吝啬语义信任协商被引量：4

Parsimonious Semantic Trust Negotiation

下载PDF

导出

摘要自动信任协商是通过数字证书的交互披露在陌生实体间建立信任的过程,现有的自动信任协商框架要求主体出示完整属性证书来证明自己满足对方资源披露策略中的身份断言约束条件,导致了属性证书中身份信息过度披露问题.该文中作者提出一种通过交换DL-TNL语义身份断言来建立信任关系的吝啬语义信任协商框架,避免了完整属性证书的直接出示,减少信任建立过程中身份信息被披露的程度,并提出一种正确、完备且有效的吝啬语义信任协商策略.在该策略下,交易双方的协商引擎可以快速有效地从由身份断言权威签发的包含多个DL-TNL语义身份断言的身份断言证书中,自动计算出批露最少信息且符合对方策略的身份断言集进行出示,以最大限度地减少信任建立过程中被披露的身份信息,并保证理论上存在成功可能性时,使用该策略必然可以有效地帮助主体最终获得网络资源的访问权限.有关该策略完备性和正确性的证明以及策略实施中所使用的符合性检测算法的实现和分析均在文中给出. Automated Trust Negotiation （ATN） is a process in which two unfamiliar entities ex- change their digital attribute certificates in turn to set up mutual trust relationship with each oth- er. Since existing ATN frameworks require entities to release entire attribute certificates to prove that they satisfy the identity constraint condition stated by the other entities＇ access control poli- cies, private identity information of entities is often over-revealed in many circumstances. In this paper, the authors propose a novel parsimonious semantic trust negotiation framework in which entities can build trust relationship by exchanging DL-TNL semantic identity assertions instead of entire attribute certificates. This framework can greatly reduce the degree of disclosed private identity information. Under the framework, the authors propose a correct, complete and efficient parsimonious semantic trust negotiation strategy to allow the negotiation agencies of participants to compute and disclose a satisfying set of DL-TNL assertions which contains least private identi- ty information at every exchange step. In a word, the parsimonious semantic trust negotiation strategy can minimize the disclosed private identity information in the trust negotiation processes and guarantees the resource requesters participating in the processes to get the access rights finally if there does exist a theoretical successful trust negotiation sequence. All of the proofs about the properties of the strategy are given in this paper, so are the relevant compliance checking al gorithms and their analyses.

作者张妍冯登国

机构地区中国科学院软件研究所信息安全国家重点实验室信息安全共性技术国家工程研究中心

出处《计算机学报》 EI CSCD 北大核心 2009年第10期1989-2003,共15页 Chinese Journal of Computers

基金国家"八六三"高技术研究发展计划项目基金(2007AA120404 2007AA120405)资助

关键词自动信任协商语义方法隐私保护协商策略符合性检测 automated trust negotiation semantic method privacy protection trust negotiation strategy compliance checking

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献14

1Bertino E, Ferrari E, Squicciarini A C. Trust-X: A peer to peer framework for trust establishment. IEEE Transactions on Knowledge and Data Engineering, 2004, 16(7):827-842.
2Nejdl W, Olmedilla D, Winslett M. PeerTrust: Automated trust negotiation for peers on the semantic Web//Proceedings of the Secure Data Management. Toronto, Ontario, Canada,2004:118-132.
3李建欣,怀进鹏,李先贤.自动信任协商研究[J].软件学报,2006,17(1):124-133. 被引量：52
4Winsborough W, Seamons K, Jones V. Automated trust negotiation. North Carolina State University at Raleigh: Technical Report TR-2000-05, 2000.
5Yu Ting, Ma Xiao-Song, Winslett M. PRUNES: An efficient and complete strategy for automated trust negotiation over the Internet//Proceedings of the ACM Conference on Computer and Communications Security. New York, 2000: 210-219.
6Smith B, Seamons K E, Jones M D. Responding to policies at runtime in Trust Builder//Proceedings of the 5th International Workshop on Policies for Distributed Systems and Networks. Washington, 2004:149-158.
7Lee J A, Winslett M. Towards an efficient and language-agnostic compliance checker for trust negotiation systems//Proceedings of the 3rd ACM Symposium on Information, Computer and Communications Security. Tokyo, Japan, 2008: 228-239.
8李建欣,怀进鹏.COTN:基于契约的信任协商系统[J].计算机学报,2006,29(8):1290-1300. 被引量：18
9Li Jiang-Tao, Li Ning Hui. OACerts: Oblivious attribute certificates//Proceedings of the 3rd Conference on Applied Cryptography and Network Security. New York, 2005: 122- 138.
10Bauer D, Blough M D, Cash D. Minimal information disclosure with efficiently verifiable credentials//Proceedings of the 4th ACM workshop on Digital Identity Management. Virginia, 2008, 15-24.

