开放网格服务架构下的安全策略研究
|
摘要
在一个动态、异构、跨域的开放网格服务架构下实现资源的广泛共享,必须解决身份鉴别、信息保密、访问控制、审计等一系列安全问题。由于构建在互联网基础之上,网格系统不得不面对来自内部和外部的各种安全威胁。从网格技术的长远发展来看,结构良好、灵活可靠、可扩展的安全策略,对网格系统的应用和推广具有重要的意义。
身份鉴别是保护网格系统免遭敌手侵入的第一道防线。普通的分布式系统所采用的集中认证管理方式在网格环境下应用时将面临认证中心的效率瓶颈和保持第三方在线的问题。提出了基于离线公钥证书的网格身份鉴别策略,该策略运用组合公钥密码理论,突破了公钥基础设施的用户管理规模和鉴别方式,简化了密钥管理过程,提高了鉴别效率,降低了系统的建设和维护成本。描述了在网格应用中实施这种身份鉴别策略的过程,通过模拟实验和传统方式进行对比,说明了该策略的可行性和高效性。
针对可能出现的资源越权使用问题,访问控制机制可将网格用户的活动限制在合法的范围内。传统访问控制模型通常采用静态的授权策略,难以适应网格环境下的主动授权需要。常见的分布式系统访问控制策略在网格中应用时,也会出现一些实际问题。提出了基于任务的计算网格访问控制模型,给出了模型的基本定义和访问控制算法,并在此基础上引入角色概念,将该模型扩展为基于任务和角色的计算网格访问控制模型,使安全管理工作得到了简化。根据目前访问控制理论的最新发展情况,分析了使用控制模型在网格环境下的应用前景,描述了基于上下文感知的网格使用控制模型基本思路和实现方法。
在网格这样的动态环境中,无法保证加入网格的节点都是善意的实体,需要根据实体在一段时间内的行为判断其可信任、可依靠的程度,并根据这种程度确定实体的权限。分析了信任管理对网格系统的重要作用,针对目前一般网格信任模型对恶意推荐缺乏惩罚,对有效推荐缺乏奖励等问题,提出了一种带推荐反馈机制的网格域间信任模型,对模型相关的信任度、信誉值以及推荐反馈的计算给出了详细的说明。利用网格仿真软件对该模型进行了模拟,测试了网格域间信任度的预测情况和推荐信任反馈效果。
审计是信息系统安全机制不可缺少的一环,也是保障网格安全的重要手段。在网格环境中实施安全审计,需要解决分布在互联网上各个节点所产生的审计记录的收集和分析问题。针对网格动态和异构的特点,运用分布式人工智能领域的研究成果,提出了基于移动代理的网格安全审计策略,介绍了该策略的系统结构和实现过程,通过在实验平台下实施该策略并与普通审计策略进行对比,表明了基于移动代理的网格安全审计策略的可行性和高效性。
网格的安全问题在身份鉴别、访问控制、信任管理和安全审计四个方面得到了全面的分析和深入的研究。提出的各种安全策略,从不同层次和角度解决了网格环境下存在的主要安全问题,对网格技术的产业化发展和商业化应用具有较好的促进作用。
To realize the pervasive resource sharing in the dynamic, heterogeneous, domain-crossing Grid environment, a series of security problems such as authentication, information confidentiality, access control, audit must be resolved. Building base on the internet, the Grid system has to face to every kinds of net hazard. In sight of perspective, a well-constructed, flexible, reliable and extendable security policy has great significance for Grid application and popularization.
Authentication is the first line of defence against the intrusion to the Grid system. While the general centralized certification management mode of distribute system is applied in Grid environment, there will have an efficiency bottleneck of certification authority and third-party institutions have to keep online all the time. The offline public key certificate based authentication policy for the Grid is proposed. The combined public key cryptographic theory is exercised in this policy, and the traditional methods about users' management and authentication of public key infrastructure are breached. The process of keys management is simplified, the efficiency is improved, and the expense of construct and maintenance is descended. Details of the enforcement for this authenticate policy in Grid applications are described. After the simulation in a laboratorial computational Grid environment and compare to traditional policies, the new policy is proved to be efficient and feasible.
Arming at problems about the possibility of resource exceeding or hostile usage, access control mechanism can limit the activity of Grid users in a valid scope. Using static authorization policy generally, traditional access control model can not be seasoned with the requirement of active authorization in Grid environment. Most general access control policies of distributed system will be faced with problems when applied in Grid system. A task based access model for computational Grid is proposed, and the basic concept definitions and access control algorithm are described. Involving the concept of roles, the model is extended to a task and role based access control model for computational Grid, and the security management task is simplified. According to recent achievement on access control theories, perspective of usage control model being enforced in Grid is analyzed, the primary aspect and the realization process of a context aware usage control model for Grid is described.
It can not be assure that every node joined in Grid system is a well-meaning entity in such a dynamic and distributed environment. The creditability and reliability of a Grid entity can be estimated according to it behavior in a period of time, the authority of the entity hence can be determined by that degrees. The importance of trust management to Grid system is analyzed. Since general trust management models are lacking of punishment to malicious recommendation, and lacking of encouragement for valid recommendation, a domain-crossing trust management model with recommendation feedback mechanism for Grid is proposed. The evaluation method on trust degree, trust value and recommendation feedback is introduced in detail. Grid simulative tools are used to emulate the model, and the trust degree and effect of recommend trust feedback is tested by those tools.
Audit is indispensable in a secure information system, and is an important method to preserve Grid security. The collection and analysis of audit logs from distributed Grid nodes must be well resolved on a base of internet. Inspired to the achievements in distributed artificial intelligence, a mobile agent based audit policy is addressed. The structure and the realization process are introduced. After comparing with general audit mechanism in laboratorial platforms, the policy is proved to be feasible and efficient.
The security policies of Grid are researched in depth on authentication, access control, trust management and audit. All the proposed policies can be involved to resolve the primary security problems in Grid environment in different way, and will have good promotion to the industrialization and commercialization of Grid technology.
