Research On Trust Model And Authorization Strategy Mechanism In Distributed System

As the network technology getting mature, distributed system based on the Internet has developed rapidly, that is a dynamic cooperation system composed of multiple software service entities. Cooperation process will inevitably make large amounts of data processing and model calculation. Whether resource entities can provide safe and reliable services or not has become one of the most important problems. However, current environment has the properties of the dynamic, distributed and heterogeneous of resources and systems. It not only brings security hidden-trouble to resource provider, produces creditability, uncertainty and risk problems, but also enhances the difficulty of authorization management in the distributed environment. Trust management is presented to solve this kind of problems. This thesis applies trust management mechanism to distributed system, and proposes a trust model and authorization strategies of the resource entities to provide supporting technologies for the design of the trusted distributed system.First of all, by analyzing the characteristics of distributed systems, the thesis proposes a new trust evaluation model aiming at the behaviors of strategy deception and dishonesty recommendation of computing entities. In this model, trust information is picked up through entities' satisfaction degree during their collaboration. The model estimates whether the entity are trustworthy or not by direct behavior-based trust value computation and recommendation-based trust value. It introduces an adoption function, makes a distinction between the credibility of feedback of a peer and that of service of the peer and gives the mapping relationship of the adoption weight with the robust feedback credibility. At the same time, the model comes up with a new method of calculating the total trust based on dynamic weight factors by the mapping of the adoption intensity into the equal weight factor of recommendation trust. Simulation experiments show that the dynamic trust model based on the adoption function can inhibit malicious nodes in strategy deception and dishonesty recommendation.Secondly, the distributed, dynamic and heterogeneous properties bring security problem to resource provider. Aiming at the security of resource entities, the thesis presents a risk evaluation model based on asset evaluation, vulnerability evaluation and threat evaluation. In this model, the value, vulnerability and threat of asset were combined to compute the inherent risk of system. Furthermore, synthesizing trust risk of resource request to compute the total risk of the system. The experimental results show that the risk computation model can efficiently evaluate the risk of the distributed computing system.Finally, aiming at current trust management systems didn't considered the security problem of the entities while delegate permission and couldn't manage the authorization control in detailed mode to the entities' behavior in the distributed environment. Besides, the distributed environment brings security risk for the cooperation between the entities, in order to reduce the security risk the thesis proposes an authorization strategy mechanism regarding trust and risk based on the RBAC model. Merging threshold of trust value and threshold of risk rate represents sensitivity to different permissions in roles, by means of trust value, the practicable roles are assigned to the resource entities whose identity are not recognizable in advance. Besides, risk evaluation contributes to authorize to invoke corresponding access permission for resource entities. These satisfy the design demands of the access control mechanism, reduce the resource entity's security hidden trouble in some extents and enhance obviously security in the distributed systems.