| Many emerging applications on the Internet depend upon group communication. It is said that the group communication has clearly become a very important concept within the network architecture. Due in large part to the complexity of establishing and maintaining a security context in groups with a large and potentially dynamic membership, the group communication has suffered from the lack of a well defined security model. This thesis focuses on security problems of group communication, and intends to construct a policy-based security management infrastructure for group communication.Security group management involves monitoring the relevant security activity of a group session, making management decisions and performing actions to control the behavior of the group, maintaining the security property of the group session. The policy is the dependence according to which management decisions are made. Policies are used to bridge the gap between static implementation and application requirements. Applications define policies to describe appropriate security desires, mechanisms, and action rules. The focal point in the area of group security management is the determination and enforcement of group policies.This thesis includes researches on policy design, specification, and management. Based on these researches, a policy-driven secure automaton is presented and an implementation of the automaton is given. The main work of this thesis includes the following aspects:1. Group management and policy spacePolicy design space is decomposed into : group data security policies, key management policies, and membership policies. These three dimensions make the category of the security management.2. Group secure automaton modelSecure group is a set of members that maintain shared group security context. Group security context is dynamically changed when sensitive events occur. The goal of group security management is to maintain secure properties of group within dynamic environment. A secure automaton model for groupmanagement is presented. Within the model, states are all secure states defined by policy, and transition function is described by the policy according to which the machine goes from secure state to secure state.3. Group policy specification languageA definition of policy is derived from the goals of the system being designed. As for security group management, policy is defined as the statement of group security relevant mechanisms, parameters, and behaviors rules. Policy can be described abstractly and mapped to concrete configuration. This thesis profiles a security policy specification language, GPDL, which includes provision clauses and action clauses to describe security and management policies. GPDL provides a tool for management of group policy.4. Policy systemThis thesis gives the design and implementation of a policy management system, SIGMA PS, which supports brief life-cycle of group policy.5. Security Infrastructure for Group ManagementBased on the group security automaton model, a design of securityarchitecture SIGMA is depicted, and the view of its running time is pictured.The implementation of a set of security protocols which support SIGMA isbriefly decribed.This thesis gives an attempt to construct a flexible and adaptive security architecture for group management based on the policy method. A lot of research work is needed.
|
PDF Full Text Request