中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
跨域授权关键技术与中间件
作者: 黄亮
答辩日期: 2007-05-27
授予单位: 中国科学院软件研究所
授予地点: 软件研究所
学位: 博士
关键词: 跨域 ; 授权 ; 授权管理 ; 访问控制
其他题名: Key Technologies of Cross-domain Authorization and Middleware
摘要: 随着信息技术的飞速发展,各个组织机构内部出现了大量的应用系统,各组织机构之间的业务合作和信息共享也日益频繁且规模越来越大。特别是Web Service技术的广泛应用以及网格计算的兴起,打破了传统的孤立式系统,各个系统通过松散耦合的系统接口相互联合,实现系统间的互操作和信息共享。这些新的应用场景产生了新的安全需求,传统的安全机制已逐渐不能满足跨域资源访问产生的各种信息安全问题。跨域资源访问的授权作为诸多问题中的一个研究热点,本文将对跨域授权中的关键技术进行了探讨,研究工作主要表现在以下方面: 第一、分析了各种传统访问控制技术,指出了它们存在的不足,介绍了基于属性的访问控制技术及其应用于多信任域环境下资源保护的优势,它易于支持多种访问控制策略,易于支持动态、细粒度的访问控制。 第二、阐述和分析了已有的跨域互操作技术,提出了基于属性的跨域互操作技术,给出了基于属性证书实现域间属性映射的实现方案,基于此设计和实现了一个跨域授权中间件。 第三、基于属性证书建立了一个分布式授权管理系统,通过属性证书实现了授权策略的颁发和权限的委托,实现了分布式环境下的统一授权管理,并给出了整个系统的设计和实现。 本文的研究旨在对分布式环境下的信息安全研究提供技术和经验。
英文摘要: With the development of information technology, more and more applications come forth inside an organization. The business collaborates and information sharing between organizations is being more frequently with a larger scale. Especially, the widely used Web Service technology and the rise of grid computing have broken the traditional isolated systems. Every system begins to interact and share information through a light weight interface between each other. Those new applications have generated new security requirements. The traditional security mechanism cannot resolve these information security challenges more, which are brought by cross-domain interoperations. This paper makes a thorough deep explore on cross-domain authorization. The main achievements of this paper include the followings: Firstly, this paper analyzes some classic traditional access control mechanism and points out their shortages. Then the paper analyzes and studies the attribute-based access control. It fits multi-kind of security policies, and supports dynamic and fine-grain access control, is more comfortable for the access control of multi-domain system. Secondly, this paper studies and summarizes the existing technologies of cross-domain interoperation, proposes attribute-based cross-domain interoperation technology, and designs an attribute mapping solution through attribute certificate. Finally, this paper provides a design schema of a middleware system Thirdly, this papers designs and implements a privilege management system based on attribute certificate, which achieved the unified authorization management in distributed environments. The paper’s achievements provide technology and experience for the research on the system security under a distributed environment.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6936
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
10001_200428015029136黄亮_paper.doc(2555KB)----限制开放-- 联系获取全文

Recommended Citation:
黄亮. 跨域授权关键技术与中间件[D]. 软件研究所. 中国科学院软件研究所. 2007-05-27.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[黄亮]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[黄亮]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace