| Grid Information Service(GIS)is a core functional component of a Grid.It aims at connecting and integrating various distributed and heterogeneous high-performance computers,data servers,large-scale systems for information retrieval and storage, Web servers and visual,virtual reality system by high-speed Internet.GIS provides uniform access to Grid data storage resources and eliminates "Information Island".It is also convenient for users to release,deal with and access information.The key elements of information services are implementation techniques and information security.The key issue of network information services is to guarantee the information security of systems.Grid technology not only promotes the information services to develop in a high speed but also brings security problems. Compared with the traditional information services,GIS system realizes the larger scope and deeper depth of resources sharing so that we should propose a higher security mechanism to guarantee its security.GIS system requires all the standard security features including secure identity authentication,access control,integrity and confidentiality.However,the traditional security model can not meet GIS security requirements.Therefore,research on GIS security has an important significance upon promoting the development of GIS.This thesis focuses on GIS security.It mainly carries on the analysis from the perspectives of security certification and delegation strategy.The main research and innovative work are as follows:1)This thesis analyzes network security protocols related to GIS,such as SSL/TLS, Encryption and PKI/X.509.It also analyzes the vulnerability of each security mechanism.Then it analyzes Quantum Key Distribution(QKD)protocol and concludes that QKD can guarantee the communication security and prevent keys from reading by a third party using the Quantum technology for distributing the private keys between Grid service providers and Grid service requesters.2)This thesis proposes a bridge-based transient trust model by analyzing the security certification problems in current GIS system.A QKD-based security certification model has been proposed based on the trust model.This model uses the characteristics of provable security and measurability of Quantum Cryptography to secure the keys'distribution.This thesis also addresses the feasibility of this certification model.3)Based on analyzing the common authorization system such as the CAS/VOMS/PERMIS and Akenti,this thesis proposes a VOMS based GIS authorization strategy.In conclusion,a QKD-based security certification model and a VOMS-based authorization model have been proposed in this thesis by analyzing the security certification and authorization strategy based on the PKI/X.509,Quantum Cryptography,VOMS,etc.The proposed security certification model can secure GIS security certification.The proposed authorization model can solve the flexibility, expandability,and expressiveness problems of access control to resources and data in GIS authorization. |
PDF Full Text Request