共查询到20条相似文献,搜索用时 15 毫秒
1.
A trust degree based access control in grid environments 总被引:1,自引:0,他引:1
The purpose of grid computing is to enable coordinated resource sharing and support cooperative work between different domains in dynamic grid environments. In order to protect each participant’s privilege and security, a secure and efficient access control is essential. This paper presents a new approach of access mechanism based on trust relationships across domains. A new calculation method of trust in grid is proposed and the difference between intro-domain trust and inter-domain trust is analyzed. In addition, a novel access control framework combined with trust degree is given from this proposal. It is shown to be adaptive for both intro-domain and inter-domain conditions. Hence, a prototype system based on the proposed model is introduced; furthermore, it has been shown as a dynamic and fine-granularity access control method through performance analyses and has also been demonstrated as a suitable system for grid environments. 相似文献
2.
网格安全技术主要解决网格环境中实体之间的认证和授权问题。Globus网格项目中的GSI(Grid Secudty Infrastmcture)主要基于X.509技术实现身份认证以及数据的机密性、完整性和抗否认性,重点解决了认证和消息保护问题,然而在授权问题上缺乏必要的技术支撑。在分析现有安全技术的基础上,提出了将基于X.509的PKI技术和PMI技术相结合的网格安全框架,旨在实现基于安全认证基础之上网格用户和虚拟群组实体间的安全授权机制,从而构建强认证、强授权的网格安全基础设施。 相似文献
3.
Distributed authorization is an essential issue in computer security. Recent research shows that trust management is a promising
approach for the authorization in distributed environments. There are two key issues for a trust management system: how to
design an expressive high-level policy language and how to solve the compliance-checking problem (Blaze et al. in Proceedings
of the Symposium on Security and Privacy, pp. 164–173, 1996; Proceedings of 2nd International Conference on Financial Cryptography
(FC’98). LNCS, vol.1465, pp. 254–274, 1998), where ordinary logic programming has been used to formalize various distributed
authorization policies (Li et al. in Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130, 2002; ACM
Trans. Inf. Syst. Secur. (TISSEC) 6(1):128–171, 2003). In this paper, we employ Answer Set Programming to deal with many complex
issues associated with the distributed authorization along the trust management approach. In particular, we propose a formal
authorization language providing its semantics through Answer Set Programming. Using language , we cannot only express nonmonotonic delegation policies which have not been considered in previous approaches, but also
represent the delegation with depth, separation of duty, and positive and negative authorizations. We also investigate basic
computational properties related to our approach. Through two case studies. we further illustrate the application of our approach
in distributed environments. 相似文献
4.
One aim of pervasive computing is to allow users to share their resources so that they seem to be part of a single pervasive computer. This is just an illusion, the result of the synergy between different systems and resources. SHAD, introduced in PerCom 2007, is the first architecture that offers actual Single Sign-On to avoid authentication obtrusiveness and maintain the illusion of a single, pervasive computer. This paper describes how SHAD allows users to securely share their resources in a easy, natural, and intuitive way. It also describes its role-based Human-to-Human architecture, the threat model, and the protocols involved. Last but not the least, it presents results of further evaluation for our working implementation. 相似文献
5.
网格计算的安全性研究与技术实现 总被引:2,自引:0,他引:2
网格计算环境必须以现有的Internet为通信支撑平台,由于Internet本身的开放性和异构性,决定了网格计算面临着各种各样的安全威胁,因此网格安全已成为网格计算环境中的一个核心问题。该文简述了网格安全需求,分析了网格安全技术,并给出了基于Globus项目中网格安全的主要技术手段。 相似文献
6.
7.
可计算的基于信任的授权委托模型 总被引:1,自引:0,他引:1
在开放式多域环境中,信任管理是最常用的访问控制方法.但是,目前的信任管理系统存在着以下不足:(1)没有给出实体之间信任的计算方式,使得模型难以实现;(2)信任的传递过程没有得到很好的控制.针对上述问题,提出了一种多域系统中可计算的基于信任的授权委托模型--CTBAD模型(Computable Trust-Based Authorization Delegation model),重点探讨了CTBAD模型的信任计算方法以及信任传递机制,并且进行了信任关系计算的数据仿真. 相似文献
8.
为了解决现有数字版权管理中使用控制模型缺乏对细粒度数字内容的灵活和安全使用的问题,基于对一般使用控制模型UCONABC的扩展,提出了形式化的细粒度使用控制理论模型Gran-UCON及其原型系统安全框架和实现机制.该方案将数字资源实体进行细粒度分割,使其粒度减小到具有完整意义的基本单元,进一步通过许可授权加以安全控制.应用实例验证了该模型在数字内容用户终端使用中的安全性和灵活性. 相似文献
9.
