摘要
为了降低自动信任协商中的信任证披露开销,引入资源披露策略树的概念。通过在IKEv2初始交换消息的安全关联载荷中加入完整性级别域和机密性级别域,使之支持自动信任协商策略的安全交换,从而为资源披露策略树的构建提供数据基础。给出最优信任证披露序列搜索算法,它可以从资源披露策略树中搜索效率最优的信任证披露策略。
In order to lower the overhead of credentials disclosure in automated trust negotiation( ATN),we introduce the notion of resource disclosure policy tree( RDPT).By adding an integrity level field and a confidentiality level field to the secure associated load of initial exchange messages of IKEv2 protocol,the RDFPT is allowed to support the secure exchange of ATN policy,thus the data base is provided for the construction of RDPT.We present the optimal credential disclosure sequence search algorithm,which can search from RDPT the credential disclosure policy with best efficiency.
出处
《计算机应用与软件》
CSCD
北大核心
2014年第11期289-291,320,共4页
Computer Applications and Software
基金
国家自然科学基金项目(61100042)
关键词
自动信任协商
信任证
披露策略
访问控制
Automated trust negotiation
Credential
Disclosure policy
Access control