Research On Trust Mechanism Of Authorization Management Model In Distributed Environments

With the rapid development of computer science and network, there is an urgent need for coordinating and resource sharing in open networks. Whereas, controlling on privileges for accessing resourse is still a crucial aspect for systemic security. Authorization management is the core of access control. Many researchers do much work on authorization management, and obtain great achievement. However, with the development of computer network and application, some issues on authorization management are not resolved effectively. It is necessary to do further research on these issues.In single administrative domain, role-based access control is widely used. However, in the administration model for RBAC, the assignment component maybe still induce leakage of privileges due to illegal operation executed by un-trusted subject. Systemic security strategy is described by security query in administrative model of RBAC. According to the definition of state-transition system, the security analysis is defined and executed on Turing machine. Security query is classified by necessity and possibility. As a result, necessary security query and possible security query independent of status can be resolved in polynomial time, and the conditions under which possible security query is NP-complete problem are presented, but general possible security query is un-decidable.Automate trust negotiation is a method to build the trust relationship between the strangers through iterative and bilateral disclosure of credentials. We analysis abstract action in automated trust negotiation and define pattern of negotiation, then propose abstract model of trust negotiation based on first-order temporal logic. The syntax and semantic meaning are presented. In addition, we analyses disadvantage of existing research in trust negotiation, and then we give the definition of obligation action and constrain. According to the definition of state-transition system, an abstract model is proposed, which depicts not only the alternation but also the autonomy. Finally, we extend the Ack policy to discuss the problem of protecting sensitive information.In ATN, the attributes owned by principles are always relevant each other, so disclosing some attributes maybe induce leakage of sensitive information, namely inference attack. We give the definition and partial order of sensitivity intensity of private attribute, then an abstract automated trust negotiation model is proposed, which depicts relevancy not only between principles and attributes, but also between policies and attributes. As a result, several inference attacks in automated trust negotiation are discussed, then defense scheme and security analysis are presented.In recent research on ATN, the main work focuses on some aspects, which have nothing to do with the time character in recent research, without reasonable schedule scheme of ATN session and existing denial of service attack. The components of ATN are proposed and an abstract ATN model is described with state-transition system. The security policies are extended so that it can describe the time character. A state-transition system with time character is constructed to simulate ATN. The satiability of security policies in ATN is discussed.Authorization management is important precondition and foundation for coordinating and resource sharing in open networks. Considering uncertainty of authorization and analyzing deficiency of authorization model only based on trust or risk, we proposes joint trust-risk evaluation and build the model based on fuzzy set theory, finally derivation principle and constrain principle of joint trust-risk relationships are presented. The authorization management model is defined based on joint trust-risk evaluation, proof of compliance and separation of duty are analyzed. The proposed model depicts not only trust relationship between principals, but also security problem of authorization.