| The rapid development of Internet and the wide use of web applications carriedout on the network information security had become more and more important. In thecurrent open and dynamic network environment, service requester and resourceprovider were always located in different security domains. How to establisheffective trust between strange entities in order to protect the security of resourcessharing had become an urgent security problem, this was also a hot researchdirection. Automated trust negotiation was a method that strange entities establishedtheir trust relationship by iterative disclosure of attribute certificates. It achievedinteroperation, collaboration and resource sharing between strange entities those indifferent domains.In this paper, we firstly introduced the development history of automated trustnegotiation, as well as its research status at home and abroad. However, there had nostrict formal definition for it. In recent research, the main work only focused onsome aspects, which had nothing to do with the time characteristic, withoutconsidering the change over time which may cause the model to dynamic changes,also without reasonable trust negotiation session scheduling strategy and existingdeadlock phenomenon as well as denial of service attack.In order to solve the problems above, we proposed the components of automatedtrust negotiation by using the standard notation system and described an abstractautomated trust negotiation model with the state-transition system, discussed thetime characteristic, divided the automated trust negotiation model into several timephases, studied multi-session scheduling strategy by using the characteristics ofautomated trust negotiation. On these basises, we proposed a security policydescription logic to support time constraints as well as the logic function, thenextended the security policies so that it could describe the time character,constructed a state-transition system with time character to simulate automated trustnegotiation.At last, we discussed the satiability of security policies in automated trustnegotiation. We found that: the satisfiability of the time constraint security policycould be effectively solved in polynomial time. The satisfiability of sensitiveproperty protection strategy that had nothing to do with the state could be effectivelysolved in polynomial time. The satisfiability of general sensitive property protectionstrategy was un-decidable. All this work may contribute to the future research of this field on the theory of reference.In addition, we also designed experiment, and theexperiment results showed that the performance of automated trust negotiation hadbeen improved obviously by the analysis of time characteristic. |
PDF Full Text Request