检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]沈阳航空航天大学计算机学院,沈阳110136
出 处:《计算机应用》2013年第1期160-162,170,共4页journal of Computer Applications
摘 要:公钥基础设施(PKI)系统中,认证机构(CA)签名不易伪造,对基于证书撤销列表(CRL)的证书撤销系统的入侵通常是破坏系统的可用性和数据的完整性,针对这一特点,设计了入侵容忍CRL服务系统。系统利用冗余的多台服务器存储CRL,在进行多机之间的数据复制和使用时,采取随机选择主服务器的被动复制算法及选择最近更新的CRL简单表决算法。在实验给定的入侵攻击条件下,入侵容忍的CRL系统比无容忍系统的证书撤销查询正确率提高了近20%,但也增加了系统的开销。实验结果表明,适当地增加CRL服务器的数量能够提高证书撤销查询的正确率且控制系统的开销。In Public Key Infrastructure (PKI) systems, the Certificate Authority (CA) signature is not easy to forge, thus, intrusions to these certificate revocation systems which are based on Certificate Revocation List (CRL) usually aim at destroying system usability and data integration. Concerning this intrusion feature, an intrusion tolerance CRL service system was designed in this paper. Within the system, CRL was stored on multiple redundant servers. In order to copy and use data among these servers, a passive replication algorithm of randomly selecting main server and a simple vote algorithm of selecting the most recent updated CRL were proposed. Under the given experiment intrusion conditions, although system expenses were increased, the query accuracy of certificate revocation of a system that tolerated intrusions was about 20% higher than that of a system that did not. The experimental results show that adding more servers properly increases the query accuracy of certificate revocation and controls the system expenses.
关 键 词:入侵容忍 证书撤销列表 复制 表决 Over-Issued
分 类 号:TP393.083[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7