身份鉴别是保护网格系统免遭敌手侵入的第一道防线。普通的分布式系统所采用的集中认证管理方式在网格环境下应用时将面临认证中心的效率瓶颈和保持第三方在线的问题。提出了基于离线公钥证书的网格身份鉴别策略,该策略运用组合公钥密码理论,突破了公钥基础设施的用户管理规模和鉴别方式,简化了密钥管理过程,提高了鉴别效率,降低了系统的建设和维护成本。描述了在网格应用中实施这种身份鉴别策略的过程,通过模拟实验和传统方式进行对比,说明了该策略的可行性和高效性。
针对可能出现的资源越权使用问题,访问控制机制可将网格用户的活动限制在合法的范围内。传统访问控制模型通常采用静态的授权策略,难以适应网格环境下的主动授权需要。常见的分布式系统访问控制策略在网格中应用时,也会出现一些实际问题。提出了基于任务的计算网格访问控制模型,给出了模型的基本定义和访问控制算法,并在此基础上引入角色概念,将该模型扩展为基于任务和角色的计算网格访问控制模型,使安全管理工作得到了简化。根据目前访问控制理论的最新发展情况,分析了使用控制模型在网格环境下的应用前景,描述了基于上下文感知的网格使用控制模型基本思路和实现方法。
在网格这样的动态环境中,无法保证加入网格的节点都是善意的实体,需要根据实体在一段时间内的行为判断其可信任、可依靠的程度,并根据这种程度确定实体的权限。分析了信任管理对网格系统的重要作用,针对目前一般网格信任模型对恶意推荐缺乏惩罚,对有效推荐缺乏奖励等问题,提出了一种带推荐反馈机制的网格域间信任模型,对模型相关的信任度、信誉值以及推荐反馈的计算给出了详细的说明。利用网格仿真软件对该模型进行了模拟,测试了网格域间信任度的预测情况和推荐信任反馈效果。
审计是信息系统安全机制不可缺少的一环,也是保障网格安全的重要手段。在网格环境中实施安全审计,需要解决分布在互联网上各个节点所产生的审计记录的收集和分析问题。针对网格动态和异构的特点,运用分布式人工智能领域的研究成果,提出了基于移动代理的网格安全审计策略,介绍了该策略的系统结构和实现过程,通过在实验平台下实施该策略并与普通审计策略进行对比,表明了基于移动代理的网格安全审计策略的可行性和高效性。
网格的安全问题在身份鉴别、访问控制、信任管理和安全审计四个方面得到了全面的分析和深入的研究。提出的各种安全策略,从不同层次和角度解决了网格环境下存在的主要安全问题,对网格技术的产业化发展和商业化应用具有较好的促进作用。
To realize the pervasive resource sharing in the dynamic, heterogeneous, domain-crossing Grid environment, a series of security problems such as authentication, information confidentiality, access control, audit must be resolved. Building base on the internet, the Grid system has to face to every kinds of net hazard. In sight of perspective, a well-constructed, flexible, reliable and extendable security policy has great significance for Grid application and popularization.
Authentication is the first line of defence against the intrusion to the Grid system. While the general centralized certification management mode of distribute system is applied in Grid environment, there will have an efficiency bottleneck of certification authority and third-party institutions have to keep online all the time. The offline public key certificate based authentication policy for the Grid is proposed. The combined public key cryptographic theory is exercised in this policy, and the traditional methods about users' management and authentication of public key infrastructure are breached. The process of keys management is simplified, the efficiency is improved, and the expense of construct and maintenance is descended. Details of the enforcement for this authenticate policy in Grid applications are described. After the simulation in a laboratorial computational Grid environment and compare to traditional policies, the new policy is proved to be efficient and feasible.
Arming at problems about the possibility of resource exceeding or hostile usage, access control mechanism can limit the activity of Grid users in a valid scope. Using static authorization policy generally, traditional access control model can not be seasoned with the requirement of active authorization in Grid environment. Most general access control policies of distributed system will be faced with problems when applied in Grid system. A task based access model for computational Grid is proposed, and the basic concept definitions and access control algorithm are described. Involving the concept of roles, the model is extended to a task and role based access control model for computational Grid, and the security management task is simplified. According to recent achievement on access control theories, perspective of usage control model being enforced in Grid is analyzed, the primary aspect and the realization process of a context aware usage control model for Grid is described.
It can not be assure that every node joined in Grid system is a well-meaning entity in such a dynamic and distributed environment. The creditability and reliability of a Grid entity can be estimated according to it behavior in a period of time, the authority of the entity hence can be determined by that degrees. The importance of trust management to Grid system is analyzed. Since general trust management models are lacking of punishment to malicious recommendation, and lacking of encouragement for valid recommendation, a domain-crossing trust management model with recommendation feedback mechanism for Grid is proposed. The evaluation method on trust degree, trust value and recommendation feedback is introduced in detail. Grid simulative tools are used to emulate the model, and the trust degree and effect of recommend trust feedback is tested by those tools.
Audit is indispensable in a secure information system, and is an important method to preserve Grid security. The collection and analysis of audit logs from distributed Grid nodes must be well resolved on a base of internet. Inspired to the achievements in distributed artificial intelligence, a mobile agent based audit policy is addressed. The structure and the realization process are introduced. After comparing with general audit mechanism in laboratorial platforms, the policy is proved to be feasible and efficient.
The security policies of Grid are researched in depth on authentication, access control, trust management and audit. All the proposed policies can be involved to resolve the primary security problems in Grid environment in different way, and will have good promotion to the industrialization and commercialization of Grid technology.
