期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

网格计算中虚拟组织的授权机制 被引量:2

Authorization mechanisms for virtual organization in grid computing systems
下载PDF
导出
摘要 分析了网格计算系统中虚拟组织管理的授权需求,提出使用门限闭包作为网格计算系统中面向虚拟组织的授权服务机制。既分析了门限闭包的适用性,也指出了它在具体实施时所存在的局限性,在此基础上提出一种新的授权服务体系,设计了基于公钥基础设施PKI的访问控制工作协议,并结合现有网格计算系统的安全基础设施设计了相应的授权服务系统架构。该体系通过分离门限闭包策略和实现机制,既保证了对复杂授权策略的处理效率和处理能力,也充分利用了现有网格安全基础设施。 This article analyzes authorized demand for management of virtual organization in the grid com puting system and consequently proposes using threshold closure as authorized service mechanism for virtual organizations in the grid computing system. The study not only analyzes the applicability of the threshold closure but presents the limitations of the specific implementation and based on which, a new authorization service sys tem is put forward and the access control protocol based on the public key infrastructure as well as the corresponding authorization service architecture combined with the existing security infrastructure in grid computing system are designed. The architecture guarantees the processing efficiency and capacity of the complex authorized strategy, and meanwhile it makes full use of the existing grid security infrastructure through the separation strategy of the threshold closure and implementation mechanism.
作者 邵学军 施化吉 赵曦滨
机构地区 江苏大学计算机科学与通信工程学院 南京航空航天大学计算机应用研究所 清华大学软件学院
出处 《系统工程与电子技术》 EI CSCD 北大核心 2009年第1期216-220,共5页 Systems Engineering and Electronics
基金 国家“863”计划项目(2003AA414031) 国家火炬计划项目(2004EB33006)资助课题
关键词 分布式处理系统 网格计算 虚拟组织 授权 访问控制 分布式系统安全 distributed processing system grid computing virtual organization authorization access con trol distributed system security
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献26

  • 1Foster I, Kesselman C, Tuecke S. The anatomy of the grid: enabling scalable virtual organizations[J].International Journal of Supercomputer Applications, 2001, 15(3) : 200 - 222.
  • 2kam K Y, Zhao X B, Chung S L,et al. Enhancing Orid security intrastructure to support mobile computing nodes[C]//Proc of the 4th International Workshop on Information Security Applications (WISA 2003), Berlin, Shrinker. 2004.42- 54
  • 3Raman R, Livny M, Solomon M. Matchmaking: distributed re source management for high throughput computing[C]//Proc of the 7th IEEE International Symposium on High Performance Distributed Computing, 1998.
  • 4Ryutov T, Neuman B C. Representation and evaluation of security policies for distributed system services [C] // Proc of the DARPA Information Survivability Conference and E.rposition, 2000.
  • 5Ryutov T, Neuman B C, Kim D. Dynamic authorization and intrusion response in distributed systems[C]//Proc of the DARPA In formation Surwivability Conference and Exposition, 2003.
  • 6Litzkow M, Livny M, Mutka M. Condor-A hunter of idle work stations[C]//Proc of the 8th International Conference of Distributed Computing Systems. 1988 : 104 - 111.
  • 7Sundaram B, Chapman B M. Policy engine: a framework for au thorization, accounting policy specification and evaluation in grids[C]//Second International Workshop on Grid Computing (Grid 2001). Denver, CO, USA, 2001:145-153.
  • 8Bester J, Foster I, Kesselman C, et al. GASS: a data movement and access service for wide area computing systems[C]//Sixth Workshop on I/O in Parallel and Distributed Systems, 1999.
  • 9Duan H X. Wu J P, Li X. Policy based access control frame work for large networks[C]//IEEE International Conference on Networks (ICON 2000), 2000:267 - 272.
  • 10Bertino E, Catania B, Ferrari E, et al. A system to specify and manage muhipolicy access control models[C]//Third International Workshop on Policies .for Distributed Systems and Net- works, 2002:116 - 27.

二级参考文献12

  • 1Shamir A. How to share a secret. Communications of the ACM, 1979, 22(11): 612~613.
  • 2Blakley G R. Safeguaring cryptographic keys. Proc. AFIPS National Computer Conference, New York, 1979. 313~317.
  • 3Feldman P. A practical scheme for non-interactive verifiable secret sharing. Proc. 28th IEEE Symposium on Foundations of Computer Science, IEEE Computer Society, 1987. 427~437.
  • 4Pedersen T P. Distributed provers and verifiable secret sharing based on the discrete logarithm problem. Ph. D.thesis, Aarhus University, Computer Science Department , Aarhus , Denmark, 1992.
  • 5Pedersen T P. Non-interactive and information-theoretic secure verifiable secret sharing. Advances in CruptologyCRYPTO' 91, Lecture Notes in Computer Science,Berlin, Springer-Verlag, 1992, 576: 129~140.
  • 6Stadler M. Publicly verifiable secret haring. Advances in Cryptology Eurocrypt' 96: Lecture Notes in Computer Science, Berlin, Springer-Verlag, 1996, 1070: 190~199.
  • 7Benaloh J, Leichter J. Generalized secret sharing and monotone functions. Ins. Goldwasser, editor. Advances in Cryptolog-Crypto' 88, Volume 403 of Lecture Notes in Computer Science, Springer Verlag , 1998. 21~25.
  • 8Blundo C, Cresti A, Santis A D. Fully dynamic secret sharing schemes. Theoretical Computer Science, 1996,165(2): 407~440.
  • 9Desmedt Y. Society and group oriented cryptography: a new concept. Advances in Cryptology, Proceedings of Crypto'87, Santa Barbara, 1998, 120~127.
  • 10Laih C S, Ham L. Generalized threshold cryptosystem,Advances in cryptology. Proc. of Asiacrypt ' 91, Fujiyoshida, Japan, 1991. 88~92.

共引文献2

同被引文献27

引证文献2

系统工程与电子技术
2009年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部