| With the development of digital communication and computer technologies, the communication network systems get rid of time, location and object constraints, and show a dynamic, heterogeneous, distributed and open network, which is a complex system with multi-party computations. The distributed information system is an application system in distributed networks, in which the system boundary becomes unbounded. Faced with the diversity of usage patterns and environments, the internal management and external security threats, the traditional technologies, such as access control, identity authentication and group key management, cannot satisfy the security requirements of distributed information systems.To support the security requirements of mobile computing in distributed networks, we integrate the technologies of access control, trusted support, random cross encryption in many-to-many communication, and leveled group key management, and explore the key security technologies for constructing the secure distributed information systems. The main contribution of this thesis is fourfold:1. An access control model called Action-Based Access Control (ABAC) and its applications supporting mobile computing in distributed networks are discussed. By introducing the limited temporal states and environmental states, the administrative action and administrative model for ABAC are described. The controlling relations of user-administrative action and administrative action-administrative permission are proposed. The administrative functions are formalized, and the related administrative methods for ABAC are presented. Moreover, the security architecture of ABAC for collaborative information systems and Web Services are presented.2. To provide trust for the terminals in distributed information systems and for the platform of environmental state in ABAC, an enhanced architecture of TPM (Trusted Platform Module) is presented. The new architecture resolves the security issues in pre-configuration, backup, restoration and migration of the internal information, makes the secrecy of TPM controlled by the user, and makes it convenient for users of embedded TPM products (such as security computer) to use, maintain and smoothly migrate.3. To satisfy the requirements of many-to-many randomly switching encryption in local and network storage (such as SAN, NAS) and remote transmission of information in distributed information systems, an architecture and service method of a multi-thread cipher chip are presented. The cipher chip is a critically shared resource in the devices such as a VPN. When the encryption/decryption of different encryption keys and different plaintexts/ciphertexts are randomly switched, the cipher chip supporting thread-level encryption/decryption satisfies the requirements and improves the efficiency of encryption/decryption in many-to-many communications.4. The leveled group key management schemes in distributed information systems are proposed. Based on the key tree and the Chinese remainder theorem, a leveled group key management scheme in wireless networks is proposed. An efficient stateless and leveled group key management scheme focusing on the revocations of wireless nodes is also presented. The security, flexibility, and adaptability of these two schemes in wireless networks are analyzed.
|
PDF Full Text Request