摘要
在开放的互联网中,信任关系的建立是实现跨自治域资源共享与协同的前提.然而,网络计算环境的分布自治特性,使得各类复杂系统中应用不同的信任管理机制,容易导致信任定义的不一致问题,特别是很多系统为支持多域协作,直接假设实体间信任具有传递特性,而在模型中缺乏该性质成立的条件;此外,网络计算环境中的动态演化特性,使得驱动实体间协作的信任关系随需而变,而现有信任管理模型仅仅关注于系统功能结构,缺乏对这种动态性的描述.文中提出了一种动态信任管理模型DTM,基于信念公式形式化定义了主体间的信任公式,并将信任的传递特性(信任链)解释为模型的一条性质.在该模型中,针对信任关系的动态特征,以时间为参量刻画主体公式集,以事件为触发条件刻画主体间信任的变化,并基于正则事件序列描述信任管理的资源授权过程,可刻画主体间信任的建立过程.最终,设计、实现了一个信任管理系统CROWN-TM,并进行了初步实验分析.
Nowadays, many novel computing technologies such as Pervasive Computing and Grid Computing have emerged to empower resource sharing and collaboration over Internet. However, trust establishment across multiple autonomous domains has become an important issue because resources are dynamic and behaviours are uncontrollable over Internet. Firstly, existing trust management solutions and systems lack of a unified model, specially the definitions of trust in several security mechanisms are inconsistent, moreover there is no formal proof on trust transitive property referring to the trust management model. Additionally, dynamic short-lived collaboration among entities frequently happens, which may require the trust relationship among collaborating entities to be changed on demand. Therefore, this paper proposes a dynamic trust management model (DTM) to support flexible trust establishment between unfamiliar entities, in which the concept of trust is formally defined based on a belief formula, and the transitive property of trust (trust chain) is proved. In this model, an event is used to describe the cause of trust relationship evolution between principals. A regular event sequence is employed to describe the resource authorization process, and a dependent sequence on regular event sequences is designed for the resource authorization process of trust negotiation. Finally, a trust management system in CROWN middleware, and some preliminary experiments are conducted and the experimental results are given and analysed.
出处
《计算机学报》
EI
CSCD
北大核心
2009年第3期493-505,共13页
Chinese Journal of Computers
基金
国家"九七三"重点基础研究发展规划项目基金(2005CB321803)
国家"八六三"高技术研究发展计划项目基金(2007AA01Z426
2007AA01Z120)
国家杰出青年基金(60525209)
NSFC-RGC联合项目(60731160632)资助~~
关键词
网络计算
信任模型
信任管理
信任协商
信任证
安全策略
Internet computing
trust model
trust management
trust negotiation
credential
security policy