引文
[1] I. Foster. The grid: A new infrastructure for 21st century science. Physics Today, 2002, 55(2): 42~47
[2] I. Foster, C. Kesselman, S. Tuecke. The anatomy of the grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications, 2001, 15(3): 200~222
[3]都志辉,陈渝,刘鹏.网格计算.北京:清华大学出版社. 2002:3~7
[4] I. Foster, C. Kesselman. Globus: A metacomputing infrastructure toolkit. International Journal of Supercomputer Applications and High Performance Computing, 1997, 11(2):115~128
[5] F. Ruggieri. The DataGrid Project. International Journal of Modern Physics C, 2001, 12(4): 519~525
[6] P. Kunszt. European DataGrid project: Status and plans. Nuclear Instruments and Methods in Physics Research, 2003, 502(2): 376~381
[7] E. Leonardi. Status of the LCG Project. Nuclear Physics B, Proceedings Supplements, 2006, 150(1): 382~385
[8] W. Chou. Inside SSL: the secure sockets layer protocol. IT Professional, 2002, 4(4): 47~52
[9] I. Foster, C. Kesselman, G. Tsudik, et al. A security architecture for computational grids. Proceedings of the 5th ACM Conference on Computer and Communications Security. San Francisco, CA, USA. 1998. New York, NY: ACM Press, 1998. 83~92
[10] I. Foster, C. Kesselman. The Globus project: a status report. Future Generation Computer Systems, 1999, 15(5-6): 607~621
[11] I. Foster. Globus Toolkit Version 4:Software for Service-Oriented Systems(C). IFIP International Federation for Information Processing 2005, 2~13
[12] M. Upadhyay, S. Malkani. Generic Security Service API Version 2: Java Bindings Update. 2007. http://www.ietf.org/internet-drafts/draft-ietf-kitten-rfc2853bis-03.txt
[13] J. Novotny, S. Tuecke, V. Welch. An online credential repository for the Grid: MyProxy. Proceedings of the 10th IEEE International Symposium on HighPerformance Distributed Computing. San Francisco, CA. 2001:104~114
[14] S. Tuecke. Grid Security Infrastructure (GSI) Roadmap. 2001. Internet Draft: draft- gridforum-gsi-roadmap-02.txt
[15] L. Pearlman, V. Welch, I. Foster, et al. A community authorization service for group collaboration. Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks. Monterey, Los Alamitos, CA, USA. 2002:50~59
[16] M. Thompson, W. Johnston, S. Mudumbai, et al. Certificate-based access control for widely distributed resources. Proceedings of the Eighth USENIX Security Symposium. Washington, DC, USA. 1999:215~227
[17] M. R. Thompson, A. Essiari, S. Mudumbai. Certificate-based authorization policy in a PKI environment. ACM Transactions on Information and Systems Security, 2003, 6(4): 566~588
[18] M. Humphrey, M. R. Thompson. Security implications of typical Grid Computing usage scenarios. Proceedings of the IEEE International Symposium on High Performance Distributed Computing. San Francisco, CA, USA. 2001:95~103
[19] R. Alfieri, R. Cecchini, V. Ciaschini, et al. VOMS, an authorization system for virtual organizations. Proceedings of the First European Across Grids Conference on Grid Computing. Santiago de Compostela, Spain. 2004:33~40
[20] D. W. Chadwick, O. Alexander. The PERMIS X.509 role based privilege management infrastructure. Future Generation Computer Systems, 2003, 19(2): 277~289
[21] G. Lopez, O. Canovas, A. F. Gomez-Skarmeta, et al. A heterogeneous network access service based on PERMIS and SAML. Proceedings of the Second European PKI Workshop: Research and Applications, EuroPKI 2005:55~72
[22] A. Farag, M. Muthucumaru. Evolving and managing trust in grid computing systems. Proceedings of the 2002 IEEE Canadian Conference on Electrical and Computer Engineering. Winnipeg, Manitoba. 2002:1424~1429
[23] F. Azzedin, M. Maheswaran. Integrating trust into grid resource management systems. Proceedings of the 2002 International Conference on Parallel Processing. Vancouver, BC, Canada. 2002:47~54
[24] K. H. Wang, K. K. Yu, S. S. Song, et al. GridSec: Trusted Grid Computing with Security Binding and Self-defense Against Network Worms and DDoS Attacks. International Conference on Computational Science, 2005:187~195
[25] A. Selcuk, E. Uzun, M. R. Pariente. A reputation-based trust management system for P2P networks. Proceedings of the 2004 IEEE International Symposium on Cluster Computing and the Grid. Chicago, IL, USA. 2004:251~258
[26] T. Smith, L. Ramakrishnan. Joint Policy Management and Auditing in Virtual Organizations. Proceedings of the 4th International Workshop on Grid Computing. 2003.117~124
[27] B. W. Lampson. Protection. ACM Operating Systems Review, 1974(8):18~24
[28] M. H. Harrison, W. L. Ruzzo, J. D. Ullman. Protection in operating systems. Communications of the ACM, 1976, 19(8):461~471
[29] D. E. Denning. A lattice model of secure informationflow. Communications of the ACM,1976,19(5):236~243
[30] D. E. Bell, R. S. LaPadula. Secure Computer Systems: Unified Exposition and Multics Interpretation. MTR-2997 MITRE, 1975
[31]洪帆,余祥宣.一个用于授权传递的改进Bell-LaPadula模型.软件学报, 1996, 7(2): 100~103
[32] Department of Defense Trusted Computer System Evaluation Criteria. National Computer Security Center. DoD 5200. 28-STD, 1985
[33] D. Ferraiolo, J. Cugini, R. Kuhn. Role-based access control (RBAC): Features and motivations. Proceedings of 11th Annual Computer Security Application Conference. New Orleans, LA, 1995. Los Alamitos, CA, USA: IEEE Computer Society Press, 1995: 241~248
[34] R. Sandhu, D. Ferraiolo, R. Kuhn. NIST model for role-based access control: Towards a unified standard. Proceedings of the 5th ACM Workshop on Role-Based Access Control. Berlin, German. 2000. New York, NY: ACM Press, 2000. 47~63
[35] R. Sandhu, E. J. Coyne, H. L. Feinstein, et al. Role-based access control models. IEEE Computer, 1996, 29(2): 38~47
[36] A. Kini, J. Choobineh. Trust in Electronic Commerce:Definition and Theoretical Considerations. IEEE Computer Society, Washington, DC, USA,1998
[37] D. Gambetta. Trust: Making and Breaking Cooperative Relations. Basil Blackwell: Oxford Press, 1990:213~237
