[1]李峰,罗军舟,宋爱波.计算网格安全政策实施模型的框架和分析[J].东南大学学报(自然科学版),2004,34(5):594-598.[doi:10.3969/j.issn.1001-0505.2004.05.008]
 Li Feng,Luo Junzhou,Song Aibo.Security policy implementation model in computational grid[J].Journal of Southeast University (Natural Science Edition),2004,34(5):594-598.[doi:10.3969/j.issn.1001-0505.2004.05.008]
点击复制

计算网格安全政策实施模型的框架和分析()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
34
期数:
2004年第5期
页码:
594-598
栏目:
计算机科学与工程
出版日期:
2004-09-20

文章信息/Info

Title:
Security policy implementation model in computational grid
作者:
李峰 罗军舟 宋爱波
东南大学计算机科学与工程系, 南京 210096
Author(s):
Li Feng Luo Junzhou Song Aibo
Department of Computer Science and Engineering, Southeast University, Nanjing 210096, China
关键词:
计算网格 安全政策 实施模型
Keywords:
computational grid security policy implementation model
分类号:
TP393.08
DOI:
10.3969/j.issn.1001-0505.2004.05.008
摘要:
根据计算网格特点及其一般安全需求,从政策的制定和实施角度出发,提出了一个完整可行的安全政策实施模型SPIM.在对计算网格中各类实体间新信任关系进行分析的基础上,选择并确立了模型中的功能实体,将VO的全局安全管理和传统管理域的安全管理分开考虑,引入了GSPEC和LSPEC两类重要的安全管理实体; 定义了安全交互过程,使GSPEC和LSPEC可以独立地对用户身份进行鉴别,动态地对用户进行授权; 规定了交互过程中所使用的凭证.从而保证在SPIM中,VO的全局安全政策和资源所在管理域的局部安全政策可以相互独立地制定、修改和执行,并在执行时保证各级政策能得到一致的实施.
Abstract:
The necessity of building a security policy implementation model in the computational grid is analyzed. Considering the formulation and implementation of security policies, an intact and feasible security policy implementation model(SPIM)is proposed. Based on the analysis of the trust relationship among all kinds of entities in grid, functional entities in the model are chosen and established. The overall security management of VO(virtual ognization)and security management of traditional administrative domain are considered separately, and two kinds of important security management entities, GSPEC(global security policy execution center)and LSPEC(local security policy execution center)are indtroduced. The mutual course is defined, which makes GSPEC and LSPEC enable to independently authenticate and dynamically authorize the user. Warrants used in the mutual course are also stipulated. Under this model, the formulation, modification and implementation of the global security policies of VO and local security policies of the administrative domains can be done independently. And consistent implementation of policies at all levels can be guaranteed.

参考文献/References:

[1] Foster I,Kesselman C,Tuecke S.The anatomy of the grid:enabling scalable virtual organizations [EB/OL].http://www.globus.org/research/papers/anatomy.pdf.2002/2004-01-03.
[2] Foster I,Kesselman C,Nick M,et al.The physiology of the grid:an open grid services architecture for distributed systems integration [EB/OL].http://www.gridforum.org/ogsi-wg/drafts/ogsa_draft2.9_2002-06-22.pdf.2002/2004-02-10.
[3] Foster I,Kesselman C.Globus:a meta-computing infra-structure toolkit [EB/OL].ftp://ftp.globus.org/pub/globus/papers/globus.pdf.1997/2004-02-10.
[4] 都志辉,陈渝,刘鹏.网格计算[M].北京:清华大学出版社,2002.67-80.
[5] Foster I,Kesselman C,Tsudik G,et al.A security architecture for computational grids [A].In:Proc 5th ACM Conference on Computer and Communication Security [C].San Francisco,CA,1998.83-92.
[6] Thompson M R,Olson D,Cowles R,et al.CA-based trust issues for grid authentication and identity delegation [EB/OL].http://www.gridforum.org/documents/GFD/GFD-I.17.pdf.2003/2004-02-10.
[7] Thompson M,Johnston W,Mudumbai S,et al.Certificate-based access control for widely distributed resources [EB/OL].http://www-itg.lbl.gov/Akenti/.1999/2004-02-10.
[8] Xu Zhiwei,Bu Guanying.A theorem on grid access control [J]. Journal of Computer Science and Technology,2003,18(4):515-522.
[9] Pearlman L,Kesselmen C,Welch V,Foster I.A community authorization service for group collaboration:status and future [EB/OL].http://www.globus.org/security/CAS/Papers/CAS_update_CHEP_03-final.pdf.2003/2004-02-20.
[10] Chadwick D W,Otenko A.The PERMIS X.509 role based privilege management infrastructure [EB/OL].http://sec.isi.salford.ac.uk/download/SACMATfinal.pdf.2002/2004-02-21.
[11] Li Tieyan,Zhu Huafei,Lam Kwokyan.A novel two-level trust model for grid [EB/OL].http://www.i2r.a-star.edu.sg/icsd/publications/LiTieyan_2003_Grid-trust-model-FV-090.pdf.2003/2004-02-21.

备注/Memo

备注/Memo:
基金项目: 江苏省“网络与信息安全”重点实验室资助项目(BM2003201).
作者简介: 李峰(1980—),男,硕士生,lifengg@seu.edu.cn; 罗军舟(联系人),男,博士,教授,博士生导师,jluo@seu.edu.cn.
更新日期/Last Update: 2004-09-20