面向属性约束的自动信任协商模型被引量：1

An Attribute-Constraints-Oriented Automated Trust Negotiation Model

下载PDF

导出

摘要针对已有自动信任协商系统策略语言粒度粗糙、不能生成所有信任序列且缺乏评估与择优机制等问题,提出一种面向属性约束的自动信任协商模型———ACATN.其具有如下特点:利用属性约束细化策略语言粒度,不仅有效地保护了敏感服务和证书,而且提高了系统的灵活性;使用全局访问控制策略终止不会成功的协商请求,从而提高协商效率;采用信任序列搜索树描述信任序列的生成过程,基于此树的宽度、深度优先搜索算法在快速生成一个信任序列的同时,能够生成所有的信任序列;通过属性证书披露代价和通信开销评估信任序列,以便于系统选择最优信任序列.结合具体实例对ACATN模型的使用进行了说明. The existing automated trust negotiation systems suffer from the following drawbacks： the policy languages are coarse-grained, the negotiation strategy cannot generate all trust sequences, and the mechanism to evaluate and select： trust sequences is absent. To address the above problems, an attribute-constraint-oriented automated trust negotiation （ACATN） model is proposed. The policy language is refined by using attribute constraint, which can not only effectively protect sensitive services and certificates, but also enhance its flexibility. The global access control policy is used to terminate impossible negotiation in advance so that the negotiation effi- ciency can be improved. The process of generating trust sequence is described by trust sequence searches tree. Based on the tree, the breadth-first and depth-first searches generate not only a trust sequence quickly, but also all trust sequences. Trust sequences are evaluated via disclosure cost and communication overhead so that the optimal one can be selected. ACATN is illustrated using a typical example.

作者官尚元伍卫国董小社梅一多

机构地区西安交通大学电子与信息工程学院

出处《西安交通大学学报》 EI CAS CSCD 北大核心 2009年第8期1-5,共5页 Journal of Xi'an Jiaotong University

基金国家自然科学基金资助项目(60773118) 国家高技术研究发展计划资助项目(2006AA01109).

关键词访问控制自动信任协商协商系统策略属性约束 access control automated trust negotiation negotiation system strategy attribute constraint

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献6

1SKOGSRUD H, MOTAHARI-NEZHAD H R, BE NATALLAH B, et al. Modeling trust negotiation for web services [J]. Computer, 2009, 42(2): 54-61.
2陈书义,孙锦山,闻英友,赵宏.NSIS下通用访问控制信令协议的设计与验证[J].西安交通大学学报,2009,43(4):34-38. 被引量：1
3WINSBOROUGH W H, SEAMONS K E, JONES V E. Automated trust negotiation [C]//DARPA Information Survivability Conference and Exposition. Los Alamitos, CA, USA: IEEE Computer Society, 2000: 88-10.
4YU Ting, WINSLETT M, SEAMONS K E. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation [J]. ACM Trans on Information and System Security, 2003, 6(1) :1-42.
5YU Ting, MA Xiaosong, WINSLETT M. PRUNES: an efficient and complete strategy for automated trust negotiation over the internet [C]//ACM Conference on Computer and Communications Security. New York, USA: ACM, 2000: 210-219.
6BERTINO E, FERRARI E, SQUICCIARINI A C. Trust-χ: a peer-to-peer framework for trust establish ment [J]. IEEE Trans on Knowledge and Data Engi neering, 2004, 16(7): 827-841.

二级参考文献9

1高磊,张德运,Md Jahangir Alam,张军,胡国栋.基于Petri网的TCP协议异常检测模型[J].西安交通大学学报,2006,40(6):659-662. 被引量：4
2ROSENBERG J, WEINBERGER J, HUITEMA C, et al. STUN - simple traversal of user datagram protocol (UDP) through network address translators (NATs), RFC 3489[R]. Reston, VA, USA: Internet Society. IETF, 2003.
3ROSENBERG J, MAHY R, HUTIEMA C, et al. Traversal using relay NAT (TURN), draft-rosenbergmidcom-turn-08[R]. Reston, VA, USA: Internet So ciety. IETF, 2006.
4ROSENBERG J. Interactive connectivity establishment (ICE): a methodology for network address translator (NAT) traversal for offer/answer protocols, draft-ietfmmusic ice - 15 [R]. Reston, VA, USA: Internet Society. IETF, 2007.
5PAN Jianli, CHEN Shanzhi. A mobile IPv6 firewall traversal scheme integrating with AAA[C]// 2006 In ternational Conference on Wireless Communications, Networking and Mobile Compuling. Piscataway, NJ, USA: IEEE, 2007:414-420.
6MIHAI A, CERNAIANU D O. NAT/firewall traversal for SIP: issues and solutions[C]//Proceedings of International Symposium on Signals. Circuils and Systems. Piscataway, NJ, USA.. IEEE,2005: 521-524.
7FU Xiaoming, TSCHOFENIG H. HOGREFE D. Be yond QoS signaling: a new generic IP signaling framework [J]. Computer Networks, 2006, 50(17) : 3416-3433.
8HANCOCK R, KARAGIANNIS G. LOUGHNEY J,et al. Next steps in signaling (NSIS): framework, IETF RFC 4080 [R]. Reston, VA, USA: Internet Sociely. IETF, 2005.
9SCHUI.ZRINNE H, COI.UMBIA U, HANCOCK R, et al. GIST: general internet signalling transport [EB/ OL]. [2008-06-10]. http://www. ietf. org/internetdrafts/draft-ietf-nsis-ntlp-15. txt.

