| The Grid is a new kind of network computing platform arisen after the World Wild Web. Its purpose is to provide an infrastructure for the users to share resources comprehensively. But since it's large-scaled, distributed, heterogeneous, dynamic and as for many other characteristics, it makes the environment of grid computing exceptionally complex. Therefore, the requirement of security in grid environment is much higher than that in traditional network environment. Security plays a key role in grid computing technique, while trust is the core problem people must face to in resolving grid security problems. Based on some basic background knowledge, this thesis summarized the characteristics of grid environment, analyzed the security requirements for Grid, and then pointed out the importance of trust mechanism in grid security, and finally proposed a relatively integrative grid trust model.Nowadays, one main barrier of the dynamic and across-domain grid computing is the existence of firewall. Firewall can not disappear all at once, and it performs the border access rules among domains. Therefore, grid security model must consider the existence of firewall, and must provide a kind of mechanism that can make requirements pass through the firewall without breaking the local control strategy of the firewall. One solution to this problem is service binding technique, but the security of binding is based on the related protocols' and messages' security property, and the security requirement for appointed Web Service access is defined and implemented based on relative policy set of participated points. In connection with the problems above, we researched the existent trust models and the firewall technique, then proposed a grid trust model which can make the service requirements pass through firewall. The model has many advantages: Firstly, there are different security policies for different domains. Secondly, the model considers the transaction context. the historical data of entity influences the measurement of trust value dynamically. Lastly, the trust model is compatible with the firewall and does not break the firewall's local control policies. Grid programs have some common characters: They all span more than one domain; they all need to deal with particular trust and negotiate process of accessing authorities. Therefore, this thesis adopted the idea of the trust model based on domains in designing our trust model. Grid members were divided according to the domains they belonged to. And the trusting relationship was divided into intra-domain trusting relationship and extra-domain trusting relationship with different process strategies. Because of the common security strategies in natural organizations, we divided domains according to the natural organizations and set up an agency for each domain to build extra-trusting relationship. The problem about crossing firewall consists in the step of new member adding to Grid and the step of old member quitting Grid. During the step of new member adding to Grid, the agency inspects new member's identity and sets Trust Value for it, and then informs other agencies which are in the trust table (DOTT). The agencies received notification link from firewalls to update settings to make the service request of new member across domain boundary. During the step of old member quitting Grid, other agencies which have transaction with it link with firewall once more to cancel corresponding right of the member. Linking with firewall is an important part of our work, and it is done by sending XML messages. Another important part of our work in this thesis is providing specific policies for trust expression, quantification and renewal. About trust quantification, we borrowed ideas from the trust model based on subjective logic and integrated identifiable trust and behavioral trust more realistically.At last, we used grid simulator GridSim to simulate our trust model and to analyze its performance. The experiment result shows that this trust model is workable and outgoes the performance of traditional grid trust models based on domains. |
PDF Full Text Request