Font Size: a A A

Research On Key Technologies Of Trust Based Grid Authorization

Posted on:2012-07-08Degree:MasterType:Thesis
Country:ChinaCandidate:H R XiongFull Text:PDF
GTID:2218330371462570Subject:Military communications science
Abstract/Summary:PDF Full Text Request
Dynamic, distributed and heterogeneous grid environment brings dynamic authorization requirement for grid. In the dynamic authorization method, entities'privileges can be adjusted dynamically according to continually changed behaviors and attributes of entities during the session. Traditional authorization methods based on entities'identities preassign privileges for requesters statically. These methods can not satisfy authorization requirements of distributed and dynamic grid environment due to their static authorization information. ABAC can support dynamic authorization well based on entities'attributes such as their principalship and access location. But ABAC pays little attention to behavior trust, without updating entities'privileges according to dynamically changed behaviors. It's difficult to control the entities'behaviors in ABAC. In order to resolve this problem, this thesis explores deeply into key technologies of trust-based dynamic authorization in grid environment. The main research work shows as below.1. A Trust-Based Grid Authorization Model called TBGAM is proposed. Due to the dynamic authorization requirements of grid and the drawbacks of ABAC hardly paying attention to trust, introducing the entities'behavior trust into authorization based on ABAC, a trust-based grid authorization model is brought forward. The entities'attributes and trust are considered to be the references for authorization decision in this model. Dynamic authorization in grid environment is supported and provided effectively from the perspective of both identity security and behavior security in TBGAM model. The formal definition of the model is given, including main elements, relations, constraint, rules and operation functions. The security of the model is analyzed with Finite State Machine. Compared with related works, TBGAM supports least privilege and separation of duty principles, improves the security as well as flexibility and expansibility during dynamic authorization management.2. A TBGAM based grid authorization service framework is designed. Aiming at the requirement of flexibility, loose-coupling, extensibility in the grid authorization management, the TBGAM based grid authorization service framework is built. This thesis explores deeply into the key technologies for the given framework, including authorization service combination method, attribute-based policy composition algebra and state judgment method based on Set Pair Analysis. Many grid authorization key services are designed such as the attribute service, policy service, context service, trust service and privilege service and so on.3. An authorization-oriented trust evaluation method for grid is proposed. Based on the TBGAM model and TBGAF framework, the thesis analyzes the relation between trust evaluation and authorization. Aiming at the defects in existing trust evaluation methods and providing trust foundation for dynamic authorization, an authorization-oriented trust evaluation method for grid is explored. Based on historical interaction threshold and recommendation threshold used to control the weights of the direct and indirect trust, an improved trust evaluation method is presented to compute the general trust, with highly dynamic adaptive capacity. A method based on IOWA algebra is used to configure the weights of historical trust and evaluate direct trust. Recommendation trust is evaluated based on collecting the recommendation trust utilizing OSPF protocol. Evaluated trust will serve authorization decision effectively. A series of simulation experiments are designed to test the effectivity and dynamic adaptability of the trust evaluation method.4. An authorization feedback-based direct trust update mechanism is put forward. Aiming at managing the behaviors of the entities authorizated, through embedding service weight into trust evaluation and evaluating the entities'behaviors in multiple factors, an incentive mechanism based on authorization feedback is proposed to update direct trust. According to the behaviors of the entities after interaction, incentive mechanism is used to increase and reduce the direct trust of the positive entities and malicious ones respectively dynamically and effectively, enhancing the security of accessing resource.5. A trust-based grid authorization service module is designed and implemented. Based on service oriented architecture, trust-based grid authorization service module is loose-coupled and reusable, satisfying the dynamic authorization requirements of distributed grid environment.
Keywords/Search Tags:Grid Authorization Model, Trust, Dynamic Authorization, Grid Authorization Service Framework, Service Combination, Policy Composition, Trust Evaluation
PDF Full Text Request
Related items