同被引文献12

1洪帆,刘磊.用隐藏证书实现访问策略[J].计算机应用,2005,25(12):2731-2733. 被引量：4
2HOLT J, BRADSHAW R, SEAMONS K E, et al. Hidden creden- tials [ C]// Proceedings of 2003 ACM Workshop on Privacy in the Electronic Society. New York: ACM Press, 2003:1 - 8.
3QIN YU, FENG DENGGUO, XU ZHEN. An anonymous property- based attestation protocol from bilinear maps [ C]// Proceedings of 2009 International Conference on Computational Science and Engi-neering. Washington, DC: IEEE Computer Society, 2009: 732- 738.
4BAGGA W, MOLVA R. Policy-based cryptography and applications [ C]//Proceedings of the 9th International Conference on Financial Cryptography and Data Security, LNCS 3570. Berlin: Springer, 2005 : 72 - 83.
5SQUICCIARINI A C, BERTINO E, FERRARI E, et al. Achieving privacy in trust negotiations with an ontology-based approach [ J]. IEEE Transactions on Dependable and Secure Computing, 2006, 3 (1) : 13 -30.
6FRIKKEN K, ATALLAH M, LI JIANGTAO. Attribute-based access control with hidden policies and hidden credentials [ J]. IEEE Transactions on Computers, 2006, 55(10) : 1259 - 1270.
7GUAN SHANGYUAN, DONG XIAOSHE, MEI YIDUO, et al. Au- tomated trust negotiation based on concurrent zero-knowledge for e- business applications [ C]//Proceedings of IEEE International Con- ference on e-business Engineering. Washington, DC: IEEE Com- puter Society, 2008:481 -486.
8JEONG I R, KWON J O, LEE D H. Ring signature with weak link- ablility and its applications [ J]. IEEE Transactions on Knowledge and Data Engineering, 2008, 20(8) : 1145 - 1148.
9LIU BAILING, LU HONGWEI, ZHAO YIZHU. An efficient auto- mated trust negotiation framework supporting adaptive policies [ C]// Proceedings of the Second International Workshop on Education Technology and Computer Science. Washington, DC: IEEE Com- puter Society, 2010:96 -99.
10廖俊国,洪帆,李俊,杨木祥.在信任协商中保密证书的敏感属性[J].通信学报,2008,29(6):20-25. 被引量：7

引证文献1

1李伟,范明钰,王光卫,袁建廷.信任协商中基于环签名的协商证书匿名方案[J].计算机应用,2011,31(10):2689-2691.

1姜正涛,怀进鹏,王育民.一种保护敏感属性证书的披露方法[J].北京航空航天大学学报,2007,33(12):1477-1480.
2鲍宇,曾国荪,陈波,夏冬梅.基于动态阈值的陌生网络实体间信任建立方法[J].同济大学学报（自然科学版）,2010,38(11):1682-1688.
3孙良旭,曲殿利,刘国莉.置换流水车间调度问题的两阶段分布估计算法[J].计算机工程与应用,2017,53(2):64-71. 被引量：2
4姚灿中,杨建梅.基于相似性链路预测的大众生产演化特征[J].计算机工程,2012,38(16):263-266. 被引量：3
5仲昭明,李向阳,逄珊.混合择优的多目标免疫粒子群优化算法[J].计算机工程与应用,2013,49(13):43-47. 被引量：4
6姚灿中,杨建梅.基于复杂网络的大众生产社区的演化机制研究[J].计算机工程与应用,2012,48(23):1-5. 被引量：4
7王连备,贲进,范永弘.数据服务QoS评估及择优机制研究[J].计算机工程与应用,2011,47(34):231-234.
8杨静,孔斌,王斌.基于启发式退火拓扑择优机制的稀疏联想记忆实现[J].上海交通大学学报,2013,47(7):1009-1014.
9余盛明,吴静.基于.NET框架的经济指标预测系统的设计与开发[J].计算机系统应用,2012,21(5):109-112. 被引量：1
10张凤琴,梁栋,管桦,张水平,崔林,张晨曙.基于能力优先的作战体系模型构建方法研究[J].计算机应用研究,2015,32(5):1322-1325. 被引量：3

西安交通大学学报

2009年第8期

浏览历史

内容加载中请稍等...

面向属性约束的自动信任协商模型被引量：1

参考文献6

二级参考文献9

同被引文献12

引证文献1

相关作者

相关机构

相关主题

浏览历史

面向属性约束的自动信任协商模型 被引量：1

参考文献6

二级参考文献9

同被引文献12

引证文献1

相关作者

相关机构

相关主题

浏览历史

面向属性约束的自动信任协商模型被引量：1