10.
Jiangtao Li Ninghui Li XiaoFeng Wang Ting Yu 《International Journal of Information Security》2009,8(2):89-101
Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server
often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive
digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence
of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level
protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting
the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume
a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management
servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management
systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show
that it is effective in the presence of intelligent attackers.
A preliminary version of this paper was presented at the Second IEEE International Conference on Security and Privacy in Communication
Networks, Baltimore, MD, USA, August 2006. 相似文献
11.
李海蓉 《网络安全技术与应用》2014,(12):35-36
伴随科学技术的发展,网络在人们生活中运用的频率也非常高,由此引发的网络安全问题也越来越多。近年来,信息技术不断发展,信息网络既包括计算机网络,也包括互联网技术。本文主要针对基于信息安全控制原理的安全网格技术进行分析和探讨。 相似文献
12.
访问控制和资源授权是网格系统中资源与用户的关系策略的集合,分析了访问控制与资源授权的设计原则,提出了一种基于禁止表和允许表的网格用户访问控制层次式AB4L访问控制模型.给出了该模型的形式化定义,叙述了基于Postgres数据库的资源访问控制模型和授权的实现方法,并从完备性、可扩展性、自主控制和安全性方面对该模型进行了性... 相似文献
13.
Gianluca Antonelli Filippo Arrichiello Stefano Chiaverini 《Intelligent Service Robotics》2008,1(1):27-39
In this paper a new behavior-based approach for the control of autonomous robotic systems is proposed. The so-called null-space-based
behavioral (NSB) control differs from the other existing methods in the behavioral coordination, i.e., in the way the outputs
of the single elementary behaviors are combined to compose a complex behavior. The proposed approach is compared with the
main existing approaches while two experimental case studies, performed with a Khepera II mobile robot, are reported to validate
its effectiveness. 相似文献
14.
This paper proposes a Radio Frequency Identification (RFID) access control scheme, which includes not only an authentication mechanism, but also an access right authorization mechanism designed for a low-cost RFID system. The scheme guarantees mutual authentication and location privacy and also resists the man-in-the-middle attack, the spoofed reader attack, and the spoofed tag attack. Our scheme is more suitable for meeting future RFID system demands. 相似文献
15.
为有效地实施对应用服务器及运行于其上的业务的保护,本文提出了一种面向下一代网络业务的应用服务器对业务能力进行安全限制的方法。该方法明确了安全防范涉及到的范围,明确了安全元素,抽象出安全能力集,并且提供了相应的访问控制的框架接口。 相似文献
16.
网格中大量用户共享不同组织提供的资源。传统的网格授权控制方式已无法适应具有大量用户的模式。该文在实际需求下建立了一个轻量级访问控制服务DACS。DACS将VO用户划分为不同的等级,资源只需对VO用户按级别进行整体授权。 相似文献
17.
18.
基于属性的授权和访问控制研究 总被引:1,自引:0,他引:1
因开放环境的分布性、异构性和动态性,对访问控制提出了独特的安全挑战。基于属性的访问控制(ABAC)机制比基于身份的访问控制机制更能解决管理规模和系统灵活性问题,并提供细粒度的控制,已证明了对这种环境的适应性。讨论了ABAC的授权和访问控制机制、实现框架、属性管理等问题,并通过对关键技术的比较分析,提出了将来需要研究的内容,为该领域的进一步研究提供了思路。 相似文献
19.
基于使用控制和上下文的动态网格访问控制模型研究 总被引:2,自引:1,他引:1
网格环境动态、多域和异构性的特点决定其需要灵活、易于扩展和精细的授权机制.近来在网格环境下的访问控制方面做了大量研究,现有的模型大多在相对静止的前提下,基于主体的标识、组和角色信息进行授权,缺乏具体的上下文信息和灵活的安全策略.本文提出了网络环境下基于使用控制和上下文的动态访问控制模型.在该模型中,授权组件使用主体和客体属性定义传统的静态授权;条件组件使用有关的动态上下文信息体现了对主体在具体环境中的动态权限控制.在该模型的基础上,本文实现了一个原型系统,以验证模型的效率和易于实现性. 相似文献
20.
江友红 《网络安全技术与应用》2014,(7):18-19
本文从金融系统的内部局域网络安全问题出发,对网络配置中常用的VLAN技术、进行了探讨,并提出了通过VLAN技术、访问控制技术对某金融公司市级公司的内部局域网进行安全控制的方案,通过本方案的实施,确保该公司的网络安全风险降到最低. 相似文献