Secure trust negotiation system for grid computing
-
摘要: 网格技术促进了广域网络环境下的资源共享和协同工作.然而,在网格环境中,服务的提供方和请求方往往位于不同的安全域,如何为位于不同安全区域的陌生主体间动态地建立信任关系成为一项应用难题.基于信任管理基础设施,通过协作主体间信任证、访问控制策略的交互披露逐渐为各方建立信任关系,设计并实现了一个保护协商方隐私信息的安全信任协商系统.该系统采用一种基于属性的委托授权信任证、访问控制策略及一致性验证算法,实现策略的动态调整,从而生成满足访问控制策略的所有最小可满足信任证集,能够使理论上存在的信任关系得以自动建立.通过在CROWN平台中的应用,显示该系统能够满足网格应用中信任自动建立和敏感信息保护的需求.Abstract: Grid technology promotes resource sharing and collaboration over wide area network. However, service providers and requestors are always located in different secure domains in grid environment. How to establish trust between strangers without prior relationship has become a pressing problem. A system named secure trust negotiation system was designed and implemented, which depends on the trust management infrastructure, establishes trust between strangers with iterative disclosure of credentials and access control policies and can protect participants’ private information. A sort of attributed-based authorization credential and access control policy was adopted. A novel algorithm for compliance checker of credentials and access policies was carefully designed, which can be used togenerate all the minimal satisfied sets of credentials, so that the trust relationship exsited in theory can be established automatically. During the process of trust negotiation using this system, secure transmission of credentials disclosed was ensured by other subsystems of CROWN. Through the application in CROWN grid, it shows contributions to the automated trust establishment and privacy protection.
-
Key words:
- network /
- trust management /
- trust negotiation /
- compliance checker /
- negotiation strategy
-
[1] Yu T, Winslett M. A unified scheme for resource protection in automated trust negotiation . IEEE Symposium on Security and Privacy . Berkeley, California:IEEE, 2003.110~122 [2] Blaze M, Feigenbaum J, Lacy J. Decentralized trust management . Proceedings of 17th Symposium on Security and Privacy . Oakland:IEEE, 1996.164~173 [3] Winsborough W H, Seamons K E, Jones V E. Automated trust negotiation .DARPA Information Survivability Conference and Exposition . IEEE, 2000.88~102 [4] Barlow T, Hess A, Seamons K E. Trust negotiation in electronic markets . Eighth Research Symposium in Emerging Electronic Markets . Maastricht, Netherlands, 2001 [5] Li Ninghui, Winsborough W H, Mitchell J C,et al. Distributed credential chain discovery in trust management . Proceedings of the 8th ACM Conference on Computer and Communications Security . ACM Press, 2001.156~165 [6] Winslett M, Yu T, Seamons K E, et al. Negotiating trust on the web . IEEE Internet Computing . IEEE, 2002.30~37 [7] Hu Chunming, Huai Jinpeng, Zhu Yanmin,et al. Efficient information service management using service club in CROWN grid . Proceedings of the 2005 IEEE International Conference on Services Computing .IEEE Computer Society Press,2005.5~12 [8] Amir H, Yosi M, Joris M, et al. Access control meets public key infrastructure . Proceedings of the 2000 IEEE Symposium on Security and Privacy . Oakland:IEEE Computer Society Press, 2000.2~14
点击查看大图
计量
- 文章访问数: 3079
- HTML全文浏览量: 221
- PDF下载量: 936
- 被引次数: 0