基于SPKI/SDSI证书链搜索算法与访问控制模型设计

Design an Access Control Model and a Certificate Chain Search Algorithm Based on the SPKI/SDSI

下载PDF

导出

摘要目前,PKI是解决信息安全问题的一种最成熟的技术手段,能够有效解决大部分安全问题,但是PKI无法实现网络上的资源控制。SPKI/SDSI可以有效解决资源控制问题,然而由于证书链搜索算法复杂度高,目前基于SPKI/SDSI设计的访问控制模型,都存在一定的问题。紧紧围绕受控资源的访问保护,基于SPKI/SDSI设计了一个高效的分布式访问控制模型,同时提出了一种新的证书链搜索算法,在海量证书库中能快速的查找证书链,并通过模拟实验,验证新的算法的效率,实验结果表明证书数量越大,文中的算法优势越明显。 Currently, the most sophisticated technical means to resolve the problem about network security is PKI. But the PKI can not control the protected resources on the network. SPKI/SDSI could resolve this problem effective- ly, howerver, because the complexity of the certificate chain discovery algorithms is high, there are some problems in existing access control models that based on SPKI/SDSI certificates. The paper focuses on the access of the protected resources on the network, designs an efficient distributed access control model that based on SPKI/SDSI certificates. Meanwhile, proposes a new certificate chain discovery algorithm, so that could find a certificate chain in the mass certificate repository quickly. At last, do some simulation experiments to test the efficiency of the algorithm proposed in this paper. The results shows that the greater the number of the certificates, the more advantages of the proposed algorithm in this paper.

作者赵晔晖

机构地区宁夏银川河东机场民航宁夏空管分局气象台

出处《成都信息工程学院学报》 2012年第2期174-179,共6页 Journal of Chengdu University of Information Technology

关键词 SPKI/SDSI PKI 证书链搜索分布式访问控制 SPKI/SDSI PKI certificate chain discovery distributed access control

分类号 TN918.91 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献9

1Carl Ellison. SPKI/SDSI and the Web of Trust[J ]. Journal of Computer Security, 2010,11(6) :132 - 141.
2Buter W Lampson, Martin Abadi, Michael Burrows, et al. Authentication in Distributed Systems: Theory and Practice[J]. ACM Transactions on Computer Systems,2011,10(4) :265 - 310.
3B Lampson, Sean Smith . Using SPKI/SDSI for distributed maintenance of attribute release polices in shib- bolefth[J ]. Journal of Computer Security, 2010,9 (4) : 235 - 239.
4Nazareth S, B Schneier. Ten Risk of PKI:What You are Not Beinig Told About Public Key Infrastructure[J 1. Communication of the ACM, 2009,32 (6).
5C Ellison, B Schneier. Risks of PKI Electronic J ]. Communication of the ACM, 2010,43 (2).
6Sameer Ajmani, Dwaine E Clark, Chuang-Hua Moh, etal. ConChord: Cooperative SDSI Certificate Storage and Name Resolution[J ]. IEEE Communications, 2010, 11 (6) :132- 141.
7Martin Abadi. On SDSI's Linked Local Name Spaees[J 1. Journal of Computer Security, 2008, 6(1 -2) .3 - 21.
8Xavier Orri, J M Mas, Octalis SA. SPKI-XML Certificate Structure. draft-orri-spki-xml-cert-struc-00, ext [ EB/OL]. http.//www, eeom. tifr. res. in/-wvp/pki/SPKI/draft-orri-spki-xml-cert-struc-00, pdf, 2010.
9Yki Kortesniemi. SPKI Performance and certificate Chain Reduetion[J 1. Journal of Computer Security, 2010, 15(9) : 131 - 137.

1张彬连,唐文胜,徐洪智.证书链在移动Ad Hoc网络密钥管理中的应用[J].吉首大学学报（自然科学版）,2006,27(3):40-42.
2王浩,谢颖,郑武.无线移动自组网混合式密钥管理方案研究[J].电子科技大学学报,2007,36(6):1164-1166. 被引量：1
3朱贤,邢光林,洪帆.分布式环境下的访问控制综述[J].微型机与应用,2005,24(1):4-7. 被引量：4
4金传升.数据加密器[J].信息安全与通信保密,1996,0(2):33-33.
5周海兴.竞争窗口大小对IEEE 802.11无线网络的影响[J].广东通信技术,2008,28(10):40-43. 被引量：2
6刘红梅.一种Light-PKI快速认证模型[J].计算机应用与软件,2012,29(6):43-45.
7激光扫描器[J].世界电子元器件,2015,0(1):46-46.
8何峣,黄海.基于non-IP+SCEF技术增强物联网终端安全性的研究[J].电信科学,2017,33(2):36-41. 被引量：2
9黄琛,李忠献,杨义先,徐国胜.一种新的兼容多种身份认证方式的Web单点登录方案[J].北京邮电大学学报,2006,29(5):130-134. 被引量：13
10林璟锵,荆继武,张琼露,王展.PKI技术的近年研究综述[J].密码学报,2015,2(6):487-496. 被引量：42

成都信息工程学院学报

2012年第2期

浏览历史

内容加载中请稍等...

基于SPKI/SDSI证书链搜索算法与访问控制模型设计

参考文献9

相关作者

相关机构

相关主题

浏览历史