共查询到20条相似文献,搜索用时 15 毫秒
1.
自动信任协商(ATN)是指通过暴露信任凭证与访问控制策略进行匹配以达到建立信任关系的目的。在开放的分布式环境中,策略一致性管理便于网络用户发现资源,并及时了解访问资源所需具备的条件。当前,自动信任协商中的策略一致性管理由资源方进行维护,这不利于资源被发现,限制了资源的共享,浪费了资源方宝贵的计算资源。针对这些问题,提出了一种有效的策略一致性管理方法。该方法设立可信第三方,使用LDAP协议集中管理资源方的访问控制策略,使用通用语言XML对策略进行描述,可有效检测与避免策略更新、删除等所带来的策略不一致问题。 相似文献
2.
3.
4.
A trust negotiation system for digital library Web services 总被引:1,自引:0,他引:1
A scalable approach to trust negotiation is required in digital library (DL) environments that have large and dynamic user populations. In this paper we introduce Trust-Serv, a model-driven trust negotiation framework for Web services, and show how it can be used to effectively handle trust negotiation in DLs. The framework employs a model for trust negotiation based on state machines, extended with security abstractions. High-level specifications expressed with the state-machine-based model are then translated into formats suitable for automating the trust negotiation process. The proposed framework also supports negotiation policy lifecycle management, an important trait in the dynamic environments that characterize DLs. In particular, we present a set of policy change operations that enable the dynamic evolution of negotiation policies without disrupting ongoing negotiations. The proposed approach has been implemented as a container-centric mechanism that is transparent to the DL and to the developers of DL Web services, simplifying DL development and management as well as enabling scalable deployments. 相似文献
5.
自动信任协商是跨多安全域的实体间建立信任关系的一种新方法,协商策略规定了协商过程中信任凭证和访问控制策略的披露方式。针对目前的研究中没有区分凭证的敏感度的问题,引入凭证权重的概念,设计了一种基于带权重的树的协商策略,采取局部取优的思想,每次在访问控制策略可选的情况下选取最小权重的凭证进行披露,直至协商成功或失败。经证明,该策略安全、完备且高效。 相似文献
6.
Trust negotiation is an approach to access control whereby access is granted based on trust established in a negotiation between the service requester and the service provider. Trust negotiation systems avoid several problems facing traditional access control models such as DAC (discretionary access control) and MAC (mandatory access control). Another problem is that Web service providers often do not know requesters identities in advance because of the ubiquitousness of services. We describe Trust-Serv, a trust negotiation framework for Web services, which features a policy language based on state machines. It is supported by lifecycle management and automated runtime enforcement tools. Credential retrieval and validation in Trust-Serv rely on predefined Web services that provide interactions with attribute assertion authorities and public key infrastructure. 相似文献
7.
8.
9.
10.
Automated trust negotiation (ATN) is an approach establishing mutual trust between strangers wishing to share resources or conduct business by gradually requesting and disclosing digitally signed credentials. The digital credentials themselves are usually sensitive, so they have corresponding access control policies to control their disclosure. Therefore, an ATN strategy must be adopted to determine the search for a successful negotiation based on the access control policies. Previously proposed negotiation strategies are either not complete, disclosing irrelevant credentials, or not efficient enough. In this paper, we propose a novel ATN strategy, that is, Deterministic Finite Automaton Negotiation Strategy (DFANS). DFANS is complete and ensures that no irrelevant credentials are disclosed during the negotiation. Furthermore, DFANS is highly efficient. In the worst case, its communication complexity is O(n), where n is the total number of credentials requested, and its computational complexity is O(m) when not involving the cyclic dependencies, where m is the total size of the both sides' policies looked up during the negotiation. When cyclic dependencies exist, a reasonable additional cost of running OSBE protocol that is a provably secure and quite efficient scheme will be added to the computational cost of DFANS to guarantee the negotiation success whenever possible. 相似文献
11.
12.
自动信任协商中,访问控制策略规范了用户访问资源的行为从而保护敏感信息与资源,当策略本身就包含敏感信息时,则策略的暴露会泄露隐私信息;而对策略的敏感信息再次进行保护时,则增加了协商复杂性。针对策略保护的矛盾,提出一种基于规则的自动信任协商模型——RBAM。对策略进行分解,将非敏感策略与域约束归为一类,并使用Agent技术来协商双方的交互,从而达到降低协商复杂度、提高协商效率的目的。 相似文献
13.
14.