二级参考文献20

1李建欣,怀进鹏,李先贤.自动信任协商研究[J].软件学报,2006,17(1):124-133. 被引量：52
2Chadwick D. W. , Otenko A.. The PERMIS X. 509 role based privilege management infrastructure. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT), Monterey, California, USA, 2002, 135-140
3Blaze M. , Feigenbaum J. , Lacy J.. Decentralized trust management. In: Proceedings of the IEEE Symposium on Securityand Privacy, Oakland, CA, USA, 1996, 164-173
4Li N. , Mitchell J. C. , Winsborough W. H.. Design of a Role-based trust management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Berkeley, California, 2002, 114-130
5Clarke D. , Ellen J. E. , Ellison C. , Fredette M. , Morcos A. ,Rivest R. L.. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 2001, 9(4):285-322
6Winsborough W. H. , Seamons K. E. , Jones V.E.. Automated trust negotiation. In: Proceedings of the DARPA Information Survivability Conference and Exposition, 2000, 88-102
7Yu T. , Winslett M. , Seamons K.E.. Supporting structured credentials and sensitive policies through interoperahle strategies for automated trust negotiation. ACM Transactions on Information and System Security(TISSEC), 2003, 6(1): 1-42
8Sun H., Zhu Y., Hu C., Huai J., Liu Y., Li J.. Early experience of remote and hot service deployment with trustworthiness in CROWN grid. In: Proceedings of the 6th International Workshop on Advanced Parallel Processing Technologies,Hong Kong, China, 2005, 301-312
9Foster I. , Kesselman C. , Tuecke S.. The anatomy of the grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications, 2001,15(3) : 200-222
10Thompson M. R., Essiari A., Mudumbai S.. Certificatebased authorization policy in a PKI environment. ACM Transactions on Information and System Security(TISSEC), 2003, 6(4): 566-588

共引文献63

1石志国,贺也平,淮晓永,张宏.一种面向网格计算的分布式匿名协作算法[J].计算机研究与发展,2008,45(z1):72-80.
2王军祥.几种信任协商的信息反馈机制分析[J].电脑学习,2009(6):3-5.
3李建欣,怀进鹏.COTN:基于契约的信任协商系统[J].计算机学报,2006,29(8):1290-1300. 被引量：18
4林昌意.移动Agent电子商务信任协商机制的研究[J].福建工程学院学报,2006,4(4):421-425.
5任江春,王志英,戴葵.一种新的进程可信保护方法[J].武汉大学学报（理学版）,2006,52(5):532-536. 被引量：3
6沈海波.基于属性访问控制中的敏感属性保护研究[J].湖北教育学院学报,2006,23(8):29-32.
7怀进鹏,胡春明,李建欣,孙海龙,沃天宇.CROWN:面向服务的网格中间件系统与信任管理[J].中国科学（E辑）,2006,36(10):1127-1155. 被引量：6
8杨秋伟,洪帆,郑明辉,廖俊国.信任协商的职责行为和约束[J].计算机工程与应用,2006,42(34):5-7. 被引量：2
9杨秋伟,洪帆,郑明辉,廖俊国.自动信任协商中的推理攻击分析[J].计算机科学,2007,34(7):76-79. 被引量：1
10邵伟俊,金仑,谢俊元.信任协商在信息交换系统中的研究[J].计算机工程与设计,2007,28(13):3082-3084. 被引量：1

同被引文献35

1王远,吕建,徐锋,张林.一个适用于网构软件的信任度量及演化模型[J].软件学报,2006,17(4):682-690. 被引量：50
2李建欣,怀进鹏.COTN:基于契约的信任协商系统[J].计算机学报,2006,29(8):1290-1300. 被引量：18
3吕建,马晓星,陶先平,徐锋,胡昊.网构软件的研究与进展[J].中国科学（E辑）,2006,36(10):1037-1080. 被引量：101
4王怀民,唐扬斌,尹刚,李磊.互联网软件的可信机理[J].中国科学（E辑）,2006,36(10):1156-1169. 被引量：59
5MEI Hong HUANG Gang ZHAO Haiyan JIAO Wenpin.A software architecture centric engineering approach for Internetware[J].Science in China(Series F),2006,49(6):702-730. 被引量：37
6WANG Huaimin TANG Yangbin YIN Gang LI Lei.Trustworthiness of Internet-based software[J].Science in China(Series F),2006,49(6):759-773. 被引量：28
7Mell P, Grance T. Draft N/ST working definition of cloud computing [EB/OL]. Washington: Information Technology Laboratory, United States Department of Commerce, 2010 [2014-04-08]. http://csre, nist. gov/groups/SNS/cloud- computing.
8Armbrust M, Fox A, Griffith R, et al. Above the clouds: A berkeley view of cloud computing, UCB/EECS-2009-28 [R]. Berkeley, CA: University of California, Berkeley, 2009: 1- 23.
9Caroline K, Ellen A. The Right to Privacy [M]. New York: Vintage, 1972:100-132.
10Goldberg I, Wagner D, Brewer E. Privacy enhancing technologies for the Internet [C]//Proc of the 42nd IEEE Int Computer Conf (COMPCON'97). Piscataway, NJ: IEEE, 1997:103-109.

