的信任建立是彼此进行安全交互的前提,自动信任协商为分布式环境下陌生实体的信任建立提供了方法.但现有的信任协商默认协商中访问控制策略正确,而策略本身很可能存在某些问题,导致协商失败.重点分析协商策略的性质,首先针对可能存在的冲突策略、平凡策略等策略不一致问题,构建了一种基于标签树的逻辑证明方法,进行策略一致性的检测,并证明了此证明方法的可靠性、完备性;其次,通过对策略树进行化简以求得最小证书集,并对其进行一次性披露和匹配,尽快达成成功协商,从而避免策略环问题,提高协商效率及成功率.

Analysis of Automated Trust Negotiation Policy Based on Label Tree

In the virtual computing environment the securing co-operation is based on the trust between the strangers,automated trust negotia-lion provides a mean to establish strangers in distributed situation. However, the current negotialion takes it for granted that the access control policy of negotiation is correct, which will probably has many problems to lead negotiation to fail. This paper emphasized on analyzing the characters of negotiation policy. Firstly, aiming at the inconsistency problems such as inconsistent policy and trivial policy, this paper established a logic proving method based on label binary tree in order to test policy consistency, so as to prove the soundness and completeness of this method.Secondly, this paper gained the minimal credential set by predigesting the policy tree, then successful negotiation was achieved through oncoff discovering the minimal credential set, which will avoid the policy circle and improve the efficiency and the probability of negotiation.