[38] S. Marsh. Trust in distributed artificial intelligence. Proceedings of the 4th European Workshop on Modelling Autonomous Agents in a Multi-Agent World. S.Martino al Cimino, Italy. 1994. Berlin, Germany: Springer-Verlag, 1994. 94~112
[39] Y. H. Chu, J. Feigenbaum, B. Lamacchia, et al. REFEREE: trust management for Web applications. Computer Networks and ISDN Systems. 1997, 29(8): 953~964
[40] M. Blaze, J. Feigenbaum, M. Strauss. Compliance checking in the PolicyMaker trust management system. Proceedings of the Second International Conference on Financial Cryptography. Anguilla, British West Indies. 1998. Berlin, Germany: Springer-Verlag, 1998. 254~274
[41] M. Blaze, J. Feigenbaum, J. Ioannidis, et al. The role of trust management in distributed systems security. Secure Internet programming, Security issues for mobile and distributed objects. Berlin, Germany: Springer-Verlag, 1999. 185~210
[42]徐锋,吕建. Web安全中的信任管理研究与进展.软件学报,2002,13(11): 2057~2064
[43] M. Blaze, J. Feigenbaum, J. Lacy. Decentralized trust management. Proceedings of the 1996 IEEE Symposium on Security and Privacy. Oakland, CA, USA. 1996. Los Alamitos, CA, USA: IEEE Comput. Soc, 1996. 164~173
[44] T. Beth, M. Borcherding, B. Klein. Valuation of trust in open networks. Proceedings of the third European Symposium on Research in Computer Security. Brighton, UK. 1994. Berlin, Germany: Springer-Verlag, 1994. 3~18
[45] A. J?sang. Trust-Based decision making for electronic transactions. Proceedings of the 4th Nordic Workshop on Secure Computer Systems. Kista: Stockholm University Press, 1999. 1~21
[46] F. Azzedin, M. Maheswaran. Towards trust-aware resource management in Grid computing systems. Proceedings of the 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid, CCGRID 2002. Berlin, Germany. 2002. Los Alamitos, CA, USA: IEEE Comput. Soc, 2002. 452~457
[47] R. Guha, P. Raghavan, R. Kumar, et al. Propagation of trust and distrust. Proceedings of the 17th International World Wide Web Conference. New York, NY, United States. 2004. New York, NY: ACM Press, 2004. 403~412
[48]张骞,张霞,文学志. Peer-to-Peer环境下多粒度Trust模型构造.软件学报, 2006, 17(1): 96~107
[49]王成飞,孙富春.网格环境中基于行为的分层实体自主信任模型.计算机工程与应用, 2007,43(16):135~139
[50] H. Nwana, D. Ndumu. An Introduction to Agent Technology. BT Technology Journal,1996,14(4):55~67.
[51] H. B. Newman, I. C. Legrand. A Distributed Agent-based Architecture for Dynamic Services. International Conference on Computing in High Energy and Nuclear Physics. 2001.672~675
[52] P. Jordi, M. Miquel, L. Beatriz, et al. Collaboration analysis in recommender systems using social networks. Proceedings of the 8th International Workshop on Cooperative Information Agents. Erfurt, Germany. 2004. Berlin, Germany: Springer-Verlag, 2004. 137~151
[53] K. M. Kavi, M. Aborizka, D. Kung. A framework for designing, modeling and analyzing agent based software systems. Proceedings of the 5th International Conference on Algorithms and Architectures for Parallel Processing. Beijing, China. 2002. Los Alamitos, CA, USA: IEEE Comput. Soc, 2002. 196~200
[54]张云勇.移动Agent技术.北京:清华大学出版社, 2003.
[55] W. A. Jansen. Countermeasures for mobile agent security. Computer Communications, 2000, 23(17): 1667~76
[56]肖政宏,胡忠望,尹浩.基于移动Agent的网格跨域安全审计体系结构及实现.计算机科学,2006,33(6):97~100
[57] I. Foster. Internet Computing and the Emerging Grid. Nature Web Matters, 2000. http://www.nature.com/nature/webmatters/grid/grid.html
[58] I. Foster, C. Kesselman, J. M. Nick, S. Tuecke. The physiology of the grid: An open grid services architecture for distributed systems integration. 2002. http://www.gridforum.org /ogsi-wg/drafts/ogsa_draft2.9_2002-06-22.pdf
[59] A. Vahdat, T. Anderson, M. Dahlin, et al. WebOS: operating system services for wide area applications. Proceedings of the Seventh International Symposium on High Performance Distributed Computing. Chicago, IL, USA. 1998:52~63
[60]徐志伟,李伟.织女星网格的体系结构研究.计算机研究与发展, 2002, 39(8): 923~929
[61]刘洁,郑丽萍,郭韦钰,等.中国织女星知识网格研究进展.计算机研究与发展, 2003, 40(12): 1672~1676
[62] W. Stallings. Network Security Essentials: Application and Standards. Prentice Hall, 2002
[63] A. O. Freier, P. Kariton, P. C. Kocher. The SSL protocol: Version 3.0. Transport Layer Security Working Group, Internet Draft, 1996. http://wp.netscape.com/eng/ssl3/draft302.txt
[64] Security in a Web Services World: A Proposed Architecture and Roadmap. A joint writepaper from IBM Corporation and Mircrosoft Corporation, 2002. http://download. boulder.ibm.com/ibmdl/pub/software/dw/library/ws-secmap.pdf
[65] S. Anderson, J. Bohren, T. Boubez, et al. Web Services Secure Conversation Language (WS-SecureConversation), 2005.http://www.ibm.com/developerworks/library /specification/ws-secon/
[66] M. Gudgin, P. Hallam-Baker, H. Granqvist, et al. Web Services Security Policy Language(WS-SecurityPolicy), 2005. http://www.ibm.com/developerworks/library/specif- ication/ws-secpol/
[67] S. Anderson, J. Bohren, T. Boubez, et al. Web Services Trust Language (WS-Trust), 2005. http://www.ibm.com/developerworks/library/specification/ws-trust/
[68] H. Lockhart, S. Anderson, J. Bohren, et al. Web Services Federation Language (WS-Federation), 2006. http://www.ibm.com/developerworks/library/specification/ws-fed/
[69] B. Lautenbach. Introduction to XML encryption and XML signature. Information Security Technical Report, 2004, 9(3): 6~18
[70] K. Miyauchi. XML Signature/Encryption - the Basis of Web Services Security. NEC Journal of Advanced Technology, 2005, 2(1): 35~39
[71] L. Zhu, K. Jaganathan, S. Hartman, The Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2, RFC 4121, July 2005
[72] R. Housley. Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC2459, January 2000
[73] F. Gagliardi. The EGEE European grid infrastructure project. Proceedings of the 6th International Conference on High Performance Computing for Computational Science, VECPAR 2004. Valencia, Spain. 2004. Berlin, Germany: Springer-Verlag, 2004. 194~203
[74] P. Gutmann. PKI: it’s not dead, just resting [J]. IEEE Computer, 2002, 35(8):41~49.
