网格计算环境中的安全信任协商系统

网格技术促进了广域网络环境下的资源共享和协同工作.然而,在网格环境中,服务的提供方和请求方往往位于不同的安全域,如何为位于不同安全区域的陌生主体间动态地建立信任关系成为一项应用难题.基于信任管理基础设施,通过协作主体间信任证、访问控制策略的交互披露逐渐为各方建立信任关系,设计并实现了一个保护协商方隐私信息的安全信任协商系统.该系统采用一种基于属性的委托授权信任证、访问控制策略及一致性验证算法,实现策略的动态调整,从而生成满足访问控制策略的所有最小可满足信任证集,能够使理论上存在的信任关系得以自动建立.通过在CROWN平台中的应用,显示该系统能够满足网格应用中信任自动建立和敏感信息保护的需求. 

Secure trust negotiation system for grid computing

Grid technology promotes resource sharing and collaboration over wide area network.However,service providers and requestors are always located in different secure domains in grid environment.How to establish trust between strangers without prior relationship has become a pressing problem.A system named secure trust negotiation system was designed and implemented,which depends on the trust management infrastructure,establishes trust between strangers with iterative disclosure of credentials and access control policies and can protect participants' private information.A sort of attributed-based authorization credential and access control policy was adopted.A novel algorithm for compliance checker of credentials and access policies was carefully designed,which can be used to generate all the minimal satisfied sets of credentials,so that the trust relationship exsited in theory can be established automatically.During the process of trust negotiation using this system,secure transmission of credentials disclosed was ensured by other subsystems of CROWN.Through the application in CROWN grid,it shows contributions to the automated trust establishment and privacy protection.