期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

分布式联动系统中的多级委托策略研究

Research on Multilevel Delegation Policy in Distributed Response System
下载PDF
导出
摘要 目前已有的集中式安全联动防御机制对大规模复杂攻击很难做到协同防范,且容易造成单点服务失效等问题。针对上述不足,在分布式体系结构的基础上提出了一种包含安全联动策略(SRP)和委托管理策略(DAP)的多级委托机制,该机制由联动权限的动态委托和可信委托链的构造方法组成。用XACML Admin规范语言描述了上述两种策略,用形式化的方法描述了委托链的结构组成和委托过程,给出了委托联动算法的伪代码实现。构造可信委托链不仅实现了协同安全联动防御,而且在一定程度上克服了单点失效等问题。提出的安全策略多级委托机制将为构建动态的、分布式的、协作的网络安全防护系统奠定良好的理论基础。 Centralized Security Response System has many shortcomings, such as local response, single service invalidation, lack of cooperative response to large-scale complex attack, etc. In order to enhance the robustness of response system and realize cooperation, based on distributed architecture, this paper introduced multilevel delegation mechanism to response policy:Security Response Policy (SRP) and Delegation Administration Policy (DAP). This mechanism was composed of dynamic delegation of response privilege and construction of credible delegation chain. SRP and DAP were described by XACML Admin criterion language; the structure of delegation chain and the process of delegation were described in formal method; the delegation response algorithm was presented in pseudocode. Constructing credible delegation chain did not only realize cooperation response, but also solved single point invalidation, etc. Multilevel delegation mechanism will establish favorable theory base for constructing dynamic distributed cooperative network security defense system.
作者 朱丽娜 孙潮义 张焕
机构地区 哈尔滨工程大学计算机科学与技术学院 武汉数字工程研究所
出处 《计算机科学》 CSCD 北大核心 2009年第6期85-88,共4页 Computer Science
基金 国防"十一五"预研计划(No.C0820061362-06 No.A1420080183) 国家"863"高新技术计划信息安全主题(No.2007AA01Z464) 船舶工业国防科技预研基金项目(No.08J3.7.8)资助
关键词 分布式联动 联动代理 委托 XACML ADMIN Distributed response, Response agent,Delegation, XACML Admin
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献13

  • 1Rissanen E, Lockhart H, Moses T. XACML 3.0 administrative polioy [OL]. http: //www. oasis open. org/committees/tc _ home. php? wg_abbrev= xacml, 2005
  • 2Moses T. Extensible Access Control Markup Language (XACML) Version 2. 0 [S]. OASIS Standard,2005
  • 3张宏,贺也平,石志国.基于周期时间限制的自主访问控制委托模型[J].计算机学报,2006,29(8):1427-1437. 被引量:20
  • 4Barka E,Sandhu R. A role-based delegation model and some extensions[A] ,//Proceedings of 23rd National Information Systems Security Conference[C]. Baltimore, USA, 2000:168-177
  • 5徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978. 被引量:52
  • 6Ye C X, Wu Z F, Ff Y Q. An attribute-based delegation model and its extension[J]. Journal of Research and Practice in Information Technology, 2006,38 (1) :3-16
  • 7Barka E, Sandhu R. Framework for role-based delegation models [C]//Proc. of the 16th Annual Computer Security Application Conf. IEEE Computer Society Press, 2000:168-176
  • 8Zhang X W , Oh S , Sandhu RS. PBDM : A flexible delegation model in RBAC[C] // Ferrari E, Ferraiolo D, eds. Proc. of the 8th ACM Symp. on Access Control Models and Technologies. New York: ACM Press, 2003 : 149-157
  • 9Faulkner S, Dehousse S, Kolp M, et al. Delegation Mechanisms :[or Agent Architectural Design[C]//Proc. of the IEEE/WIC/ ACM International Conference on Intelligent Agent Technology (IAT' 05 ). Washington, DC, USA, IEEE Computer Society, 2005 : 503-507
  • 10Seitz L, Rissanen E, Sandholm T, et al. Policy administration control and delegation using XACML and delegent [C]//The 6th IEEE/ACM International Workshop on Grid Computing. Washington,2005

二级参考文献62

  • 1龙勤,刘鹏,潘爱民.基于角色的扩展可管理访问控制模型研究与实现[J].计算机研究与发展,2005,42(5):868-876. 被引量:26
  • 2徐震,李斓,冯登国.基于角色的受限委托模型[J].软件学报,2005,16(5):970-978. 被引量:52
  • 3叶春晓,吴中福,符云清,钟将,冯永.基于属性的扩展委托模型[J].计算机研究与发展,2006,43(6):1050-1057. 被引量:17
  • 4Xu Z, Feng DG, Li L, Chen H. UC-RBAC: A usage constrained role-base access control model. In: Qing SH, Gollmann D, Zhou JY, eds. Proc. of the 5th Int'l Conf. on Information and Communications Security. LNCS 2836, Heidelberg: Springer-Verlag, 2003.337-347.
  • 5Gasser M, McDermott E. An architecture for practical delegation in a distributed system. In: Cooper D, Lunt T, eds. Proc. of the1990 IEEE Computer Society Symp. on Research in Security and Privacy. Oakland: IEEE Computer Society Press, 1990. 20-30.
  • 6Gladny HM. Access control for large collections. ACM Trans. on Information Systems, 1997,15(2):154-194.
  • 7Moffett JD, Sloman MS. The source ofauthority for commercial access control. IEEE Computer, 1988,21(2):59-69.
  • 8Nagaratnam N, Lea D. Practical delegation for secure distributed object environments. Distributed Systems Engineering, 1998,5(4):168-178.
  • 9Bandmann O, Dam M, Firozabadi BS. Constrained delegation. In: Proc. of thc 23rd Annual IEEE Symp. on Security and Privacy.Oakland: IEEE Computer Society Press, 2002. 131-143. http://csdl.computer.org/comp/proceedings/sp/2002/1543/00/15430131abs.htm
  • 10Niezette M, Stevenne J. An efficient symbolic representation of periodic time. In: Finin TW, Nicholas CK, Yesha Y, eds. Proc. of the 1st Int'l Conf. on Information and Knowledge Management. LNCS 752, Springer-Verlag, 1992.

共引文献83

计算机科学
2009年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部