[75] A. Shamir. Identity-Based crypto systems and signature schemes. Advances in Cryptology CRYPTO'84. Berlin, Heidelberg, Springer-Verlag, 1984:47~53
[76] D. Boneh, M. Franklin. Identity-Based encryption from the Weil pairing.Advances in Cryptology CRYPTO'2001. Berlin, Heidelberg: Springer-Verlag, 2001:213~229
[77]南湘浩. CPK标识认证.北京:国防工业出版社, 2006:47~56
[78] J. Jiang, D. Chen, et al. A security grid portal using PKI and online proxy certificate repository. The first international multi-symposiums on computer and computational sciences(IMSCCS 2006), Proceedings, 2006(2):93-96
[79] J. Basney, M. Humphrey, V. Welch. The MyProxy online credential repository. Software pract exper 2005, 35(9): 801-816
[80] A. Kapadia, J. Al-Muhtadi, R. Campbell, et al. The A-IRBAC2000 Model: Administrative Interoperable Role-Base Access Control. ACM Transactions on Informatin and Systems Security, 2001, 3(2): 173~182
[81]廖俊国,洪帆,朱贤,肖海军.多域间动态角色转换的职责分离.计算机研究与发展,2006,43(6):1065~1070
[82]段素娟,洪帆,骆婷.多域应用安全互操作的授权模型.华中科技大学学报(自然科学版), 2003,11
[83] E. Cohen, R. Thomas, W. Winsborough, et al. Models for coalition-based access control (CBAC). Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT). ACM Press, 2002. 97~106
[84] H. Jin. Grid Computing and China Grid project. Proceedings of the 2005 International Conference on Parallel Processing Workshops. Oslo, Norway, USA. 2005. Los Alamitos, CA, USA: IEEE Comput. Soc, 2005. 81~83
[85] R. K. Thomas, R. Sandhu. Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. Proceedings of the 11th IFIP WG11.3 on Database Security, Vancouver, Canada, 1997:166~181
[86]邓集波,洪帆.基于任务的访问控制模型.软件学报, 2003, 14(1): 76~82
[87] J. Park, R. Sandhu. The UCONABC Usage Control Model. ACM Transactions on Information and Systems Security,2004,7(1):128~174.
[88] M. Strembeck, G. Neumann. An integrated approach to engineer and enforce context constraints in RBAC environments. ACM Transactions on Information and Systems Security, 2004, 7(3): 392~427
[89] B. Patrick, M. G. Kouadri. Context-based security policies: A new modeling approach. Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications. Orlando, FL, United States. 2004. Los Alamitos,CA, USA: IEEE Comput. Soc, 2004. 154~158
[90] M. G.. Kouadri, B. Patrick. A generic framework for context-based distributed authorizations. Proceedings of the 4th International and Interdisciplinary Conference CONTEXT 2003. Stanford, CA, United States. 2003. Berlin, Germany: Springer-Verlag, 2003. 204~217
[91] B. Patrick. On context in authorization policy. Proceedings of ACM Symposium on Access Control Models and Technologies.Villa Gallia, Como, Italy. 2003. New York, NY: ACM Press, 2003. 80~89
[92] A. Kumar, N. Karnik, G. Chafle. Context sensitivity in role-based access control. Operating Systems Review, 2002, 36(3): 53~66
[93] J. Bacon, M. Lloyd, K. Moody. Translating role-based access control policy within context. Proceedings of the International Workshop on Policies for Distributed Systems and Networks, POLICY 2001. Bristol, UK. 2001. Berlin, Germany: Springer-Verlag, 2001. 107~119
[94] G. Zhang, M. Parashar. Dynamic Context-aware Access Control for Grid Applications, In: Proc. of the 4th International Workshop on Grid Computing (Grid2003). 101~108
[95] The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation. ISO/IEC 15408:1999(E),1999
[96] T. Rooker. The Reference monitor: an idea whose time has come. Proceedings. 1993 ACM SIGSAC New Security Paradigms Workshop
[97] The International Organization for Standardization. Security frameworks for open systems: Access control framework. ISO/IEC 10181-3:1996,1996
[98] The International Organization for Standardization. Basic Reference Mode: Security Architecturel . ISO 7498-2:1989,1989
[99] R. Buyya, M. Murshed. GridSim: a toolkit for the modeling and simulation of distributed resource management and scheduling for Grid computing. Concurrency and Computation Practice & Experience, 2002, 14(13-15):1175~1220
[99] N. B. Baharin, K. Md-Din, N. Z. Jamaludin, et al. Third Party Security Audit Procedure for Network Environment. Proceedings of 4th National Conference on Telecommunication Technology. 2003. 26~30
[101] S. Martin, P. Lane, I. Foster. TeraGrid’s GRAM Auditing & Accounting, & its Integration with the LEAD Science Gateway. TERAGRID 2007 CONFERENCE,MADISON, WI
[102] W. D. Zhang, D. D. Vecchio, et al. Flexible and Secure Logging of Grid Data Access. 7th IEEE/ACM International Conference on Grid Computing. Sept. 2006.80~87
[103]林毋梦,李廉.一种采用Chord协议的网格日志系统.华中科技大学学报(自然科学版), 2006, 9(34):79~82
[104] Y. C. Huang, Y. Chen, et al. Research On Network Secure Auditing System Using Distributed Agents. Proceedings of IEEE TECCON’02 ,2002. 391~395
[2] I. Foster, C. Kesselman, S. Tuecke. The anatomy of the grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications, 2001, 15(3): 200~222
[3]都志辉,陈渝,刘鹏.网格计算.北京:清华大学出版社. 2002:3~7
[4] I. Foster, C. Kesselman. Globus: A metacomputing infrastructure toolkit. International Journal of Supercomputer Applications and High Performance Computing, 1997, 11(2):115~128
[5] F. Ruggieri. The DataGrid Project. International Journal of Modern Physics C, 2001, 12(4): 519~525
[6] P. Kunszt. European DataGrid project: Status and plans. Nuclear Instruments and Methods in Physics Research, 2003, 502(2): 376~381
[7] E. Leonardi. Status of the LCG Project. Nuclear Physics B, Proceedings Supplements, 2006, 150(1): 382~385
[8] W. Chou. Inside SSL: the secure sockets layer protocol. IT Professional, 2002, 4(4): 47~52
