| With the development and improvement of internet and information technology, people pay close attention to the security of personal and organization information. In order to solve the information security problems, the "trust management" and "trust negotiation" theory emerged successively, thus setting off a trust negotiation policy language study boom.Through studying and analyzing existing trust negotiation languages and trust negotiation system, a multi-policy trust negotiation language and a dual feedback model which gathers the advantages of the two feedback mechanism are put forward, which aimed at low negotiation efficiency of existing languages and system.In order to make the trust negotiation languages apply to the open distributed grid environment better, the multi-policy DEN language and its knowledge framework are designed combining with PeerAccess language. First, the shortages of proof hint rules are overcome by adding "feedback" predicate; then "disclose" release predicate is defined according to multi-entity interaction of grid environment; subsequently the validate concept is introduced in exposure policies, and "validate" verification predicate and "Redisclose" predicate are defined; then the blacklist and its policies are detailed,"search" predicate and other predicates are defined, finally, the trust negotiation language which supported multi-policies is realized.Moreover, users usually receive "denied access" with no specific reason when resources are denied access, which makes the legal users reject by system with no reason, affects the friendship of human-computer interaction, and also lowers the efficiency and success rate of negotiation. Therefore, a feedback mechanism which applies to access denying is proposed, and a feedback model is built based on the identification of requesters and current system environment, then the model which can feedback two types information is realized.For DEN language, the credential exchanging times of using DEN and PeerAccess by different kinds of entities is compared according to the process of negotiation using the two languages, the result shows that DEN language can support complex access control policies, multi-protection of sensitive information and high efficient negotiation; for DFM, the instance proves the model can provide useful and suitable information without exposing sensitive information and policies, which based on the identification of requesters and system environment. All the above works are concluded in the end, and the future directions are looked forward. |
PDF Full Text Request