Communication Mechanism Of The Active Security System In Grids

As a kind of distributed heterogeneous system, grid's security system can directly affect the performance of grid service, even influencing physical nets. Although the security problem was seriously, current grid security systems can not afford a perfect resolvement. A grid security system should be an independent subsystem with resource management subsystem. And only by stepwise research from structure, function to cooperative mechanisms, can a perfect grid security system be build up, and even the active security strategies can be realized.Aiming to construct an active secure system, this dissertation researched into communication infrastructure and distributed algorithms based on the functional model of grid secure system. The following original researches are carried out:According to the research background of grid and security problem in recent years, the research necessity of security architecture was pointed out. And the functional model of the Z-Security System was proposed: as a dependent module of grid middleware, the active security system should be composed of authority and authentification, access control, monitor, information warehouse, message center and analyzer; distributed on any secure node, it protected grid resources without disturbing the local policies; and for message-passing the active security system applies uniform interface.It is necessary to establish a communication system for achieving cooperation between secure nodes. But previous communication system could not provide all functions that the Z-Security System needed. So the hierarchical, distributed, dynamic and extensible communication architecture was proposed: firstly, messages' format was defined to be size-changeable, multi-classes and self-defined to exchange cooperation information between secure nodes; secondly, secure nodes were partitioned into different communication domain and formed communication trees which can absorb dynamic secure nodes; thirdly, the selection algorithm of gate nodes is of 0(1) time complexity and O(n~2/4) message complexity, which had lower dependency on network bandwidth; fourthly, providing point-to-point, multicast and broadcast communication pattern...