[9] I. Foster, C. Kesselman, G. Tsudik, et al. A security architecture for computational grids. Proceedings of the 5th ACM Conference on Computer and Communications Security. San Francisco, CA, USA. 1998. New York, NY: ACM Press, 1998. 83~92
[10] I. Foster, C. Kesselman. The Globus project: a status report. Future Generation Computer Systems, 1999, 15(5-6): 607~621
[11] I. Foster. Globus Toolkit Version 4:Software for Service-Oriented Systems(C). IFIP International Federation for Information Processing 2005, 2~13
[12] M. Upadhyay, S. Malkani. Generic Security Service API Version 2: Java Bindings Update. 2007. http://www.ietf.org/internet-drafts/draft-ietf-kitten-rfc2853bis-03.txt
[13] J. Novotny, S. Tuecke, V. Welch. An online credential repository for the Grid: MyProxy. Proceedings of the 10th IEEE International Symposium on HighPerformance Distributed Computing. San Francisco, CA. 2001:104~114
[14] S. Tuecke. Grid Security Infrastructure (GSI) Roadmap. 2001. Internet Draft: draft- gridforum-gsi-roadmap-02.txt
[15] L. Pearlman, V. Welch, I. Foster, et al. A community authorization service for group collaboration. Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks. Monterey, Los Alamitos, CA, USA. 2002:50~59
[16] M. Thompson, W. Johnston, S. Mudumbai, et al. Certificate-based access control for widely distributed resources. Proceedings of the Eighth USENIX Security Symposium. Washington, DC, USA. 1999:215~227
[17] M. R. Thompson, A. Essiari, S. Mudumbai. Certificate-based authorization policy in a PKI environment. ACM Transactions on Information and Systems Security, 2003, 6(4): 566~588
[18] M. Humphrey, M. R. Thompson. Security implications of typical Grid Computing usage scenarios. Proceedings of the IEEE International Symposium on High Performance Distributed Computing. San Francisco, CA, USA. 2001:95~103
[19] R. Alfieri, R. Cecchini, V. Ciaschini, et al. VOMS, an authorization system for virtual organizations. Proceedings of the First European Across Grids Conference on Grid Computing. Santiago de Compostela, Spain. 2004:33~40
[20] D. W. Chadwick, O. Alexander. The PERMIS X.509 role based privilege management infrastructure. Future Generation Computer Systems, 2003, 19(2): 277~289
[21] G. Lopez, O. Canovas, A. F. Gomez-Skarmeta, et al. A heterogeneous network access service based on PERMIS and SAML. Proceedings of the Second European PKI Workshop: Research and Applications, EuroPKI 2005:55~72
[22] A. Farag, M. Muthucumaru. Evolving and managing trust in grid computing systems. Proceedings of the 2002 IEEE Canadian Conference on Electrical and Computer Engineering. Winnipeg, Manitoba. 2002:1424~1429
[23] F. Azzedin, M. Maheswaran. Integrating trust into grid resource management systems. Proceedings of the 2002 International Conference on Parallel Processing. Vancouver, BC, Canada. 2002:47~54
[24] K. H. Wang, K. K. Yu, S. S. Song, et al. GridSec: Trusted Grid Computing with Security Binding and Self-defense Against Network Worms and DDoS Attacks. International Conference on Computational Science, 2005:187~195
[25] A. Selcuk, E. Uzun, M. R. Pariente. A reputation-based trust management system for P2P networks. Proceedings of the 2004 IEEE International Symposium on Cluster Computing and the Grid. Chicago, IL, USA. 2004:251~258
[26] T. Smith, L. Ramakrishnan. Joint Policy Management and Auditing in Virtual Organizations. Proceedings of the 4th International Workshop on Grid Computing. 2003.117~124
[27] B. W. Lampson. Protection. ACM Operating Systems Review, 1974(8):18~24
[28] M. H. Harrison, W. L. Ruzzo, J. D. Ullman. Protection in operating systems. Communications of the ACM, 1976, 19(8):461~471
[29] D. E. Denning. A lattice model of secure informationflow. Communications of the ACM,1976,19(5):236~243
[30] D. E. Bell, R. S. LaPadula. Secure Computer Systems: Unified Exposition and Multics Interpretation. MTR-2997 MITRE, 1975
[31]洪帆,余祥宣.一个用于授权传递的改进Bell-LaPadula模型.软件学报, 1996, 7(2): 100~103
[32] Department of Defense Trusted Computer System Evaluation Criteria. National Computer Security Center. DoD 5200. 28-STD, 1985
[33] D. Ferraiolo, J. Cugini, R. Kuhn. Role-based access control (RBAC): Features and motivations. Proceedings of 11th Annual Computer Security Application Conference. New Orleans, LA, 1995. Los Alamitos, CA, USA: IEEE Computer Society Press, 1995: 241~248
[34] R. Sandhu, D. Ferraiolo, R. Kuhn. NIST model for role-based access control: Towards a unified standard. Proceedings of the 5th ACM Workshop on Role-Based Access Control. Berlin, German. 2000. New York, NY: ACM Press, 2000. 47~63
[35] R. Sandhu, E. J. Coyne, H. L. Feinstein, et al. Role-based access control models. IEEE Computer, 1996, 29(2): 38~47
[36] A. Kini, J. Choobineh. Trust in Electronic Commerce:Definition and Theoretical Considerations. IEEE Computer Society, Washington, DC, USA,1998
[37] D. Gambetta. Trust: Making and Breaking Cooperative Relations. Basil Blackwell: Oxford Press, 1990:213~237
[38] S. Marsh. Trust in distributed artificial intelligence. Proceedings of the 4th European Workshop on Modelling Autonomous Agents in a Multi-Agent World. S.Martino al Cimino, Italy. 1994. Berlin, Germany: Springer-Verlag, 1994. 94~112
[39] Y. H. Chu, J. Feigenbaum, B. Lamacchia, et al. REFEREE: trust management for Web applications. Computer Networks and ISDN Systems. 1997, 29(8): 953~964
