一种高效安全的自动信任协商模型

计算机科学 ›› 2015, Vol. 42 ›› Issue (Z6): 378-381.

一种高效安全的自动信任协商模型

李健利,邓潇,王艺谋,谢悦

哈尔滨工程大学计算机科学与技术学院哈尔滨150001,哈尔滨工程大学计算机科学与技术学院哈尔滨150001,哈尔滨工程大学计算机科学与技术学院哈尔滨150001,哈尔滨工程大学计算机科学与技术学院哈尔滨150001

出版日期:2018-11-14 发布日期:2018-11-14
基金资助:
本文受国家自然科学基金项目(61073042)资助

Security and Efficiency Negotiation Model

LI Jian-li, DENG Xiao, WANG Yi-mou and XIE Yue

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 自动信任协商是分布式环境中陌生结点建立信任的有效方法。协商过程中,协商结点既要隐藏自身敏感信息,又要相互暴露信息以增强彼此信任,这种矛盾的局面使得效率和安全成为研究者主要关注的问题。提出了一种新的协商模型,在传统模型的基础上加入了信任票证库和信任评估模块。其中,信任票证用于记录历史协商的信息,信任评估模块用于评估结点的相互信任等级。在协商时,首先判断双方是否存在直接可用的信任票证,若存在,则直接通过验证信任票证而省略数字证书的交换过程。反之,则利用票证中记录的协商双方的成功协商次数和失败协商次数,以此评估协商双方的信任等级。信任等级的提高降低了双方数字证书对对方的敏感性,进而减少了协商过程中访问控制策略和数字证书交换的次数,缩短了整个协商消耗的时间,从整体上提高了协商的效率。由在TrustBuilder2上的实验可知,提出的模型能有效地提高协商的效率,通过分析可知,利用记录的协商失败时间信息,可以有效地防止恶意结点对服务方的拒绝服务攻击,从而证明了该模型是高效安全的。

Abstract: Automated trust negotiation is a way to establish trust for strange peers in the distributed environment.Du-ring negotiation,peers have to not only conceal sensitive information,but also reveal information to strengthen mutual trust,that contradictory situation makes safety and efficiency become the main concern problem for researchers.We proposed a new negotiation model which adds trust file repository and trust evaluation module into the traditional model.Trust file is used to record historical negotiation information of two peers and trust evaluation module is used to eva-luate the trust level of two peers.When negotiation starts,it firstly queries if there is available trust file to be directly used.If it exists,verify it to omit the process of exchanging credentials.Otherwise,it uses the success and fail negotiation times to evaluate their trust level of two peers.Since the trust level of the two negotiators has increased and the sensitivity to the digital credential to each other has decreased,the exchange times of the access control policy and the digital credential will be decreased during the negotiating.Furthermore,it will shorten the time spent and increase the efficiency.By doing experiment in Trustbuilder2,the proposed model is able to increase negotiation efficiency.By analyzing,it is able to protect negotiation form denial of service by using the recorded fail negotiation time.Therefore,the proposed model is safe and efficient.

Key words: Automated trust negotiation,Trust file,Trust evaluation,Negotiation safety,Negotiation efficiency

李健利,邓潇,王艺谋,谢悦. 一种高效安全的自动信任协商模型[J]. 计算机科学, 2015, 42(Z6): 378-381. https://doi.org/

LI Jian-li, DENG Xiao, WANG Yi-mou and XIE Yue. Security and Efficiency Negotiation Model[J]. Computer Science, 2015, 42(Z6): 378-381. https://doi.org/

参考文献

[1] Winsborough W H,Seamons K E,Jones V E.Automated trust negotiation[C]∥Proceedings DARPA Information Survivability Conference and Exposition,2000(DISCEX’00).IEEE,2000,1:88-102P
[2] Winslett M.An introduction to trust negotiation[M]∥TrustManagement.Springer Berlin Heidelberg,2003:275-283
[3] Harrison M A,Ruzzo W L,Ullman J D.Protection in operating systems[J].Communications of the ACM,1976,19(8):461-471
[4] Bell D E,LaPadula L J.Secure computer systems:Mathematical foundations[R].Mitre Corp Bedford MA,1973
[5] Ferraiolo D,Kuhn D R,Chandramouli R.Role-based access control[M].Artech House,2003
[6] Sandhu R S,Coyne E J,Feinstein H L,et al.Role-based access control models[J].Computer,1996,29(2):38-47
[7] Blaze M,Feigenbaum J,Lacy J.Decentralized trust management[C]∥Proceedings.,1996 IEEE Symposium on Security and Privacy,1996.IEEE,1996:164-173
[8] Bertino E,Ferrari E,Squicciarini A C.Trust-𝒳;:a peer-to-peer framework for trust establishment[J].IEEE Transactions on Knowledge and Data Engineering,2004,16(7):827-842
[9] Liu B,Lu H.A peer-to-peer framework for accelerating trust establishment[C]∥International Conference on Multimedia Information Networking and Security,2009(MINES’09).IEEE,2009,1:135-139
[10] Liu B,Lu H,Zhao Y,et al.A Framework:Trust Establishment for E-services[C]∥International Conference on e-Education,e-Business,e-Management,and e-Learning,2010(IC4E’10).IEEE,2010:141-145
[11] Jianli L.Multi-negotiation targets in Automated Trust Negotiation over TrustBuilder framework[C]∥2012 8th International Conference on Computing Technology and Information Management(NCM and ICNIT).2012,1:101-105
[12] 廖振松.虚拟组织中自动信任协商研究[D].武汉:华中科技大学,2008

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed