Research On Credential Chain Discovery Mechanism Based On Improved Role-based Trust Management Language

With the in-depth researches of large scale distributed systems, such as Grid computing, P2P computing, Ubiquitous computing, Cloud computing, Ad hoc networks, etc, the Internet has transformed into an open network environment. Then the traditional centralized access control model can not satisfy the need of the new environment. Therefore, trust management has come into existence. Trust management is an authorization mechanism for open networks. The key technique of trust management theory is proof of compliance, which can check whether the credentials constitute a proof that the request complies with the relevant policy. Proof of compliance can be implemented by credential chain discovery which finds a delegation chain from the source of authority to the requester. However, the existing credential chain discovery algorithms have some deficiencies as follows. The credentials can not been effectively recovered or updated. Moreover, the mechanisms can neither realize dynamic control of roles nor carry out distributed credential storage. To focus on these deficiencies, a credential chain discovery mechanism based on improved Role-based Trust Management Language is proposed in the thesis after systemic research for the credential chain discovery algorithms. The main contributions of the thesis are as follows. Firstly, the frame is proposed, which included the credential storage and search strategy, the trust evaluation method, the credential chain discovery algorithm and so on.Secondly, the credential chain discovery mechanism based on improved RT language is completely introduced. Based on the RT language, the R^TTT language is given with the additional adoption of threshold-value and time-field, which is beneficial to recover and update the credentials. And the dishonest users can be shielded. Based on these efforts, a distributed credential storage and search strategy is put forward by using the CAN protocol. Furthermore, multiple decision attributes are proposed to support fine granularity role management. And a credential chain discovery algorithm based on R^TTT language is designed and implemented. The efficiency and feasibility of the algorithm are demonstrated by the detail analysis.Finally, based on the theory, a credential chain discovery simulation system is designed and implemented. And the experiments have been done and analyzed. Simulation results demonstrate that the proposed mechanism not only has the characteristics of accepted load balance but also creates the minimum credential graph to improve the efficiency of credential chain discovery. Moreover, modified mechanism, to some extend, helps to restrain the behaviors of those dishonest entities, and also greatly strengthen the system's security.