| The appearance of network has changed people to use the way of computer, and the appearance of Internet has again changed the way that people use network. Grid can absorb as a integrated calculation and resource environment, is various to calculate resource, become their transformation a kind of, reliable just relative economic calculation of standard that can get everywhere ability, what it absorb calculate resource to include instrument equipment, network communication ability, data information and the computer of various types, even have the various related resources such as the person of operating ability. The establishment of grid is taking Internet as communication to support platform, Internet is a openness , different Gou sexual maximum public network, this grid schoolwork that makes the operation on Internet is faced with various safe threat , such as: Data had been cut out; The content of information had been falsified or deleted; Shoddy legal user is with server , etc.. The aspect that makes the safe problem of grid environment be concerned with is very broad, therefore the content of grid safe research is also rich. Along with the quick popular and fast development of computer grid, grid safety has become the problem that attracts worldwide attention. The safe problem been faced with by grid can divide into 3 kinds: (1 ) existing system and technology integrated; ( 2 ) the different ability of main computer of in coordination working environment; ( 3 ) interact the confidence relation between the environment of main computer. ( 1 ) existing system and technology integrated regardless of is to stem from technical reason or other reasons, the safe problem of hoping a kind of certain safe technology to solve the grid calculation owned is not realistic. Existing roll-over protective structure Gou is impossible in a night between have been replaced. For instance: Each region in grid environment has the one or more registers used for stocking user account probably ( as: LDAP catalog), these registers are impossible, is shared with other organization or region. Also, in existing environment, have been thought that safely reliable certification mechanism will be also used continuously. Therefore these trends in the technology of using unitary pattern or mechanism not large possibility have been replaced easily. To get success the grid structural needs of security system transition arrive for the existing structure of security system with step platform , step the pattern of main computer integrated. This signifies this architecture but from existing safe mechanism( as: Kerberos, PKI ), realize , will at the same time have but development with but integratedness. ( 2 ) the different ability of main computer of in coordination working environment pass through the service needs of many regions and the environment of main computer can affect mutually, work in coordination. Work in coordination ability major expression in some following layer surfaces. Agreement layer: We need , exchange the mechanism of information between region, this can get through SOAP/HTTP. Tactful layer: To carry out safe conversation participate in in coordination working each side must can explain in detail any strategy that it wants , at the same time these strategies also want can understand easily by other side. So can try establishment each just now safe communication channel with concerning mutually the safe semantic of certification and confidence relation. Identity appraisal layer: We need to have since one can appraise the another inside the country user mechanism of identity inside the country. This kind of requirement has exceeded definition confidence relation with in safe mechanism between( as: From Kerberos bill to X. 509 certificates) get the needs of alliance. If a kind of definite identity can be defined leap in advance many regions, this is certainly best, but actually often do do not arrive. To realize leap successfully in safe environment many regions, must want to realize identity andconfidence shine upon , this can be completed through proxy server or confidence agency. ( 3 ) interact the confidence relation between the environment of main computer grid service needs leap many safe regions, these inside the country the leap of trusting relation in point for point in play a important role. Each kind of service want will it's visit to ask to elaborate understand , so need to visit the entity of these services can visit safely. The confidence relation between end points should come with strategy describe clearly. The course of establishing of confidence for every conversation is the campaign of oneness perhaps, also have possibility for each request want development land evaluate. Because of the development property of grid, under some conditions is impossible in application program carry out before in advance in these establish confidence relation inside the country. In a word, the confidence relation in grid environment is very complex, it need to support to be dynamic , the management of instant service and the disposition of user control. It is that user asks task to carry out to specify to serve in instant and generation, these tasks even include user code carry out. So, the safe problem that solves the environment of grid can divide into 3 following research fields: ( 1 ) integrated solving schema solve emphatically how to use existing service as well as interface should quilt the abstract architecture that can expand. ( 2 ) in coordination working ability solving schema solve emphatically how to the service in the fictitious organization that has different safe mechanism and strategy use problem mutually. ( 3 ) confidence tactful solving schema solve emphatically how to in development grid environment give a definition , management and conducted confidence strategy. Zong on indicate , grid safety is the set of a series of service , is these to serve requirement to offer transmission route safety , identity certification , visit the functions such as control, in whichidentity certification is a basic prerequisite of grid safety. Through certification, can make communication both sides verify identity mutually, guarantee them is with legal authority user communicate. Since grid technology is developing the standard of stage and related technology, in unceasing perfect and standardization stage, though, encryption technology is the strong means of guaranteeing safety , but only, encryption technology can not be still complete to guarantee the safety that information transmits , encryption technology can not still prove your identity or dispatch encryption information to you dispatch identity. On certain kind level and the first road defence line of network safety, it is also the most important a defence line, certification technology gets universal solicitude, certification technology has offered certain person or the guarantee of certain thing identity, it has a special identity that this signifies to be certain person or looks for a job to profess ( as certain specific user name , it is correct that certification technology will offer certain kind method this explanation that confirms. Existing grid safely certification model have below some kinds of: Concentrate type level CA model; CA structural model; Certification model intersects , but these models exist or defect, if use the management of certificate and the model of much CA structure or concentration type certification model, it is very huge to compare the complex data bulk even its certificate and unitized construction that adopts centralized management and update quantity, and with overlapping certification model, on route option, can meet great problem. So, because of the unreliability of network transmission in certification user , must carry out the user informations such as user name and user password to encrypt after biography give server. In data encryption dense Yue protective and safe management in computer network safety in is important.Us here have adopted publicize dense Yue algorithm Diffie-Hellman dense Yue consistent agreement. This agreement can only be used in dense Yue distribution, and can not be used to add decipher data, so we have adopted DES algorithm, for data add decipher. To make our system more safe, we still adopt a kind of measure , stock the news abstract of user password ( the news abstract of user password is use MD5 algorithm get ) in server end database, certification server need to have the ability of distinguishing effective cipher and invalid cipher only , has no necessity to know the clear statement of user password. After user registers the accomplishment information system of science and technology successfully, , does not signify that user can be for systematic resource and is operating to follow the use that heart wants. User for systematic resource carry out visit or carry out any operation, need to possess designated limits of authority ( privilege ) , so still need the management of limits of authority. This paper works according to the Jilin certification server system and its related research development of client computer that saves the development of science and technology in accomplishment information service platform project , has realized switch user as well as the certification server of network customer registration this system , the certification course that system locks , the limits of authority of user is managed , still have certification server timing to customer dispatch Hello bale survey user whether online state.
|
PDF Full Text Request