引证文献4

1高枫,何泾沙,吕欣,张峰.Privacy Protection through Appropriate Interaction Patterns[J].China Communications,2011,8(4):141-152.
2李开,李瑞轩,鲁剑锋,卢正鼎.一种不依赖于协商策略的信任协商协议[J].计算机科学,2010,37(11):34-37. 被引量：2
3司冠南,杨巨峰,许静.网构软件可信性演化评估分层Petri网模型[J].计算机科学与探索,2012,6(7):621-630.
4柯昌博,黄志球.云计算环境下隐私需求的描述与检测方法[J].计算机研究与发展,2015,52(4):879-888. 被引量：12

二级引证文献14

1陈泽茂,王浩.自动信任协商中最优信任证披露序列的构建方法[J].计算机应用与软件,2014,31(11):289-291. 被引量：1
2王进,黄志球.云计算中隐私需求的建模与一致性检测[J].计算机研究与发展,2015,52(10):2395-2410. 被引量：3
3张铮.云计算环境下用户数据的安全防护和隐私保护问题探讨[J].信息技术与信息化,2015(9):240-241. 被引量：13
4陈振庆.基于OWL DL的本体推理机设计与实现[J].云南民族大学学报（自然科学版）,2016,25(2):163-168. 被引量：1
5华驰,顾晓燕,张蓉,李祥瑜.“互联网+”背景下云计算技术与应用专业实训基地设计及构建[J].实验技术与管理,2016,33(9):223-228. 被引量：11
6陈振庆.UML用例图的形式化及其推理[J].贺州学院学报,2017,33(2):144-148. 被引量：1
7马薇薇,姜家鑫,张锐.支持时间属性的隐私需求建模与一致性验证[J].计算机与现代化,2017(10):100-104. 被引量：1
8夏林.云环境下用户隐私安全问题和解决方案[J].电子商务,2017,18(12):49-50.
9陈振庆.基于描述逻辑的EER模型检测[J].计算机应用与软件,2016,33(8):39-42.
10王进,黄志球.面向超媒体链接的RESTful服务隐私建模方法[J].计算机研究与发展,2017,54(4):886-905. 被引量：7

1陈泽茂,王浩.自动信任协商中最优信任证披露序列的构建方法[J].计算机应用与软件,2014,31(11):289-291. 被引量：1
2邓志鸿,唐世渭,杨冬青.面向语义集成——本体在Web信息集成中的研究进展[J].计算机应用,2002,22(1):15-17. 被引量：49
3何岩,郑春瑛.基于Petri网的服务网格自动信任协商模型[J].武汉理工大学学报,2010,32(20):103-107.
4金张果,林柏钢,林志远.自动信任协商中一种最小信任披露策略[J].信息网络安全,2012(6):9-13.
5廖瑞辉,陈星光,鞠鹏.基于全生命周期的大型工程Multi-Agent动态决策研究[J].科技与经济,2016,29(3):95-98.
6邵华,李海涛,李程远.物联网感知设备安全检测研究[J].信息安全与技术,2014,5(3):23-26. 被引量：2
754家企业的视频管理平台产品通过新国标符合性检测[J].中国安防,2013(4):7-8.
8何正安,代红,张东升,殷建民.维哈柯文通用软件标准符合性检测方法与实施[J].信息技术与标准化,2010(8):69-72.
9范红.物联网一体化安全检测体系架构研究[J].信息安全与技术,2014,5(4):13-17.
10林宝玺.具有ARINC429接口的TNL—8000型GPS传感器[J].长岭技术与经济,1996(4):37-58.

计算机学报

2009年第10期

浏览历史

内容加载中请稍等...

吝啬语义信任协商被引量：4

参考文献14

二级参考文献20

共引文献63

同被引文献35

引证文献4

二级引证文献14

相关作者

相关机构

相关主题

浏览历史

吝啬语义信任协商 被引量：4

参考文献14

二级参考文献20

共引文献63

同被引文献35

引证文献4

二级引证文献14

相关作者

相关机构

相关主题

浏览历史

吝啬语义信任协商被引量：4