期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于入侵容忍的证书撤销列表机制研究 被引量:1

Research on certificate revocation list mechanism based on intrusion tolerance
下载PDF
导出
摘要 公钥基础设施(PKI)系统中,认证机构(CA)签名不易伪造,对基于证书撤销列表(CRL)的证书撤销系统的入侵通常是破坏系统的可用性和数据的完整性,针对这一特点,设计了入侵容忍CRL服务系统。系统利用冗余的多台服务器存储CRL,在进行多机之间的数据复制和使用时,采取随机选择主服务器的被动复制算法及选择最近更新的CRL简单表决算法。在实验给定的入侵攻击条件下,入侵容忍的CRL系统比无容忍系统的证书撤销查询正确率提高了近20%,但也增加了系统的开销。实验结果表明,适当地增加CRL服务器的数量能够提高证书撤销查询的正确率且控制系统的开销。 In Public Key Infrastructure (PKI) systems, the Certificate Authority (CA) signature is not easy to forge, thus, intrusions to these certificate revocation systems which are based on Certificate Revocation List (CRL) usually aim at destroying system usability and data integration. Concerning this intrusion feature, an intrusion tolerance CRL service system was designed in this paper. Within the system, CRL was stored on multiple redundant servers. In order to copy and use data among these servers, a passive replication algorithm of randomly selecting main server and a simple vote algorithm of selecting the most recent updated CRL were proposed. Under the given experiment intrusion conditions, although system expenses were increased, the query accuracy of certificate revocation of a system that tolerated intrusions was about 20% higher than that of a system that did not. The experimental results show that adding more servers properly increases the query accuracy of certificate revocation and controls the system expenses.
作者 吕红伟 徐蕾
机构地区 沈阳航空航天大学计算机学院
出处 《计算机应用》 CSCD 北大核心 2013年第1期160-162,170,共4页 journal of Computer Applications
关键词 入侵容忍 证书撤销列表 复制 表决 Over-Issued intrusion tolerance Certificate Revocation List (CRL) copying voting Over-Issued
分类号 TP393.083 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献12

  • 1王政,赵明,斯雪明,韩文报.基于局部签名Hash表的证书撤销列表方案[J].计算机工程,2009,35(1):36-39. 被引量:3
  • 2吴庆涛,华彬,郑瑞娟,魏汪洋,张明川.基于自律计算的入侵容忍模型[J].计算机应用,2010,30(9):2386-2388. 被引量:3
  • 3LIU J M, LI Y Z, ZHAO Y, et al. Research on computer immune system based on intrusion tolerance [ C] //Proceedings of the 2010 International Conference on Future Information Technology and Man- agement Engineering. Piscataway: IEEE Press, 2010:200-203.
  • 4LIU L X, XIA J B, MA Z Q, et al. Rapid-response replication: a fault tolerant algorithm based on active replication [ C] // Proceed- ings of the 7th International Conference on Computational Science. Berlin: Springer-Verlag, 2007:133-136.
  • 5WANG Y J, LI S J. Research and performance evaluation of data replication technology in distributed storage systems [ J]. Computer and Mathematics with Applications, 2006, 51( 11): 1625 -1632.
  • 6DI R H, WANG T, LIANG Y, et al. The analysis and implementa- tion of partition replication-based distributed cache system [ C ]// Proceedings of the 12th International Conference on High Perform- ance Computing and Communications. Piscataway: IEEE Press, 2010:719-724.
  • 7de JUAN-MARIN R, DECKER H, MUNOZ-ESCO F D. Revisiting hot passive replication [ C]//Proceedings of the Second Internation- al Conference on Availability, Reliability and Security. Washington, DC: IEEE Computer Society, 2007:93 - 102.
  • 8刘海蛟,荆继武,林璟锵,杜皎.一种入侵容忍的资料库[J].中国科学院研究生院学报,2006,23(1):46-51. 被引量:4
  • 9SAMYDURAI A, MUKHERJEE S. Fully distributed active software objects replication in OO-Middleware [ C] // Proceedings of the 16th IEEE International Conference on Networks. Piscataway: IEEE Press, 2008:1 - 6.
  • 10TARIQ Q I. Learning from experience: better design techniques for an improved consensus protocol [ C]//Proceedings of the 2nd IEEE International Conference on Computer Technology and Development. Piscataway: IEEE Press, 2010:420-424.

二级参考文献32

共引文献7

同被引文献8

引证文献1

二级引证文献2

计算机应用
2013年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部