| Along with the development of the modern scientific and technological research, traditional closed research measure could not satisfy the current requirements of scientific research. However, the emergence of the notion of e-Science enables the scientists'communities which collaborate and communicate across disciplines, distance and cultures accomplish the large-scale modern scientific researches. Whereas, the communities and resources belong to the communities are not maintained centrally and controllably, but distributablly maintained transcend organizations and geography. These research communities become virtual organizations of e-Science. Moreover, the participants of VOs share resources, and collaborate with researches based on the trust relationship between them. Unfortunately, traditional computer security could not satisfy the requirements of trust establishment between individuals of virtual organizations anymore. Thus, it's important to research the trust establishment between individuals belong to different VOs, so as to resolve the resource authorization and access control. The dissertation studies the framework and all components of trust negotiation combined with trust management.The main contributions of this dissertation are as follows:1) An XML-based credential and policy language– XTNPL (XM-based trust negotiation policy language) is designed for the e-Science. This dissertation presents an XTNPL language based on the analyzing the requirements of automated trust negotiation combining with trust management architecture. The XTNPL definitely gives definition of syntax and synthesis of credential, Trust Ticket and policy. Based on the analyzing and comparing with other languages of trust management and trust negotiation architecture, this language can not only satisfy the requirement of trust negotiation, but also is scalable.2) A negotiation strategy family for trust negotiation combining with trust management is presented. Based on the requirements of trust management and trust negotiation, the dissertation presents a trust negotiation strategy family including a negotiation strategy supporting trust management; a sub-optimal trust negotiation strategy supporting sensitive attributes protection; an optimal trust negotiation strategy based on the AO* algorithm. The strategy family guarantees that the negotiation parties can always establish trust whenever possible. Furthermore, the strategy family supports the trust management negotiation strategy for trust management system; the optimal negotiation strategy guarantees global minimal sensitive information disclosure, and maximally protects individual privacy.3) An adaptive trust negotiation protocol is presented. Based on the analyzing the lack of subsistent trust negotiation protocols, and negotiation protocol requirements of trust negotiation combining with trust management, a trust negotiation protocol supporting other trust negotiation protocols and negotiation strategies. This negotiation protocol presents a number of novel features, such as the support for all existing protocols, the support of other protocols by flexible extending, the use of TrustTicket credential to speed up the negotiation, especial for the multiple negotiation of the same resource, the support of trust negotiation combing with trust management strategy family. Moreover, the dissertation analyses the interoperability of trust negotiation combing with trust management strategy family, and proofs that the three strategies presented above are weak interoperable.4) A serial of compliance check and credential chain discovery algorithms are designed. The compliance checker is the kernel function component of trust negotiation system. The dissertation presents three efficient compliance check algorithm: algorithm supporting the traditional trust management, algorithm determining minimal sets of credentials that satisfy a remote policy and algorithm determining all minimal sets of credentials that satisfy a remote policy. Furthermore, a new credential storage strategy is put forward by using the CAN protocol based on P2P network. The strategy has not only the characteristic of load balance but also the failure tolerance. An optimized credential chain discovery algorithm is designed, based on the global minimum credentials graph and bidirectional credential search algorithm– CBS. The algorithm has the benefits of reducing the network traffic greatly and high algorithm efficiency.5) A framework of trust negotiation combined with trust management (TTN), and the application model in the e-Science are designed. A framework of TTN is put forward and described the functions of several kernel components, based on the frontal research work. Moreover, the architecture of TTN is presented, and depicted the whole runtime flow in detail according to the architecture. This dissertation designs the authorization and access control model based on the virtual organization under the e-Science environment. This model can resolve the resource sharing and research collaboration requirements between the communities which are composed of individuals belong to dynamic, across security domains, across organizations of e-Science virtual laboratory.
|
PDF Full Text Request