分布式联动系统中的多级委托策略研究  

Research on Multilevel Delegation Policy in Distributed Response System

在线阅读下载全文

作  者:朱丽娜[1,2] 孙潮义[2] 张焕[2] 

机构地区:[1]哈尔滨工程大学计算机科学与技术学院,哈尔滨150001 [2]武汉数字工程研究所,武汉430074

出  处:《计算机科学》2009年第6期85-88,共4页Computer Science

基  金:国防"十一五"预研计划(No.C0820061362-06;No.A1420080183);国家"863"高新技术计划信息安全主题(No.2007AA01Z464);船舶工业国防科技预研基金项目(No.08J3.7.8)资助

摘  要:目前已有的集中式安全联动防御机制对大规模复杂攻击很难做到协同防范,且容易造成单点服务失效等问题。针对上述不足,在分布式体系结构的基础上提出了一种包含安全联动策略(SRP)和委托管理策略(DAP)的多级委托机制,该机制由联动权限的动态委托和可信委托链的构造方法组成。用XACML Admin规范语言描述了上述两种策略,用形式化的方法描述了委托链的结构组成和委托过程,给出了委托联动算法的伪代码实现。构造可信委托链不仅实现了协同安全联动防御,而且在一定程度上克服了单点失效等问题。提出的安全策略多级委托机制将为构建动态的、分布式的、协作的网络安全防护系统奠定良好的理论基础。Centralized Security Response System has many shortcomings, such as local response, single service invalidation, lack of cooperative response to large-scale complex attack, etc. In order to enhance the robustness of response system and realize cooperation, based on distributed architecture, this paper introduced multilevel delegation mechanism to response policy:Security Response Policy (SRP) and Delegation Administration Policy (DAP). This mechanism was composed of dynamic delegation of response privilege and construction of credible delegation chain. SRP and DAP were described by XACML Admin criterion language; the structure of delegation chain and the process of delegation were described in formal method; the delegation response algorithm was presented in pseudocode. Constructing credible delegation chain did not only realize cooperation response, but also solved single point invalidation, etc. Multilevel delegation mechanism will establish favorable theory base for constructing dynamic distributed cooperative network security defense system.

关 键 词:分布式联动 联动代理 委托 XACML ADMIN 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象