期刊文献+

基于反馈机制的网格动态授权新模型 被引量:10

Grid Dynamic Authorization Model Based on Feedback Mechanism
下载PDF
导出
摘要 网格现有的授权系统存在静态性问题,表现为没有提供机制来反馈用户对授予的权限的使用情况.当一个本来可信的用户或服务变成不可信时,授权系统不能及时发现,对其权限进行调整可能导致恶意用户对网格系统的破坏.因此,在授权系统中建立反馈机制,根据用户的行为动态地调整用户角色,对于网格系统的安全具有重大意义.文中分析了网格中现有的授权系统及信任模型的特点,指出它们存在的不足.在此基础上提出一种基于反馈机制的动态授权新模型,很好地解决了现有授权系统的静态性的缺点.该模型是对CAS授权系统的改进,增加了反馈机制和信任度计算机制.其中,信任度计算机制中提出的基于行为的分层信任新模型较以往的信任模型相比,使用服务权值来区分重要服务和普通服务,从而保护了网格中的重要服务并且能有效地抑制恶意节点的行为;文中提出了一种新的更加精确地计算域间推荐信任度的方法,从而解决了不诚实反馈的问题.反馈机制则利用基于行为分层信任模型给出的用户信任度的变化,实现了根据用户的行为动态调整他的角色.文中还设计了三组模型实验,分别验证新模型的特点、对网格中恶意实体行为的抑制情况,从不同的角度对模型进行了实验,对基于行为的分层信任模型对行为的敏感性、收敛性、有效性及合理性加以了证明. There is a problem of static status in the existing authorization systems of grids that don't provide feedback mechanism to feedback the use of permission by users. When a user or a service with creditability at the past would become unlikelihood, the authorization systems could not find this status in time to adjust the user's permission, so that it is possible for malicious users to destroy the grid systems. Thus, building feedback mechanism in authorization to adjust users' roles by their behavior dynamically is necessary to the security of grid systems. In this paper, we analyze the characteristics of the existing authorization systems and trust models in grid, and point out their shortcomings. This paper proposes a new dynamic authorization model based on feedback mechanism to solve static state of mechanisms. This model improves the authorization system for CAS, and adds trust degree computing mechanism and feedback mechanism to CAS. This paper proposes a new trust model with two layers based on behavior in the trust degree computing mechanism to distinguish important services and common services by using service weight, so it effectively protects important services in grid from the attack of malicious nodes; This paper also use a new method to account trust degrees between domains to solve the problem of dishonesty feedback. By using two-layer trust model based on behavior to get the changes of trust degrees, the feedback mechanism can adjust users' roles by users' behavior. In this paper, a series of simulation experiments are designed such as validating the characteristic of new model, controlling to malicious nodes. These experiments validate the sensitivity, astringency, validity and rationality with behavior in the two-layer trust model based on these behaviors.
出处 《计算机学报》 EI CSCD 北大核心 2009年第11期2187-2199,共13页 Chinese Journal of Computers
基金 国家自然科学基金(90715037 60673046 60805024) 辽宁省自然科学基金(20051082) 高等学校博士学科点基金(200801410028) 重庆科技局自然科学计划项目(2007BA2024) 国家"九七三"重点基础研究发展规划项目基金(2007CB714205)资助
关键词 反馈机制 群组授权服务 信任模型 动态授权 网格计算 feedback mechanism CAS trust model dynamic authorization grid computing
  • 相关文献

参考文献10

  • 1Pearl man P,Kessel man C,Welch V et al.The community authorization service status and future[].Proceedings of the Computingin High Energy and Nuclear Physics.2003
  • 2Cannon S,Chan S,Olson D et al.Using CAS to manage role-based VOsub-groups[].Proceedings of the Computing in High Energy Physics.2003
  • 3Alfieri R,Cecchini R,Ciaschini Vet al.Voms:An authori-zation system for virtual organizations[].Proceedings of thest European Access Grids Conference.2003
  • 4Pearl man L,Welch V,Foster I et al.Acommunity authori-zation service for group collaboration[].Proceeding of the IEEE Workshop on Policies for Distributed Systems and Net-works.2002
  • 5Thompson M,Johnston W,Mudumbai S et al.Certificate-based access control for widely distributed resources[].Pro-ceeding of theth USENIX Security Symposium.1999
  • 6Azzdin F,Maheswaran M.Integrating trust into grid re-source management systems[].Proceeding of theInter-national Conference on Parallel Processing(ICPP’).2002
  • 7Li T Y,Zhu HF,Lam K Y.Anovel two-level trust model for grid[].Proceeding of the ICICS.2003
  • 8Pearl man L,Welch V,Foster I et al.Acommunity authori-zation service for group collaboration[].Proceedings of the IEEE Workshop on Policies for Distributed Systems and Net-works.2002
  • 9Thompson M,Johnston W,Mudumbai S et al.Certificate-based access control for widely distributed resources[].Pro-ceedings of theth USENIX Security Symposium.1999
  • 10David W Chadwick,Alexander Otenko.The PERMIS X.509 role based privilege management infrastructure[].Future Generation Computer Systems.2003

同被引文献57

引证文献10

二级引证文献23

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部