信任管理是当前普适环境中信息安全研究的热点。为了解决主观信任的模糊性和主体之间信任关系的动态性,在模糊数学中的模糊理论的基础上,提出了一个用户信任度的评估模型。该模型是将模糊理论应用到信任关系的不确定性和动态性上,对影响信任主体的主要因素进行综合评估,得出一个总的信任度来确定是否可以信任主体以便进行交互。该模型可以全面地评估用户的信任度,很大程度上保证了普适行为的安全可靠,为处理普适计算的信任管理的不确定研究提供了一个新的方法。 相似文献
15.
16.
Jianxin Li Dacheng Zhang Jinpeng Huai Jie Xu 《Peer-to-Peer Networking and Applications》2009,2(2):164-177
Service-oriented architecture (SOA) and Software as a Service (SaaS) are the latest hot topics to software manufacturing and
delivering, and attempt to provide a dynamic cross-organisational business integration solution. In a dynamic cross-organisational
collaboration environment, services involved in a business process are generally provided by different organisations, and
lack supports of common security mechanisms and centralized management middleware. On such occasions, services may have to
achieve middleware functionalities and achieve business objectives in a pure peer-to-peer fashion. As the participating services
involved in a business process may be selected and combined at run time, a participating service may have to collaborate with
multiple participating services which it has no pre-existing knowledge in prior. This introduces some new challenges to traditional
trust management mechanisms. Automated Trust Negotiation (ATN) is a practical approach which helps to generate mutual trust
relationship for collaborating principals which may have no pre-existing knowledge about each other without in a peer-to-peer
way. Because credentials often contain sensitive attributes, ATN defines an iterative and bilateral negotiation process for
credentials exchange and specifies security policies that regulate the disclosure of sensitive credentials. Credentials disclosure
in the iterative process may follow different orders and combinations, each of which forms a credential chain. It is practically
desirable to identify the optimal credential chain that satisfies certain objectives such as minimum release of sensitive
information and minimum performance penalty. In this paper we present a heuristic and context-aware algorithm for identifying
the optimal chain that uses context-related knowledge to minimize 1) the release of sensitive information including both credentials
and policies and 2) the cost of credentials retrieving. Moreover, our solution offers a hierarchical method for protecting
sensitive policies and provides a risk-based strategy for handling credential circular dependency. We have implemented the
ATN mechanisms based on our algorithm and incorporated them into the CROWN Grid middleware. Experimental results demonstrate
their performance-related advantages over other existing solutions.
Jianxin Li is a research staff and assistant professor in the School of Computer Science and Engineering, Beihang University, Beijing china. He received the Ph.D. degree in Jan. 2008. He has authored over 10 papers in SRDS, HASE and eScience etc. Her research interests include trust management, information security and distributed system.
Dacheng Zhang received his BSc. in Computer Science at Northern Jiaotong University. Dacheng then worked at the Beijing Rail Mansion and Beijing Zhan Hua Dong He Ltd. as a software engineer. In 2004, Dacheng received his MSc. degree in Computer Science at the University of Durham. The topic of his thesis was “Multi-Party Authentication for Web Services”. Dacheng is now a PhD student in the School of Computing, University of Leeds, UK. His research area covers Multi-Party Authentication systems for Web services, Long Transactions, and Identity based authentication systems. Currently, he is exploring Coordinated Automatic Actions to manage Web Service Multi-Party Sessions.
Jinpeng Huai is a Professor and Vice President of Beihang University. He serves on the Steering Committee for Advanced Computing Technology Subject, the National High-Tech Program (863) as Chief Scientist. He is a member of the Consulting Committee of the Central Government Information Office, and Chairman of the Expert Committee in both the National e-Government Engineering Taskforce and the National e-Government Standard office. Dr. Huai and his colleagues are leading the key projects in e-Science of the National Science Foundation of China (NSFC) and Sino-UK. He has authored over 100 papers. His research interests include middleware, peer-to-peer (P2P), grid computing, trustworthiness and security.
Professor Jie Xu is Chair of Computing at the University of Leeds (UK) and Director of the EPSRC WRG e-Science Centre involving the three White Rose Universities of Leeds, York and Sheffield. He is also a visiting professor at the School of Computing Science, the University of Newcastle upon Tyne (UK) and a Changjiang Scholar visiting professor at Chongqing University (China). He has worked in the field of Distributed Computer Systems for over twenty years and had industrial experience in building large-scale networked systems. Professor Xu now leads a collaborative research team at Leeds studying Grid and Internet technologies with a focus on complex system engineering, system security and dependability, and evolving system architectures. He is the recipient of the BCS/IEE Brendan Murphy Prize 2001 for the best work in the area of distributed systems and networks. He has led or co-led many key research projects served as Program Chair/PC member of, many international computer conferences. Professor Xu has published more than 150 edited books, book chapters and academic papers, and has been Editor of IEEE Distributed Systems since 2000. 相似文献
Jie XuEmail: |
Jianxin Li is a research staff and assistant professor in the School of Computer Science and Engineering, Beihang University, Beijing china. He received the Ph.D. degree in Jan. 2008. He has authored over 10 papers in SRDS, HASE and eScience etc. Her research interests include trust management, information security and distributed system.