[40] M. Blaze, J. Feigenbaum, M. Strauss. Compliance checking in the PolicyMaker trust management system. Proceedings of the Second International Conference on Financial Cryptography. Anguilla, British West Indies. 1998. Berlin, Germany: Springer-Verlag, 1998. 254~274
[41] M. Blaze, J. Feigenbaum, J. Ioannidis, et al. The role of trust management in distributed systems security. Secure Internet programming, Security issues for mobile and distributed objects. Berlin, Germany: Springer-Verlag, 1999. 185~210
[42]徐锋,吕建. Web安全中的信任管理研究与进展.软件学报,2002,13(11): 2057~2064
[43] M. Blaze, J. Feigenbaum, J. Lacy. Decentralized trust management. Proceedings of the 1996 IEEE Symposium on Security and Privacy. Oakland, CA, USA. 1996. Los Alamitos, CA, USA: IEEE Comput. Soc, 1996. 164~173
[44] T. Beth, M. Borcherding, B. Klein. Valuation of trust in open networks. Proceedings of the third European Symposium on Research in Computer Security. Brighton, UK. 1994. Berlin, Germany: Springer-Verlag, 1994. 3~18
[45] A. J?sang. Trust-Based decision making for electronic transactions. Proceedings of the 4th Nordic Workshop on Secure Computer Systems. Kista: Stockholm University Press, 1999. 1~21
[46] F. Azzedin, M. Maheswaran. Towards trust-aware resource management in Grid computing systems. Proceedings of the 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid, CCGRID 2002. Berlin, Germany. 2002. Los Alamitos, CA, USA: IEEE Comput. Soc, 2002. 452~457
[47] R. Guha, P. Raghavan, R. Kumar, et al. Propagation of trust and distrust. Proceedings of the 17th International World Wide Web Conference. New York, NY, United States. 2004. New York, NY: ACM Press, 2004. 403~412
[48]张骞,张霞,文学志. Peer-to-Peer环境下多粒度Trust模型构造.软件学报, 2006, 17(1): 96~107
[49]王成飞,孙富春.网格环境中基于行为的分层实体自主信任模型.计算机工程与应用, 2007,43(16):135~139
[50] H. Nwana, D. Ndumu. An Introduction to Agent Technology. BT Technology Journal,1996,14(4):55~67.
[51] H. B. Newman, I. C. Legrand. A Distributed Agent-based Architecture for Dynamic Services. International Conference on Computing in High Energy and Nuclear Physics. 2001.672~675
[52] P. Jordi, M. Miquel, L. Beatriz, et al. Collaboration analysis in recommender systems using social networks. Proceedings of the 8th International Workshop on Cooperative Information Agents. Erfurt, Germany. 2004. Berlin, Germany: Springer-Verlag, 2004. 137~151
[53] K. M. Kavi, M. Aborizka, D. Kung. A framework for designing, modeling and analyzing agent based software systems. Proceedings of the 5th International Conference on Algorithms and Architectures for Parallel Processing. Beijing, China. 2002. Los Alamitos, CA, USA: IEEE Comput. Soc, 2002. 196~200
[54]张云勇.移动Agent技术.北京:清华大学出版社, 2003.
[55] W. A. Jansen. Countermeasures for mobile agent security. Computer Communications, 2000, 23(17): 1667~76
[56]肖政宏,胡忠望,尹浩.基于移动Agent的网格跨域安全审计体系结构及实现.计算机科学,2006,33(6):97~100
[57] I. Foster. Internet Computing and the Emerging Grid. Nature Web Matters, 2000. http://www.nature.com/nature/webmatters/grid/grid.html
[58] I. Foster, C. Kesselman, J. M. Nick, S. Tuecke. The physiology of the grid: An open grid services architecture for distributed systems integration. 2002. http://www.gridforum.org /ogsi-wg/drafts/ogsa_draft2.9_2002-06-22.pdf
[59] A. Vahdat, T. Anderson, M. Dahlin, et al. WebOS: operating system services for wide area applications. Proceedings of the Seventh International Symposium on High Performance Distributed Computing. Chicago, IL, USA. 1998:52~63
[60]徐志伟,李伟.织女星网格的体系结构研究.计算机研究与发展, 2002, 39(8): 923~929
[61]刘洁,郑丽萍,郭韦钰,等.中国织女星知识网格研究进展.计算机研究与发展, 2003, 40(12): 1672~1676
[62] W. Stallings. Network Security Essentials: Application and Standards. Prentice Hall, 2002
[63] A. O. Freier, P. Kariton, P. C. Kocher. The SSL protocol: Version 3.0. Transport Layer Security Working Group, Internet Draft, 1996. http://wp.netscape.com/eng/ssl3/draft302.txt
[64] Security in a Web Services World: A Proposed Architecture and Roadmap. A joint writepaper from IBM Corporation and Mircrosoft Corporation, 2002. http://download. boulder.ibm.com/ibmdl/pub/software/dw/library/ws-secmap.pdf
[65] S. Anderson, J. Bohren, T. Boubez, et al. Web Services Secure Conversation Language (WS-SecureConversation), 2005.http://www.ibm.com/developerworks/library /specification/ws-secon/
[66] M. Gudgin, P. Hallam-Baker, H. Granqvist, et al. Web Services Security Policy Language(WS-SecurityPolicy), 2005. http://www.ibm.com/developerworks/library/specif- ication/ws-secpol/
[67] S. Anderson, J. Bohren, T. Boubez, et al. Web Services Trust Language (WS-Trust), 2005. http://www.ibm.com/developerworks/library/specification/ws-trust/
[68] H. Lockhart, S. Anderson, J. Bohren, et al. Web Services Federation Language (WS-Federation), 2006. http://www.ibm.com/developerworks/library/specification/ws-fed/
[69] B. Lautenbach. Introduction to XML encryption and XML signature. Information Security Technical Report, 2004, 9(3): 6~18
[70] K. Miyauchi. XML Signature/Encryption - the Basis of Web Services Security. NEC Journal of Advanced Technology, 2005, 2(1): 35~39
[71] L. Zhu, K. Jaganathan, S. Hartman, The Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2, RFC 4121, July 2005
[72] R. Housley. Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC2459, January 2000
[73] F. Gagliardi. The EGEE European grid infrastructure project. Proceedings of the 6th International Conference on High Performance Computing for Computational Science, VECPAR 2004. Valencia, Spain. 2004. Berlin, Germany: Springer-Verlag, 2004. 194~203
[74] P. Gutmann. PKI: it’s not dead, just resting [J]. IEEE Computer, 2002, 35(8):41~49.
