计算机科学 ›› 2010, Vol. 37 ›› Issue (8): 67-71.
• 计算机网络与信息安全 • 上一篇 下一篇
李开,卢正鼎,李瑞轩,刘百灵
出版日期:
发布日期:
基金资助:
LI Kai,LU Zheng-ding,LI Rui-xuan,LIU Bai-ling
Online:
Published:
摘要: 自动信任协商主要解决跨安全域的信任建立问题,使陌生实体通过反复的、双向的访问控制策略和数字证书的相互披露而逐步建立信任关系。由于信任建立的方式独特和应用环境复杂,自动信任协商面临多方面的安全威胁,针对协商的攻击大多超出常规防范措施所保护的范围,因此有必要对自动信任协商中的攻击手段进行专门分析。按攻击特点对自动信任协商中存在的各种攻击方式进行分类,并介绍了相应的防御措施,总结了当前研究工作的不足,对未来的研究进行了展望。
关键词: 自动信任协商,攻击,防范措施,敏感信息
Abstract: The purpose of Automated Trust Negotiation (ATN) is mainly to establish trust among different security domains. ATN is an approach to establish mutual trust between strangers wishing to share resources or conduct business by gradually requesting and disclosing access control policies and digital credentials. Special attacks can be initiated to ATN according to the characteristics of the way of trust establishment, which cannot be effectively tackled by the measures preventing normal network attacks. Therefore, it is essential to analyze all kinds of attacks existing in ATN. A comprehensive survey of research on attacks in ATN was presented based on the classification and introduction of different attacking manners and corresponding defenses,the shortcomings of the current related research were pointed out and the development trend was also discussed.
Key words: Automated trust negotiation, Attack, Defense, Sensitive information
李开,卢正鼎,李瑞轩,刘百灵. 自动信任协商中的攻击与防范[J]. 计算机科学, 2010, 37(8): 67-71. https://doi.org/
LI Kai,LU Zheng-ding,LI Rui-xuan,LIU Bai-ling. Attacks and Defenses in Automated Trust Negotiation[J]. Computer Science, 2010, 37(8): 67-71. https://doi.org/
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.jsjkx.com/CN/
https://www.jsjkx.com/CN/Y2010/V37/I8/67
Cited
首页