摘要
基于改进的信任管理和协商技术,通过属性信任证实现多种类型的权限委托,设计并实现了一个基于契约的信任协商(COntract-basedTrustNegotiation,COTN)系统.在该系统中,引入了基于契约的信任协商方法,既在契约确立过程中预先终止无法进行的协商请求,又在契约约定下的协商过程中研究了对信任证和访问控制策略中隐私信息的保护,以高效、可靠地自动建立信任关系.目前,COTN系统已在网格中间件平台CROWN中得以应用,并采用信任票据和策略缓冲机制提高系统运行性能.通过相关实验表明该系统具有较好的稳定性和可用性.
A novel contract-based trust negotiation(COTN) system is designed and implemented based on the enhanced trust management and trust negotiation technologies. It leverages attribute-based credential to support various kinds of delegation, where attribute parameters constrains and delegation constrains are also employed. The authors firstly introduce a contract mechanism to ensure the trustworthiness of negotiation for COTN system. The COTN system not only provides the functions to terminate impossible negotiation in advance but also is able to protect the sensitive credentials and sensitive information in the access control policies. This system has been successfully implemented as useful components and fundamental security services in CROWN Grid, and methods such as trust tickets and policies caching which can greatly increase servicers efficiency are used. Furthermore, the approach is evaluated by comprehensive experiments, and the results show that it is feasible and applicable.
出处
《计算机学报》
EI
CSCD
北大核心
2006年第8期1290-1300,共11页
Chinese Journal of Computers
基金
国家自然科学重大研究计划基金(90412011)
国家"九七三"重点基础研究发展规划项目基金(2005CB321803)资助.
关键词
信息安全
信任管理
信任协商
隐私保护
信任证
访问控制策略
information security
trust managment
trust negotiation
privacy preservation
credential
access control policy