淡江大學機構典藏:Item 987654321/74735
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 60868/93647 (65%)
造访人次 : 1114558      在线人数 : 29
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻

    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/74735

    题名: 自動信任協商中政策指定和協商策略之研究
    其它题名: Research on policy assignments and negotiation strategies in automated trust negotiation
    作者: 倪明裕;Ni, Ming-Yu
    贡献者: 淡江大學電機工程學系碩士班
    关键词: 自動信任協商;存取控制政策;協商策略;Automated Trust Negotiation;Access Control Policy;Negotiation Strategy
    日期: 2011
    上传时间: 2011-12-28 19:24:03 (UTC+8)
    摘要: 自動信任協商(Automated Trust Negotiation)被提出以用於分散式系統架構之下進行存取控制以及認證之問題,其中心訴求是為了實現在多個虛擬組織之間的資源共享和協同運算,需要透過一種快速、有效的機制替數目龐大、動態分散的個體或組織之間建立信任關係,而服務之間的信任關係常常是動態建立、調整,需要依靠協商方式達成協同或資源共享的目的,並能維護服務的自制性、隱私性等安全需要。通訊雙方於協商過程中會透過指定的存取控制政策(Access Control Policy)來互相描述對方必須滿足的特徵,特徵通常是由憑據(Credential)構成,透過一連串的互相描述以及滿足,最後建立信任關係。
    Automated trust negotiation is proposed to be used under the framework of distributed systems for the issues of access control and authentication. The most important demand is to achieve more resource sharing and collaborative computing between many virtual organizations. In order to implement the requirement, we need a fast and effective mechanism for the large number of dynamically distributed individuals or organizations to establish trust; in addition, the trust relationship between many network services often dynamically establish and adjust, so we need to rely on negotiation to achieve the purpose of collaboration or resource sharing and also can make maintenance of self-control, privacy and other security issues. Communicating parties in the negotiation process describe each other''s characteristics that should be satisfied through the specified access control policies, and the characteristics usually consist of credentials. Via a series of descriptions and fulfillments, finally the two parties establish a mutual trust relationship.

    So far, the research of automated trust negotiation interests include infrastructure, access control policy and credentials, negotiation strategies, negotiation protocol, negotiation systems…etc., this article focuses on the research about the assignments of access control policies and the processes of negotiation strategies in the trust negotiation. Access control policies are assigned to regulate credentials that should be satisfied while accessing protected resources; however, in order to avoid that the policy consistency checking mechanism is too complex in the cross-region, it is necessary to make reasonable constraints for policy assignments. Nevertheless, it cannot really concretely assign policies for all the resources only through setting up the policy requirements and representing the policy format, and authority should be also considered in policy assignments. To make the automated trust negotiation be more specific implementation, this paper proposed proprietary and concrete policy assignments and implement them with the concept "classification authority".

    On the other hand, in order to make the process of establishing trust rationalization, a specific negotiation strategy will be proposed. In the past, a variety of proposed negotiation strategies had their own demands, but there are still several flaws for the design of the operation. For example, the Eager strategy, it has high efficiency, but the reason that it has disclosed irrelevant credentials in the handshake mechanism results in a poor security; the PRUNES, it has high security defense, but it makes low negotiation efficiency based on the concept of backtracking. In this paper, we retain the advantages of each of the negotiation strategy and try to integrate a hybrid negotiation strategy. Based on Parsimonious strategy, we have made a binding using the features of Eager and PRUNES strategies; in addition, we add iteration computing to improve the negotiation efficiency. In the experimental results, we have proved that the proposed hybrid negotiation strategy does take into account the performance and security.
    显示于类别:[電機工程學系暨研究所] 學位論文


    档案 大小格式浏览次数



    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回馈