关闭

关闭

关闭

封号提示

内容

首页 分布式信任链发现管理系统 论文中文翻译.doc

分布式信任链发现管理系统 论文中文翻译.doc

分布式信任链发现管理系统 论文中文翻译.doc

邵博 2011-03-24 评分 0 浏览量 0 0 0 0 暂无简介 简介 举报

简介:本文档为《分布式信任链发现管理系统 论文中文翻译doc》,可适用于人文社科领域,主题内容包含网页图片视频地图新闻购物Gmail更多图书财经翻译博客实时日历照片文档阅读器协作平台论坛更多试试带有自动翻译功能的新款浏览器。下载GoogleChr符等。

网页图片视频地图新闻购物Gmail更多图书财经翻译博客实时日历照片文档阅读器协作平台论坛更多试试带有自动翻译功能的新款浏览器。下载GoogleChrome浏览器源语言:英语检测语言阿尔巴尼亚语阿拉伯语阿塞拜疆语爱尔兰语爱沙尼亚语白俄罗斯语保加利亚语冰岛语波兰语波斯语布尔文(南非荷兰语)丹麦语德语俄语法语菲律宾语芬兰语格鲁吉亚语海地克里奥尔语韩语荷兰语加利西亚语加泰罗尼亚语捷克语克罗地亚语拉丁语拉脱维亚语立陶宛语罗马尼亚语马耳他语马来语马其顿语挪威语葡萄牙语日语瑞典语塞尔维亚语斯洛伐克语斯洛文尼亚语斯瓦希里语泰语土耳其语威尔士语乌克兰语西班牙的巴斯克语西班牙语希伯来语希腊语匈牙利语亚美尼亚语意大利语意第绪语印地语印度乌尔都语印尼语英语越南语中文目标语言:中文(简体)阿尔巴尼亚语阿拉伯语阿塞拜疆语爱尔兰语爱沙尼亚语白俄罗斯语保加利亚语冰岛语波兰语波斯语布尔文(南非荷兰语)丹麦语德语俄语法语菲律宾语芬兰语格鲁吉亚语海地克里奥尔语韩语荷兰语加利西亚语加泰罗尼亚语捷克语克罗地亚语拉丁语拉脱维亚语立陶宛语罗马尼亚语马耳他语马来语马其顿语挪威语葡萄牙语日语瑞典语塞尔维亚语斯洛伐克语斯洛文尼亚语斯瓦希里语泰语土耳其语威尔士语乌克兰语西班牙的巴斯克语西班牙语希伯来语希腊语匈牙利语亚美尼亚语意大利语意第绪语印地语印度乌尔都语印尼语英语越南语中文(繁体)中文(简体)翻译文字或网页AuthorizationinTrustManagement:FeaturesandFoundationsPETERCCHAPIN,CHRISTIANSKALKA,andXSEANWANGUniversityofVermontTrustmanagementsystemsareframeworksforauthorizationinmoderndistributedsystems,allowingremotelyaccessibleresourcestobeprotectedbyprovidersByallowingproviderstospecifypolicy,andaccessrequesterstopossesscertainaccessrights,trustmanagementautomatestheprocessofdeterminingwhetheraccessshouldbeallowedonthebasisofpolicy,rights,andanauthorizationsemanticsInthispaperwesurveymodernstateoftheartintrustmanagementauthorization,focusingonfeaturesofpolicyandrightslanguagesthatprovidethenecessaryexpressivenessformodernpracticeWecharacterizesystemsinlightofagenericstructurethattakesintoaccountcomponentsofpracticalimplementationsWeemphasizesystemsthathaveaformalfoundation,sincesecuritypropertiesofthemcanberigorouslyguaranteedUnderlyingformalismsarereviewedtoprovidenecessarybackgroundCategoriesandSubjectDescriptors:CComputerCommunicationNetworks:GeneralSecurityandprotectionGeneralTerms:Security,Design,LanguagesAdditionalKeyWordsandPhrases:Distributedauthorization,trustmanagementsystemsACMReferenceFormat:Chapin,PC,Skalka,C,andWang,XSAuthorizationintrustmanagement:FeaturesandfoundationsACMComputSurv,,,Article(August),pagesDOI=http:doiacmorgINTRODUCTIONDistributedapplicationsthatspanadministrativedomainshavebecomecommonplaceintoday’scomputingenvironmentElectroniccommerce,highperformancescientificcomputing,groupware,andmultimediaapplicationsallrequirecollaborationsbetweendistinctsocialentitiesInsuchsystemseachadministrativedomain,alsocalledasecuritydomain,controlsaccesstoitsownresourcesandoperatesindependentlyofotheradministrativedomainsTheproblemofhowtobestspecifyandimplementaccesscontrolinsuchanenvironmenthasbeenatopicofconsiderableresearchToaddressthisproblemtheideaoftrustmanagementwasintroducedBlazeetalandsubsequentlydevelopedbymanyauthors,providingframeworksinwhichThisresearchwassponsoredbytheUnitedStatesAirForceOfficeofScientificResearch(AFOSR)Authors’addresses:PCChapin,UniversityofVermont,DepartmentofComputerScience,Burlington,VTemail:pchapincsuvmeduCSkalka,UniversityofVermont,DepartmentofComputerScience,Burlington,VTemail:skalkacsuvmeduXSWang,UniversityofVermont,DepartmentofComputerScience,Burlington,VTemail:xywangcsuvmeduPermissiontomakedigitalorhardcopiesofpartorallofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforprofitordirectcommercialadvantageandthatcopiesshowthisnoticeonthefirstpageorinitialscreenofadisplayalongwiththefullcitationCopyrightsforcomponentsofthisworkownedbyothersthanACMmustbehonoredAbstractingwithcreditispermittedTocopyotherwise,torepublish,topostonservers,toredistributetolists,ortouseanycomponentofthisworkinotherworksrequirespriorspecificpermissionandorafeePermissionsmayberequestedfromPublicationsDept,ACM,Inc,PennPlaza,Suite,NewYork,NYUSA,fax(),orpermissionsacmorgACMART$DOIhttp:doiacmorgACMComputingSurveys,Vol,No,Article,Publicationdate:August:PCChapinetalentitiescanspecifyindependentaccesscontrolpoliciesthatareenforceduponaccessrequestAttheheartoftrustmanagementsystemsistheauthorizationprocedure,whichdetermineswhetherresourceaccessshouldbegrantedornotbasedonanumberofconditionsThesemanticsofauthorizationprovidemeaningtothefeaturessupportedbytrustmanagementsystems,forboththepolicymakerandtheresourcerequesterWhileanumberoftechniqueshavebeenproposedtocharacterizeauthorizationintrustmanagementsystems,wearguethatthemostpromisingarethosebasedonrigorousformalfoundationsThisargumentisnotnew,infactithasmotivatedtrustmanagementresearchsinceitsinceptionWooandLamInasecuritysetting,entitiesshouldbeabletospecifypoliciesprecisely,tohaveanabsolutelyclearideaofthemeaningoftheirpolicies,andtohaveconfidencethattheyarecorrectlyenforcedbyauthorizationmechanismsFormallywellfoundedtrustmanagementsystemsachievethis,providingasettinginwhichreliabilitycanberigorouslyestablishedbymathematicalproofInparticular,variouslogicshaveservedasthefoundationfortrustmanagementAbadiBertinoetalInthisarticlewesurveystateoftheartintrustmanagementauthorization,withanemphasisonformallywellfoundedsystemsThesesystemsarecomparedtoeachotherwithrespecttodesirablehighlevelfeaturesoftrustmanagementOurfocusisthefoundationsandfeaturesoftrustmanagementsystems,nottheirapplication,thoughwenotethattrustmanagementsystemshavebeenshowntoenforcesecurityinmanyrealapplicationsForexample,theKeyNotesystemhasbeenshowncapableofenforcingtheIPsecnetworkprotocolBlazeetal,SPKISDSIhasbeenusedtoprovidesecurityincomponentbasedprogramminglanguagedesignLiuandSmithCassandrahasbeenexaminedinthecontextoftheUnitedKingdom’sproposednationwideelectronichealthrecordssystemBeckerandSewellbInaddition,theExtensibleAccessControlMarkupLanguage(XACML)OASISaandtheSecurityAssertionMarkupLanguage(SAML)OASISb,bothOASISstandards,defineXMLpolicyandassertionlanguagesthatmakesuseofmanytrustmanagementconceptsAuthorizationFrameworksThetrustmanagementsystemswesurveyareprimarilyconcernedwithauthorization,asopposedtoauthenticationThelatteraddresseshowtodetermineorverifytheidentityofactorsormessagesignersinadistributedtransactionwithahighdegreeofconfidenceAuthorization,ontheotherhand,isbasedoncalculiofprincipalswhoseidentitiesaretakenforgrantedAlthoughanyrealimplementationofanauthorizationsystemwillrelyonauthenticationtoestablishtheseidentities,andkeytoidentitybindingsmayevenhaveanabstractrepresentationinthesystem,authorizationgenerallytreatsauthenticationandpublickeyinfrastructureasorthogonalissuesAuthorizationismoreproperlyconcernedwithnontrivialaccesscontrolpolicieshowtospecifythem,whattheymean,andhowtoendowtrustedprincipalswiththecredentialsnecessarytosatisfythemAuthorizationintrustmanagementsystemsismoreexpressivethanintraditionalaccesscontrolsystemssuchasrolebasedaccesscontrol(RBAC)SandhuetalInsuchsimplermodels,accessisbaseddirectlyonidentitiesofprincipalsButinalargedistributedenvironmentsuchastheInternet,creatingasinglelocaldatabaseofallpotentialrequestersisuntenableWheretherearemultipledomainsofadministrativecontrol,nosingleauthorizercanbeexpectedtohavedirectknowledgeofallusersofthesystemFurthermore,theInternetisahighlydynamicandvolatileenvironment,andnosingleentitycanbeexpectedtokeeppacewithchangesinanauthoritativeACMComputingSurveys,Vol,No,Article,Publicationdate:AugustAuthorizationinTrustManagement:FeaturesandFoundations:mannerFinally,basingauthorizationpurelyonidentityisnotasufficientlyexpressiveorflexibleapproach,sincesecurityinmoderndistributedsystemsutilizesmoresophisticatedfeatures(eg,delegation)andpolicies(eg,separationofdutySimonandZurko)TheseproblemsareaddressedbytheuseoftrustmanagementsystemsWenowreturntosomeoftheapplicationsmentionedalready,toillustratehowauthorizationintrustmanagementsystemsissuitedtoenforcingsecurityinpracticalcomputingscenariosIPsecBlazeandIoannidisBlazeetaldescribeanextensiontotheIPsecarchitecturethatusesKeyNotetocheckifpacketfiltersproposedbyaremotehostcomplywithalocalpolicyforthecreationofsuchfiltersThisallowsasystemadministratortopreventanattackerfromnegotiatingasecureconnectionandthenusingthatconnectiontoattackvulnerableservicesThisapplicationisaninstanceofthemoregeneralideaofusingatrustmanagementsystemforfirewallmanagementWebPageContentRatingsSeveralauthorsdescribetheuseoftrustmanagementsystemstoimplementWebpagecontentratingschemesGunteretalChuetalThisisofsignificantpracticalinteresttheWorldWideWebConsortiumhasconsideredusingtrustmanagementconceptsinitsPlatformforInternetContentSelectionResnickandMillerInaratingschemeaclientdelegatestheauthoritytorateWebpagestoasuitableratingsserverTheserverissuescertificatesthatbindaWebpage(viaitshashvalue)toaratingWhenapageisfetched,theWebserverdeliversthiscertificatetothebrowserwherethebrowser’spolicyisconsultedtodetermineifthepageshouldbedisplayedMedicalRecordsSeveraltrustmanagementsystemshavebeenappliedtomaintainingintegrityandprivacyinelectronichealthrecordsBaconetalBeckerandSewellb,atopicofconsiderableimportanceinmodernhealthcareOfficeofTechnologyAssessmentSecurityinthissettinginvolvespoliciesspanningmanylooselycoupleddomainssuchasclinics,hospitals,laboratories,andemergencyservicesGoalsandOutlineofthePaperAsummaryandcomparisonofthefeaturesandformalunderpinningsofauthorizationproceduresintrustmanagementsystemsisaprimarygoalofthispaper,groundedinareviewoftheirfoundationsinauthorizationlogicssuchasABLPAbadietalThissummaryprovidesausefulexplanationandoverviewofmodernstateoftheartintrustmanagementauthorizationtechnologyAnothercontributionofthissurveyisthecharacterizationofauthorizationframeworksassystemsthatincludeothercomponentsinadditiontothecoreauthorizationsemanticsThisdistinguishesourpresentationfromaprevioussurveyofauthorizationlogicsAbadiItisimportanttoconsiderthesecomponents,sincesomefeaturesoftrustmanagementsystemsmaybereflectedinthemratherthanintheauthorizationsemantics,forexamplecertificateexpirationdatesmaybecheckedwhenparsingwireformatcertificatesbutignoredbytheauthorizationsemanticsThisalsoshedslightonhowmuchformalsupportisprovidedforthesefeaturesinvarioussystemsWesummarizethecomponentsoftrustmanagementsystems,andcomparetheminlightofwhichfeaturesaresupportedbywhichcomponentsBecausetrustmanagementisabroadandactivefield,itisimportanttorestrictthescopeofoursurveytoprovidesufficientdepthaswellasbreadthAsthetitlesuggests,wearemainlyconcernedwiththesemanticsandimplementationofauthorizationintrustmanagementssystems,versusothercomponentssuchascertificatestorageandretrievalWedelineateourscopemorepreciselybelowinSectionACMComputingSurveys,Vol,No,Article,Publicationdate:August:PCChapinetalTheremainderofthissurveyisorganizedasfollowsInSectionweintroduceimportantconceptsandterminology,summarizethemethodweusetocompareandcontrastvarioussystems,andintroducearunningexampleInSectionwehighlightseveralfeaturesofferedbytrustmanagementsystemsSectionreviewsinmoredetailthelogicalbasisoftrustmanagementSectionreviewsseveraltrustmanagementsystemswithafocusonthosethatarelogicallywellfoundedSectiongivesanoverviewoftrustnegotiation,animportantcomponentofsometrustmanagementapplicationsFinallyweconcludeinSectionOVERVIEWInthissectionweprovidebackgroundintrustmanagementsystemsforthegeneralreaderWealsoclarifywhichtrustmanagementsystemcomponentsarerelevanttotheauthorizationdecisionthereturnouttobesomeimportantsubtletiesinthisregardInlightofthestructureofauthorizationdecisionssodescribed,weoutlineourapproachtocomparingtrustmanagementsystemsWealsoprovidealongerrunningexample,whichservestoillustratetheconceptsintroducedandlaterservesasanexplicitpointofcomparisonforthesystemswesurveyComponentsofFullImplementationsTrustManagementSystems(TMSs)inpracticecompriseanumberoffunctionsandsubsystems,whichwedivideintothreemajorcomponents:theauthorizationdecision,certificatestorageandretrieval,andtrustnegotiationAuthorizationdecisionsarerelevanttotheelementsandsemanticsoftheaccesscontroldecisionitselfCertificatestorageandretrievalisrelevanttothephysicallocationofcertificatesthatarethelowlevelrepresentationofaccesscontrolelementssuchascredentialsandpoliciesForexample,systemshavebeenproposedforstoringSPKIcertificatesusingDNSNikanderandViljanenandforstoringSDSIcertificatesusingapeertopeerfileserverAjmanietalTrustnegotiationWinsboroughetalYuetalSeamonsetalYuetalWinsboroughandLiWinsboroughandLiisnecessaryforaccesscontroldecisionswheresomeelementsofaccesspoliciesorthecredentialsusedtoproveauthorizationwiththosepolicesshouldnotbearbitrarilydisclosedForexample,inWinsboroughetalaschemeisproposedwherebyaccessrightsheldbyrequestersareprotectedbytheirownpolicies,andbothauthorizersandrequestersmustshowcompliancewithpolicies(ie,negotiate)duringauthorizationWeprovideabriefsummaryandoverviewoftrustnegotationinSection,toprovideamorecompleteviewoftrustmanagementfunctionalityandchallengesinmodernpracticeTheimportanceoftheseothercomponentsnotwithstanding,inthissurveyourfocuswillbeonauthorizationdecisionsThisisbecausetheauthorizationdecisionisthebasisofanytrustmanagementsystemFurthermore,notallthesystemsproposedintheliteraturehavebeendevelopedsufficientlytoincludecertificatestorageimplementations,nortrustnegotiationstrategiesinthepresenceofconfidentialityFocusingonauthorizationdecisionsallowsustosufficientlynarrowourscope,andthoroughlyreviewcomponentsthatendowsystemswiththeircharacteristicfeaturesWhenwesaythatweconsideronlythoseTMSswithaformalfoundationinthissurveyasinSection,wemeanthattheauthorizationdecisionisbasedonamathematicallywellfoundedsemanticsofsomesort,forexamplepropositionallogicorrelationalalgebraElementsofAuthorization:GlossaryToclarifytheremainingpresentationandidentifyfundamentalelementsoftrustmanagementauthorizationdecisions,wenowprovideaglossaryofrelevanttermsMoreACMComputingSurveys,Vol,No,Article,Publicationdate:AugustAuthorizationinTrustManagement:FeaturesandFoundations:indepthdiscussionofthesetermsoccursthroughouttherestofthearticlethissectionisintendedasasuccinctreferenceEntity:anindividualactorinadistributedsystem,alsofrequentlycalledaprincipalResource:anythingthatalocalsystemmightregardasworthyofaccesscontrolfileaccess,databaselookup,webbrowserdisplayarea,etcPolicy:aspecificationofrulesforaccessingaparticularresourcePolicyisusuallydefinedlocallyatleastinpart,butTMSssometimesallowpolicytobedefinednonlocallyaswellAuthorizer:thelocalauthoritythatprotectsaresource,byautomaticallyallowingaccessonlyafteranappropriateproofofauthorizationhasbeenshownAuthorizersalsospecifypolicyRequester:anentity(usuallynonlocal)seekingtoaccessaresourceAttribute:apropertyofinterestinsomesecuritydomain,forexamplearolemembershipCredential:endowsentitieswithcertainattributesLocalpolicyusuallyspecifiesthatrequestersmustbeendowedwithcertainattributesbeforeresourceaccessisallowed,socredentialsareessentialtoestablishaccessrightstoresourcesIssuer:theauthoritythatissuesaparticularcredentialCertificate:acertifiedwireformatrepresentationofacredentialCertificaterevocation:theremovalofarequester’scredential,typicallybytheissuerCredentialnegation:PolicylanguagessometimesallowpolicymakerstospecifythatacredentialnotbeheldLogically,thisisexpressedascredentialnegationDelegationofauthority:the(usuallytemporary)logicaltransferofauthorityoverpolicyfromoneentitytoanotherDelegationofrights:the(usuallytemporary)logicaltransferofanaccessrightfromoneentitytoanotherAuthorizationdecision:thedeterminationofwhetheragivenrequesterpossessesthenecessaryattributestoaccessaparticularresourceasmediatedbylocalpolicy,basedonapreferablywelldefinedsemanticsofpoliciesandcredentialsAuthorizationmechanism:theautomatedmeansbywhichanauthorizationdecisionisreachedDependingoncontextthisreferstoanalgorithmoramoduleofsoftwareexecutedbytheauthorizerCoreauthorizationsemantics:themathematicallywellfoundedtheorythatconstitutesthemeaningofauthorizationdecisionsRole:anattributethatrequesterscanactivatewhenrequestingauthorizationAuthorizationisoftenbasedontherolearequesterisabletoassumeRolemembership:anentityissaidtobeamemberofaroleifthatentityisamongthegroupofentitiesthatcanactivatetheroleThresholdpolicy:thresholdpoliciesrequireaminimumspecifiednumberofentitiestoagreeonsomefactThresholdpoliciesusuallysupportseparationofdutyauthorizationschemesLietalDomain:thesecuritylocalityadministeredbyagivenauthorityNamespace:thenamesdefinedinaparticulardomainACMComputingSurveys,Vol,No,Article,Publicationdate:August:PCChapinetalFigStructureofanauthorizationdecisionStructureofanAuthorizationDecisionThesubsystemofatrustmanagementsystemthatconstitutesitsauthorizationdecisionincludesmorethanjustacoreauthorizationsemanticsBysystemwemeanthesetofcomponentsthatprovideanimplementation,notjustanabstractspecificationoftheauthorizationsemanticsThisdistinguishesourpresentationfromasurveyofauthorizationlogicsAbadiInthissectionweidentifythecomponentsofagenericauthorizationdecisionandcharacterizeitsstructureThisprovidesabetterunderstandingofauthorizationdecisionsingeneral,andalsoameanstobettercategorizefeaturesofparticular

用户评论(0)

0/200

精彩专题

上传我的资料

每篇奖励 +1积分

资料评分:

/179
1下载券 下载 加入VIP, 送下载券

意见
反馈

立即扫码关注

爱问共享资料微信公众号

返回
顶部

举报
资料