| The emergence and extensive application of Internet bring the resource sharing and accessing from the intro-domain computing environment which is closed, centralized, and relatively static, to inter-domain computing environment which is open, decentralized, dynamic and cooperative. This challenges the authorization management activities in resource sharing and accessing, such as privilege administration, identity authentication and authorization decision. Rising to the challenge, trust management systems proposed a unified mechanism to describe and interpret security policies, credentials and trust relationships among principles, which is a brand new idea and approach for inter-domain authorization management. Trust management is now a hotspot of modern access control technologies.Trust management is still a developing technology and there are many theoretic and practical problems need to be studied, such as lack of intuitionistic authorization models, weakness in controlling privilege propagation, deficiency of the function of architecture and application integration. To solve these problems, this paper firstly analyzes the limitation of the traditional security architectures and trust management systems, to propose an inter-domain authorization management architecture. Then the paper concentrates on the core problems such as policy description, delegation constraint and credential management, and implements a middleware security service based on a distributed computing platform named StarBus+. The contributions of this paper are listed in detail as follows:1. To overcome the deficiency of classic trust management engine architecture, a distributed authorization service architecture named Diamant is proposed, which stands for Distributed inter-domain authorization management. Diamant distinguishes authorization activities between management level and access level, using different privilege models for each level. Diamant introduces session management, credential management, environment evaluation and authorization engine with declarative semantics into authorization management architecture, using policy language to define inter-domain security policies. Diamant is flexible, scalable, adaptive and general, whose policy description and enforcement mechanisms are suitable for the security requirements in inter-domain computing environment. 2. A delegation-based distributed authorization model named DAM is proposed. DAM uses delegation of authority and delegation of capability to model the authorization activities at management level and access level, and introduces domain boundary tag to model the trust boundary of administration domain. Based on function-free definite logic program theory, a Role-based Extensible Authorization Language (REAL) is proposed. The compliance checking algorithm named C2A is also proposed, and the correctness and consistency of C2A with respect to DAM are proved. REAL can express role-based authorization policies, role-based delegation of authority policies, role-based delegation of capability policies and distributed attribute policies with simple rules, which are suitable for inter-domain authorization management.3. Delegation may lead to privilege proliferation, and thus weaken the security of information systems. To make good use of the flexibility of delegation while reduce the security breaches caused by delegation, a delegation constraint model based on delegation tree named SCM (Spatial Constraint Model) is proposed, which controls the privilege propagation based on delegation agencies, depth and targets. Hereby a constrained authorization system model named CAS is proposed. Then REAL is extended with the CAS model to the language REAL05, which controls the privilege propagation at management level and access level. The compliance checking algorithm for REAL05 named C3A is also proposed. The soundness and completeness of C3A with respect to CAS authorization decision axioms are analyzed, which prove the consistency between REAL05 and CAS, and show the feasibility of SCM.4. The availability and consistency of credentials during authorization decision is critical for increasing the availability and reducing the security risks of information systems. A credential management framework for REAL named RCMF is proposed. RCMF constructs credential management methods with two dimensions: storage policy and retrieve policy. RCMF designs credential storage algorithm (CSA) and credential revocation algorithm (CRA), and a session management protocol named SMP to pass and retrieve credentials in the context of sessions. The completeness of credentials can be insured with the combination of CSA and SMP, while the consistency of credentials can be implemented with CRA. RCMF can also be used for the management of REAL05 credentials.5. Based on above research, together with a distributed computing software plat- form named StarBus+, this paper designs and implements a middleware-based inter-domain security service named StarDiamant, which provides security mechanisms such as session management, credential management, environment evaluation, access control, etc. StarDiamant enables communication encryption and identity authentication based on transport layer security protocol named SSL. StarDiamant provides application systems with security services in policy-driven style or even in transparent way. So the application components need not care about security, which is helpful for the separation between authorization logic and application logic. StarDiamant proposes a promising scheme for the efficient integration and configuration of security systems and services.
|
PDF Full Text Request