Please wait a minute...
浙江大学学报(工学版)
J4  2010, Vol. 44 Issue (12): 2241-2250    DOI: 10.3785/j.issn.1008-973X.2010.12.003
自动化技术、计算机技术     
基于角色的信任证覆盖网络中高效信任链搜索
陈珂, 胡天磊, 陈刚
浙江大学 计算机科学与技术学院,浙江 杭州 310027
Fast trust chain search in role-based credential overlay network
CHEN Ke, HU Tian-lei, CHEN Gang
College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China
 全文: PDF  HTML
摘要:

现有的信任链发现均假设信任证为集中式存放,针对该局限性,设计一个基于角色的信任证覆盖网络(RBCON),并提出RBCON生成、维护等算法,在此基础上给出信任链搜索方案.信任凭证存储在RBCON各个结点上,基于角色的分布式哈希表以实现信任凭证的双向定位.基于角色的信任证覆盖网络结点频繁加入或者离开时能高效的完成多种信任链查询.大量仿真实验表明:该方案能够满足分布式信任链发现的各种查询的需要,并能在尽可能少的证书定位和查找的前提下完成信任链的搜索;该网络在持续的网络结点加入和离开/失败的情况下依然能保证较高的信任链查找率,因此,能够较好的抵抗各种恶意网络攻击.
Abstract:

Current research on trust chain discovery is based on the assumption that the credentials were stored centrally. Aiming at this limitation, a role-based credential overlay network (RBCON) was proposed. Every peer of RBCON can store rolebased credentials, by which trust chains can be established between each pair of peers based on role-based distributed Hash table. RBCON also introduces novel algorithms for RBCON generation, stabilization, trust chain search and present new distributed data structure for storing role-based credential keys. RBCON adapts efficiently as peers join and leave the system, and can execute trust chain search even if the system is continuously changing. The simulation results highlight the correctness and efficiency of this solution, especially the communication cost and the state maintained by each node scale logarithmically with the number of RBCON peers. The solution is very easy to implement and popularize.
出版日期: 2010-12-01
:  TP 309.2  
基金资助:

国家自然科学基金资助项目60603044,60970124);国家“863”高技术研究发展计划资助项目(2009AA01Z137);中央高校基本科研业务费专项资金资助项目2009QNA5016).
通讯作者: 胡天磊,男,副教授.     E-mail: htl@zju.edu.cn
作者简介: 陈珂(1977—),女,河南郑州人,助理研究员,从事数据库、嵌入式软件和数据安全等的研究.E-mail:chenk@zju.edu.cn
服务  
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章  

引用本文:

陈珂, 胡天磊, 陈刚. 基于角色的信任证覆盖网络中高效信任链搜索[J]. J4, 2010, 44(12): 2241-2250.

CHEN Ke, HU Tian-lei, CHEN Gang. Fast trust chain search in role-based credential overlay network. J4, 2010, 44(12): 2241-2250.

链接本文:

http://www.zjujournals.com/eng/CN/10.3785/j.issn.1008-973X.2010.12.003        http://www.zjujournals.com/eng/CN/Y2010/V44/I12/2241

[1] BLAZE M, FEIGENBAUM J, STRAUSS M. Compliancechecking in the policymaker trust management system [J]. Lecture Notes in Computer Science, 1998, 1465: 254-274.
[2] 徐锋,吕建. Web安全中的信任管理研究与进展 [J]. 软件学报, 2002, 13(11): 2057-2064.
XU Feng, LV Jian. Research and development of trust management in Web security [J]. Journal of Software, 2002, 13(11): 2057-2064.
[3] CLARKE D, ELIEN J E, ELLISON C, et al. Certificate chain discovery in SPKI/SDSI [J]. Journal of Computer Security, 2001, 9(4): 285-322.
[4] MAO Ziqing, LI Ning, WINSBOROUGH W H. Distributed credential chain discovery in trust management with parameterized roles and constraints [J]. Information and Communications Security, 2006, 4307: 159-173.
[5] NIKANDER P, VILJANEN L. Storing and retrieving Internet certificates [C]∥ Proceedings of the 3rd Nordic Workshop on Secure IT Systems. Trondheim, Norway: Elsevier, 1998: 1-13.
[6] STOICA I, MORRIS R, KARGER D, et al. Chord: a scalable peertopeer lookup protocol for Internet applications [C]∥ Proceedings of the 2001 ACM SIGCOMM Conference. San Deigo, CA: ACM, 2001: 149-160.
[7] LI Ning, WINSBOROUGH W H, MITCHELL J C. Distributed credential chain discovery in trust management [J]. Journal of Computer Security, 2003, 11(1): 35-86.
[8] AJMANI S, CLARKE D E, MOH C H, et al. Conchord: cooperative SDSI certificate storage and name resolution [C]∥ PeertoPeer Systems: 1st International Workshop. Ithaca, NY, USA: SpringerVerlag, 2002: 141-154.
[9] KARGER D, LEHMAN E, LEIGHTON F, et al. Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the world wide Web [C]∥ Proceedings of the 29th Annual ACM Symposium on Theory of Computing. Texas, United States: ACM, 1997: 654-663.
[10] CHEN Ke, HWANG K, CHEN Gang. Heuristic discovery of rolebased trust chains in peertopeer networks [J]. IEEE Transactions on Parallel and Distributed Systems, 2009, 20(1): 83-96.
[11] STEPHANOS A, DIOMIDIS S. A survey of peertopeer content distribution technologies[J]. ACM Computing Surveys, 2004, 36(4): 335-371.
[12] 罗杰文. Peer to peer综述[EB/OL]. [20051103].http:∥www.intsci.ac.cn/users/luojw/papers/p2p.htm.
[1] 马晨华, 王进, 裘炅, 陆国栋. 基于情景约束的工作流柔性访问控制模型[J]. J4, 2010, 44(12): 2297-2308.
[2] 余利华, 陈刚, 王伟, 陈柯, 董金祥. 一种基于容器的自组织存储模型[J]. J4, 2010, 44(5): 915-922.
[3] 江颉, 张杰, 陈德人. 基于推理的上下文感知RBAC模型设计和实现[J]. J4, 2009, 43(09): 1609-1614.
[4] 陈珂, 邵峰, 陈刚, 等. XML结构化匹配中的位图过滤加速法[J]. J4, 2009, 43(09): 1549-1556.