期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

多自治域协同环境中群组通信的安全访问控制 被引量:4

Secure Access Control for Group Communication on Multi-Autonomous Domains Collaborative Environment
下载PDF
导出
摘要 支持多自治域协作的安全通信环境是大规模分布式应用的基础,群通信由于高效、可伸缩等特点,成为这种协作环境的一种基本通信方式.然而,由于没有集中的控制中心,实体分别隶属于异构的自治域且动态变化,引发了大量新的安全访问控制问题.针对多域协作的异构性和动态性特点,提出一套基于角色的分布式信任管理的解决方案,重点解决了动态联合授权以及基于属性的委托授权.在此基础上建立了一套较完整的安全通信体系,包括安全策略的协商、信任证的颁发、信任证与安全策略的一致性验证以及用户访问权限论证等.它为多域协作环境的群通信提供了更加灵活、可靠、安全的访问控制模式. Secure communication environment of multiple autonomous domains collaborauon is the basis of large-scale distributed applications, group communication with the character of high efficiency and flexibility is the basic communication mode. However, these collaborative applications lack central control, and in addition their users and resources belong to different autonomous domains. Users in collaborative environments expect to join/leave group, access domain resources dynamically, which leads to large numbers of new security challenges and access control problem. In view of the heterogeneous and dynamic character of multiple autonomous domains collaboration, role-based access control with distributed trust management is complemented and a role-based distributed trust management framework is proposed, thus resolving dynamic joint authorization and attribute-based delegation authorization. Meanwhile, an infrastructure is presented, which includes security policy negotiation, credentials issue, proof-ofcompliance for the credentials and access control policy, and reasoning about users' access rights. A more flexible, reliable, secure access control model is provided for the collaborative environment of multi-domains group communication.
作者 张煜 张文燚 李先贤 怀进鹏
机构地区 北京航空航天大学计算机学院
出处 《计算机研究与发展》 EI CSCD 北大核心 2005年第9期1558-1563,共6页 Journal of Computer Research and Development
基金 国家自然科学基金项目(90412011)~~
关键词 群通信 信任管理 访问控制 联合授权 group communication trust management access control joint authorization
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1Li Ninghui, W. H. Winsborough, J. C. Mitchell. Distributed credential chain discovery in trust management. Journal of Computer Security, 2003, 11(1): 35~86.
  • 2Li Ninghui, J. C. Mitchell, W. H. Winsborough. Design of a role-based trust management framework. In: Proc. IEEE Symposium on Security and Privacy. Los Alamitos, CA: IEEE Computer Society Press, 2002.
  • 3C.Wong, M. Gouda, S. Lam. Secure group communications using key graphs. IEEE/ACM Trans. Networking, 2000, 8(1):16~30.
  • 4李先贤,怀进鹏,刘旭东.群密钥分配的动态安全性及其方案[J].计算机学报,2002,25(4):337-345. 被引量:26
  • 5P. Judge, M. Ammar. Gothic: A group access control architecture for secure multicast and anycast. The 21st Annual Joint Conf. IEEE Computer and Communications Societies, New York, 2002.
  • 6P. McDaniel. Policy management in secure group communication:[Ph. D. dissertation ]. Ann Arbor, MI: Unive rsity of Michigan,2001.
  • 7D. Shands, R. Yee, J. Jacobs, et al. Secure virtual enclaves:Supporting coalition use of distributed application technologies. In:Proc. DARPA Information Survivability Conf. & Exposition.New York: ACM Press, 2000.
  • 8O. Rodeh, K. P. Birman. The architecture and performance of security protocols in the ensemble group communication system:Using diamonds to guard the castle. ACM Trans. Information and System Security, 2001, 4(3): 289~31.
  • 9D. A. Agarwal, O. Chevassut, M. R. Thompson, et al. An integrated solution for secure group communication in wide-area networks. The 6th IEEE Symposium on Computers and Communications, Hammamet, Tunisia, 2001.
  • 10M. Thompson. Certificate-based access control for widely distributed resources. In: Proc. the 8th Usenix Security Symposium. Los Alamitos, CA: IEEE Computer Society Press,1999.

二级参考文献13

  • 1[1]Ateniese G, Chevassut D, Hasse D et al. The design of a group key agreement API. In: Proc DARPA Information Survivability Conference and Exposition, SC, USA, 2000. 115-126
  • 2[2]Caronni G, Waldvogel M, Sun D et al. Efficient security for large and dynamic groups. In: Proc the 7th Workshop on Enabling Technologies, (WET ICE'98), Stanford, California, USA,1998. 376-383. http://www.computer.org/ proceedings/wetice/8751/8751toc.htm
  • 3[3]Lakshminath R, Mukherjee S, Sama A. A dual encryption protocol for scalable secure multicasting. In: Proc the 4th IEEE Symposium on Computers and Communications, Red Sea, Egypt, 1999. 2-8
  • 4[4]Gong L, Shacham N. Elements of trusted multicasting. In: Proc IEEE International Conference on Network Protocols, Boston, MA, USA, 1994. 23-30
  • 5[5]Harney H, Muckenhirn C. Group Key Management Protocol (GKMP) Architecture. RFC 2094, 1997
  • 6[6]Blundo C, Santis A D, Herzberg A et al. Perfectly-secure key distribution for dynamic conferences. In: Proc CRYPTO'92, California, USA, 1992. 471-486
  • 7[7]Mayer A, Yung M. Generalized secret sharing and group-key distribution using short keys. In: Proc Compression and Complexity of Sequences 1997, Salerno, Italy, 1998. 30-44
  • 8[8]Chiou G H, Chen W T. Secure broadcasting using the secure lock. IEEE Trans Software Engineering, 1989,15(8): 929-934
  • 9[9]Ballardie T. Scalable Multicast Key Distribution. RFC 1949, 1996
  • 10[10]Dinsmore P T, Balenson D M, Heyman M et al. Policy-based security management for large dynamic groups: An overview of the DCCM project. In: Proc the DARPA Information Survivability Conference & Exposition, SC, USA, 2000. 64-73

共引文献25

同被引文献63

引证文献4

二级引证文献19

计算机研究与发展
2005年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部