[75] A. Shamir. Identity-Based crypto systems and signature schemes. Advances in Cryptology CRYPTO'84. Berlin, Heidelberg, Springer-Verlag, 1984:47~53
[76] D. Boneh, M. Franklin. Identity-Based encryption from the Weil pairing.Advances in Cryptology CRYPTO'2001. Berlin, Heidelberg: Springer-Verlag, 2001:213~229
[77]南湘浩. CPK标识认证.北京:国防工业出版社, 2006:47~56
[78] J. Jiang, D. Chen, et al. A security grid portal using PKI and online proxy certificate repository. The first international multi-symposiums on computer and computational sciences(IMSCCS 2006), Proceedings, 2006(2):93-96
[79] J. Basney, M. Humphrey, V. Welch. The MyProxy online credential repository. Software pract exper 2005, 35(9): 801-816
[80] A. Kapadia, J. Al-Muhtadi, R. Campbell, et al. The A-IRBAC2000 Model: Administrative Interoperable Role-Base Access Control. ACM Transactions on Informatin and Systems Security, 2001, 3(2): 173~182
[81]廖俊国,洪帆,朱贤,肖海军.多域间动态角色转换的职责分离.计算机研究与发展,2006,43(6):1065~1070
[82]段素娟,洪帆,骆婷.多域应用安全互操作的授权模型.华中科技大学学报(自然科学版), 2003,11
[83] E. Cohen, R. Thomas, W. Winsborough, et al. Models for coalition-based access control (CBAC). Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT). ACM Press, 2002. 97~106
[84] H. Jin. Grid Computing and China Grid project. Proceedings of the 2005 International Conference on Parallel Processing Workshops. Oslo, Norway, USA. 2005. Los Alamitos, CA, USA: IEEE Comput. Soc, 2005. 81~83
[85] R. K. Thomas, R. Sandhu. Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. Proceedings of the 11th IFIP WG11.3 on Database Security, Vancouver, Canada, 1997:166~181
[86]邓集波,洪帆.基于任务的访问控制模型.软件学报, 2003, 14(1): 76~82
[87] J. Park, R. Sandhu. The UCONABC Usage Control Model. ACM Transactions on Information and Systems Security,2004,7(1):128~174.
[88] M. Strembeck, G. Neumann. An integrated approach to engineer and enforce context constraints in RBAC environments. ACM Transactions on Information and Systems Security, 2004, 7(3): 392~427
[89] B. Patrick, M. G. Kouadri. Context-based security policies: A new modeling approach. Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications. Orlando, FL, United States. 2004. Los Alamitos,CA, USA: IEEE Comput. Soc, 2004. 154~158
[90] M. G.. Kouadri, B. Patrick. A generic framework for context-based distributed authorizations. Proceedings of the 4th International and Interdisciplinary Conference CONTEXT 2003. Stanford, CA, United States. 2003. Berlin, Germany: Springer-Verlag, 2003. 204~217
[91] B. Patrick. On context in authorization policy. Proceedings of ACM Symposium on Access Control Models and Technologies.Villa Gallia, Como, Italy. 2003. New York, NY: ACM Press, 2003. 80~89
[92] A. Kumar, N. Karnik, G. Chafle. Context sensitivity in role-based access control. Operating Systems Review, 2002, 36(3): 53~66
[93] J. Bacon, M. Lloyd, K. Moody. Translating role-based access control policy within context. Proceedings of the International Workshop on Policies for Distributed Systems and Networks, POLICY 2001. Bristol, UK. 2001. Berlin, Germany: Springer-Verlag, 2001. 107~119
[94] G. Zhang, M. Parashar. Dynamic Context-aware Access Control for Grid Applications, In: Proc. of the 4th International Workshop on Grid Computing (Grid2003). 101~108
[95] The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation. ISO/IEC 15408:1999(E),1999
[96] T. Rooker. The Reference monitor: an idea whose time has come. Proceedings. 1993 ACM SIGSAC New Security Paradigms Workshop
[97] The International Organization for Standardization. Security frameworks for open systems: Access control framework. ISO/IEC 10181-3:1996,1996
[98] The International Organization for Standardization. Basic Reference Mode: Security Architecturel . ISO 7498-2:1989,1989
[99] R. Buyya, M. Murshed. GridSim: a toolkit for the modeling and simulation of distributed resource management and scheduling for Grid computing. Concurrency and Computation Practice & Experience, 2002, 14(13-15):1175~1220
[99] N. B. Baharin, K. Md-Din, N. Z. Jamaludin, et al. Third Party Security Audit Procedure for Network Environment. Proceedings of 4th National Conference on Telecommunication Technology. 2003. 26~30
[101] S. Martin, P. Lane, I. Foster. TeraGrid’s GRAM Auditing & Accounting, & its Integration with the LEAD Science Gateway. TERAGRID 2007 CONFERENCE,MADISON, WI
[102] W. D. Zhang, D. D. Vecchio, et al. Flexible and Secure Logging of Grid Data Access. 7th IEEE/ACM International Conference on Grid Computing. Sept. 2006.80~87
[103]林毋梦,李廉.一种采用Chord协议的网格日志系统.华中科技大学学报(自然科学版), 2006, 9(34):79~82
[104] Y. C. Huang, Y. Chen, et al. Research On Network Secure Auditing System Using Distributed Agents. Proceedings of IEEE TECCON’02 ,2002. 391~395