摘要
针对分布式环境中信任管理缺乏统一定义和一致性验证算法效率较低等问题,给出了信任管理的形式化定义.信任管理为六元组,包括可数的主体集、信任类型集、信任属性集、上下文集,以及主体之间存在的信任关系和定义在信任关系上的且封闭于此关系的函数.同时,讨论了形式化定义与描述性定义之间的关系,由此提出了高效的信任管理模型NUMEN.模型的一致性验证算法基于格不动点理论,其时间复杂度和空间复杂度与授权证书集的势n有关,均为O(n).实验结果表明,NUMEN以较小的开销能够获取较高的安全性,其一致性验证算法优于SPKI/SDSI和Key-Note模型,并得出了授权证书数和权限委托节点数是影响系统运行时间的关键因素的结论.
Many trust management (TM) systems have been proposed, but some issues still remain to be addressed, e.g. there is no consensus on the definition of TM in the literature, and algorithms for proof of compliance are inefficient. To address these problems, a formal definition of TM is proposed in this paper, which is composed of a set of countable principals, a set of trust classes, a set of trust attributes, a set of contexts, a set of trust relationships and a set of rules. The relationship between the formal TM and the descriptive TM is discussed. Based on the formal definition of TM, an efficient TM, called NUMEN, is presented, and the algorithm for PoC is based on the lattice-theoretical fix-point theorem. The time complexity and the space complexity of the algorithm are both O(n) where n is the cardinality of the set of authorization credentials. Experimental results show that NUMEN can effectively protect sensitive resources at the cost of little performance of systems, and the PoC algorithm for NUMEN is more efficient than those for the existing TM systems such as SKPI/SDSI and KeyNote. It is observed that the numbers of authorization brokers and of delegation credentials are crucial factors in determining the runtime.
出处
《西安交通大学学报》
EI
CAS
CSCD
北大核心
2009年第6期15-19,共5页
Journal of Xi'an Jiaotong University
基金
国家自然科学基金资助项目(60773118)
国家高技术研究发展计划资助项目(2006AA01A109).
关键词
访问控制
信任管理
一致性验证
格不动点理论
access control
trust management
proof of compliance
lattice-theoretical fix-point
作者简介
官尚元(1979-),男,博士生;
董小社(联系人),男,教授,博士生导师
