DTM:一种面向网络计算的动态信任管理模型

DTM:A Dynamic Trust Management Model for Internet Computing Environments

在开放的互联网中,信任关系的建立是实现跨自治域资源共享与协同的前提.然而,网络计算环境的分布自治特性,使得各类复杂系统中应用不同的信任管理机制,容易导致信任定义的不一致问题,特别是很多系统为支持多域协作,直接假设实体间信任具有传递特性,而在模型中缺乏该性质成立的条件;此外,网络计算环境中的动态演化特性,使得驱动实体间协作的信任关系随需而变,而现有信任管理模型仅仅关注于系统功能结构,缺乏对这种动态性的描述.文中提出了一种动态信任管理模型DTM,基于信念公式形式化定义了主体间的信任公式,并将信任的传递特性(信任链)解释为模型的一条性质.在该模型中,针对信任关系的动态特征,以时间为参量刻画主体公式集,以事件为触发条件刻画主体间信任的变化,并基于正则事件序列描述信任管理的资源授权过程,可刻画主体间信任的建立过程.最终,设计、实现了一个信任管理系统CROWN-TM,并进行了初步实验分析.

Nowadays, many novel computing technologies such as Pervasive Computing and Grid Computing have emerged to empower resource sharing and collaboration over Internet. However, trust establishment across multiple autonomous domains has become an important issue because resources are dynamic and behaviours are uncontrollable over Internet. Firstly, existing trust management solutions and systems lack of a unified model, specially the definitions of trust in several security mechanisms are inconsistent, moreover there is no formal proof on trust transitive property referring to the trust management model. Additionally, dynamic short-lived collaboration among entities frequently happens, which may require the trust relationship among collaborating entities to be changed on demand. Therefore, this paper proposes a dynamic trust management model （DTM） to support flexible trust establishment between unfamiliar entities, in which the concept of trust is formally defined based on a belief formula, and the transitive property of trust （trust chain） is proved. In this model, an event is used to describe the cause of trust relationship evolution between principals. A regular event sequence is employed to describe the resource authorization process, and a dependent sequence on regular event sequences is designed for the resource authorization process of trust negotiation. Finally, a trust management system in CROWN middleware, and some preliminary experiments are conducted and the experimental results are given and analysed.