Dacheng Zhang received his BSc. in Computer Science at Northern Jiaotong University. Dacheng then worked at the Beijing Rail Mansion and Beijing Zhan Hua Dong He Ltd. as a software engineer. In 2004, Dacheng received his MSc. degree in Computer Science at the University of Durham. The topic of his thesis was “Multi-Party Authentication for Web Services”. Dacheng is now a PhD student in the School of Computing, University of Leeds, UK. His research area covers Multi-Party Authentication systems for Web services, Long Transactions, and Identity based authentication systems. Currently, he is exploring Coordinated Automatic Actions to manage Web Service Multi-Party Sessions.
Jinpeng Huai is a Professor and Vice President of Beihang University. He serves on the Steering Committee for Advanced Computing Technology Subject, the National High-Tech Program (863) as Chief Scientist. He is a member of the Consulting Committee of the Central Government Information Office, and Chairman of the Expert Committee in both the National e-Government Engineering Taskforce and the National e-Government Standard office. Dr. Huai and his colleagues are leading the key projects in e-Science of the National Science Foundation of China (NSFC) and Sino-UK. He has authored over 100 papers. His research interests include middleware, peer-to-peer (P2P), grid computing, trustworthiness and security.
Professor Jie Xu is Chair of Computing at the University of Leeds (UK) and Director of the EPSRC WRG e-Science Centre involving the three White Rose Universities of Leeds, York and Sheffield. He is also a visiting professor at the School of Computing Science, the University of Newcastle upon Tyne (UK) and a Changjiang Scholar visiting professor at Chongqing University (China). He has worked in the field of Distributed Computer Systems for over twenty years and had industrial experience in building large-scale networked systems. Professor Xu now leads a collaborative research team at Leeds studying Grid and Internet technologies with a focus on complex system engineering, system security and dependability, and evolving system architectures. He is the recipient of the BCS/IEE Brendan Murphy Prize 2001 for the best work in the area of distributed systems and networks. He has led or co-led many key research projects served as Program Chair/PC member of, many international computer conferences. Professor Xu has published more than 150 edited books, book chapters and academic papers, and has been Editor of IEEE Distributed Systems since 2000. 相似文献
17.
《Computer Standards & Interfaces》2014,36(1):219-230
We propose an ontology-based approach to automated trust negotiation (ATN) to establish a common vocabulary for ATN across heterogeneous domains and show how ontologies can be used to specify and implement ATN systems. The components of the ATN framework are expressed in terms of a shared ontology and ontology inference techniques are used to perform ATN policy compliance checking. On this basis, a semantically relevant negotiation strategy (SRNS) is proposed that ensures the success of a negotiation whenever it is semantically possible. We analyze the properties of SRNS and evaluate the performance of the ontology-based ATN. 相似文献
18.
19.
资武成 《计算机工程与应用》2008,44(21):245-248
Agent技术已被广泛用于供应链伙伴的协商。协商前如何选择协商Agent对提高协商效率有着重要的意义。提出了一种基于信任的多Agent协商关系网及其形成和更新算法,并对该协商关系网的特点进行了深入的研究。模拟表明,提出的协商关系网能有效地促进Agent之间的协商,提高协商成功率。 相似文献
20.
信任协商中的隐私保护方案大多建立在复杂的零知识协议基础上且很多需要配对运算,因此效率不高。针对这一问题,利用环签名的思想提出了一种协商证书匿名方案,在建立证书子集匿名性的形式化模型基础上利用离散对数的困难性构造环签名方案对协商证书进行保护。跟张明武等人的方案(张明武,杨波,祝胜林,等.保护协商证书隐私的策略签名方案. 电子与信息学报,2009,31(1):224-227)和LIU等人的方案(LIU BAILING, LU HONGWEI, ZHAO YIZHU. An efficient automated trust negotiation framework supporting adaptive policies. Proceedings of the Second International Workshop on Education Technology and Computer Science. Washington, DC: IEEE Computer Society, 2010:96-99)相比,所提方案具有更高的效率。 相似文献