The Research On Certificate Security Policy Test Based On Trust Management Model

Trust management is a authorization mechanism which is suitable to large-scale, open distributed system authorization mechanism.Trust management issues include formalize security policy and security credentials, deciding whether a specific set of credentials meet the relevant policy and whether authorize the trust to a third party.The proof of consistency is the key of trust management issues.And the the certificates chain discovery is a important content of proof of consistency.In the certificate-based trust management model, trust relationships amongs entities was established through the certificate.This paper focusing on the security policy:certificate of trust management model, certificate chain,do relevant studies on the certificate verification testing work based on RTT certificates chain backward search algorithm.The author's research work and practice can be summarized as follows:1. Analysis and research of existing architecture of PKI/CA and trust management model,summarizes the their characteristics and shortcomings;2. According to the features and needs of distributed certificate chain store and search, a certificates searching algorithmis with time domain is proposed.Experimentation shows that trust management language with time domain makes the progress of the credential chain discovery become more prompt and efficient;3. The algorithm is applied to practical systems, and related testing work is done.The analyze work on test results proves that this system has their superiority.The author's main creative points are as follows:1. A trust management language with time domain is proposed on the basis of Role-based Trust-management Language RT. Validity and version number are combined with the structure of certificate and a restriction on lengthen of the set expression is proposed;2. A certificates searching algorithmis with time domain is applied to the certificates verification system. And this paper give a comprehensive and detailed introduct of this improved system;3. Test the certificates verification and certificate revocation fuction and analyze the test result.From the analysis of test result, we can know that response of the improved system based on RTT has been improved significantly. And it has a wide range of practical value.