| The research on grid computing is very prevalent in information technology field currently, the secure mechanism in grid is very complex, and the traditional secure technology in distributed system couldn't solve these requirements of grid, of course, it's very important to construct a new secure mechanism for grid environment. In this thesis, according to the status in grid access control, which many researches mainly concentrated on the implementation mechanism of access control, few researches are on automatic implementation mechanism for access control in grid, and these researches are also inadequate in fine-grained, dynamically suitable and extensible. So the author considered the services composition relations, adopted the methods to improve the attribute-based access control technology for grid ,which are policy set automatic composition and main elements automatic combination, and presented the access control model to improve these characters of secure reliability, dynamic adaptability and extensibility, which much more suitable for grid environment than others. So,these works in this thesis are meaningful exploring for security research in grid environment.The main researches in this thesis are summarized as follows:①According to the traditional grid policies only defined subjects, objects and permissions simply, and which were inadequate to support attribute set description for subjects, objects and circumstance, the author utilized XML to describe these main elements based on relation-based quintuple expression method in the model, and described the policy set based on XACML. After analyzed the relations among elements in grid access control, the quintuple expression method presented in this thesis could describe these relations of elements much exactly, and this description could be convenient for policy set composition, elements combination and updating management. So the description method in this thesis for policy set and main elements could be more suitable for the requirements of grid security than others.②According to the current mutipolicy composition didn't consider the dependency relations between grid services and policy set composition, the author put forward the policy set automatic composition for grid virtual organizations.The author constructed the policy set composition relations along with services composition path, which embodied the composition relations between the services and policy set were strongly dependent. In this thesis, the automatic composition was based on the automatic composition engine, and the automatic composition algorithm was also presented. After the analysis, the conclusions could be made that policy set composition didn't break the determination and continuity for authorization for access in policy set.③Aimed at production the new global policy set in virtual organization, the main elements in policy set must be parsed and combined, after combined, the new global policy set in virtual organization was born automatically. According to the current mutipolicy composition neither combine nor simplify elements in policy set, the author constructed the parsing framework for the description documents. In the thesis, the attribute set and permission combination algorithm has been presented, and the interrelated constraints were also discussed. According to the combination method and constraints, the global policy set in virtual organization was produced, the attribute set and permission set combination method raised verification efficiency, and couldn't break these secure constraints before composition.④Aimed at solve these question in current access control model, which they hadn't the suited capability with the automatic composition of grid services, and they were inadequate in control grain, extensibility and dynamic adaptability, so the author take advantage of the access control based on attribute, and put forward the access control model based on policy set automatic composition (PCACM). In the PCACM, the author analyzed the model in theory and simulation,which stated clearly that the model was better in security, control grain, verification efficiency and dynamic adaptability than others.⑤In order to introduce the PCACM model how to work, the author implementedthe PCACM model in practical application, which is the chongqing expressway zone-network-supervision management grid system. These works expressed that the PCACM model had much stronger availability and feasibility, and it was more suitable for grid environment than previous models.To sum up, aimed at solve these question in current access control model, which they hadn't the suited capability with the automatic composition of grid services, and they were inadequate in control grain, extensibility and dynamic adaptability, the PCACM model was put forward in this thesis, which was better in security, control grain, extensibility and dynamic adaptability than previous models, and the verification efficiency of this model was high,. The author has presented the construction method for the PCACM model and implementation framework, from all these works, it is clear that the PCACM model was feasible, and it was more suitable for grid environment than previous models.
|
PDF Full Text Request