【作者】 金莉；

【导师】 卢正鼎；

【作者基本信息】 华中科技大学 ， 计算机应用技术， 2009， 博士

【摘要】 多域安全互操作为分布式资源和服务的最大共享创造了条件，越来越多的大规模分布式系统被划分成多个高度自治的管理域或安全域进行管理，从而优化系统性能，提高资源利用率。多域安全互操作研究已成为分布式访问控制领域的热点问题，其相关技术在政府、军队、金融和医疗等许多重要领域都已得到广泛的应用。近年来，随着大规模分布式系统新应用的不断涌现，多域环境也在悄然发生着巨大的转变：跨域访问的大量增加、成员域的数量不断增大、成员域间的异构程度日益复杂等等，这些转变随之而来所引发的信任危机和安全漏洞都对当前现有的多域安全互操作系统提出了新的挑战，因此，无论是从身份认证、信任管理，还是从跨域角色映射、多域互操作策略集成，都需要新的策略和机制来提供更强的自治性和协同性以适应多域环境的发展。在新的多域环境下，来自外域的未知访问请求日益增加，对于大量尚在进行的跨域访问，仅对当前用户做出可信与否的静态判定，显然无法应对潜在入侵者在获得可信身份后仍可进行的各种破坏行为，如非法授权、越级访问等。对此，提出了一种基于信任级的多域安全互操作模型ASITL，对协商主体采取动态、量化的“信任级”评估，既保护了陌生主体间披露证书的隐私性和安全性，又通过自适应的调整跨域交互操作机制，在信任评估的同时融入对未知事件的自适应能力，提高了多域环境下应对异常事件的容忍能力和应对潜在安全威胁的预警能力。针对SERAT机制在构造跨域角色映射路径时忽略域内原有角色层次和洪泛方式广播认证信息所带来的角色层次冲突和安全隐患，提出一种基于角色等级的跨域角色映射机制IMRK，以域为单位分别对源角色和目标角色进行角色等级评估，在保持各域原有角色层次的基础上将各域的局部角色转化为多域的全局角色，从而将映射的主体提升到相同的角色层面进行比较，减少了角色层次冲突和广播认证信息所带来的安全隐患，较好的保持了多域环境下跨域角色映射后各域的安全性和自治性。多域环境下，各成员域为了满足本域的安全需求，制定不同的访问控制策略体系来维护本域的安全性和自治性。由于各成员域使用的模型、语法、计划模式、数据标记模式和约束各不相同，为尽量避免多域策略集成时可能产生的概念和逻辑关系的冲突，提出一种基于本体相似度的多域互操作策略集成方法SPIOS，将各成员域的本地安全需求转换成访问控制策略本体的形式，在对访问控制策略本体进行语义映射的基础上融入贝叶斯机器学习机制，自适应的归纳出满足各成员域安全性和自治性特点的多域安全互操作策略模型。异构冲突的检测和解决是多域安全互操作策略集成必须解决的首要目标。人工参与的解决方法无形中增加了触发其它冲突的概率，并且过多的人工干预将直接导致系统安全性的降低。由于多域策略集成冲突的形式化表达具有一阶谓词逻辑的特征，对此提出一种基于一阶规则集学习的自适应冲突检测机制SACDM，通过构造冲突规则知识库，自适应判别策略集成过程中冲突的类型并采取相应的处理措施，较好解决多域策略集成过程中异构冲突的产生，缓解了人工干预所带来的安全隐患。针对多域安全互操作策略集成过程中临时冗余信息对新策略的干扰和集成策略架构体系过于庞大、过于复杂等问题，分析优化过程对于策略集成体系的重要性。给出了多域策略集成顺序、冲突检测过程以及平衡阈值参数评估等三种优化的思路，以期进一步增强多域策略集成体系的安全性和稳定性，提高多个集成环节的执行效率。更多还原

【Abstract】 Multi-domain secure interoperations provide the largest resource and service shareing in distributed environment and improve the performance and the efficiency of the system.More and more large scale distributed systems have been divided into multi autonomy domains or security domains, called multi-domain systems, to realize secure management and control through secure interoperations. It has been a hot issue in access control area. Multi-domain secure interoperation technology has been widely used in many application areas, such as government, army, finance and medical treatment.With welling up of many new applications in large scale distributed systems, the multi-domain environment has been changed for recent years: the large amount of requests cross domains, the increasing number of domains and the heterogeneous degree between domains.The trust risks and security vulnerabilities triggered by these changes have proposed challenges to current multi-domain systems. Therefore, we need new technologies supplying more autonomous and cooperative to adapt such developments, not only in identity authorizing and trust management, but in role mapping and strategy integration. It has important academic significance and application values.In view of large amount of requests from foreign domains, a simple decision of "trust" or not is too insufficient to deal with potential intrusions, such as authorization risk or illegal accesses. A self-adaptive secure interoperation module based on trust-level is proposed which protects negotiation parts disclosure of credentials in privacy and security. Detecting unknown network events with a self-adaptive mechanism, the tolerance to deal with abnormal situations and accidents is improved. Moreover, it automatically adjusts and monitors a user’s trust-level, which can effectively prevent resource sharing among domains from malice intrusions or potential security threatens.To solve the negative impacts of the SERAT module on cross domain role mappings to local domain role hierarchy, an inter-domain mapping based on role ranking module is proposed. It can effectively avoid the circle inherit conflicts and the security problems of broadcasting the authorization information. With a global role rank maintaining the original role hierarchy of each domain, the mapping subjects can be compared at the same level. So the initialized role in the home domain can be correctly mapped to the goal role in the target domain. The security and autonomy of each domain is preferably kept with the inter-domain mappings.In multi-domain environment, there are different access control systems to maintain security and autonomy between domains. And different access control systems use diverse modules, syntax, schemes, data markers and constraints to express their own policies. Describing access control policies at semantic level is an effective method to avoid conceptual and logical conflicts in multi-domain policies integration. In view of domain ontology, a secure policy integration method based on ontology similarity is proposed. Using a machine learning algorithm of Bayesian, it can self-adaptively construct a secure multi-domain interoperation model to satisfy the autonomy and cooperation of all domains.Heterogeneous conflict detecting and disposal is the chief goal of multi-domain interoperation strategy integration. Manual detecting increases the occurance probability of other conflicts and decrease the security of system. For the expressions of conflicts have the features of first-order predication logic, we proposed a self-adaptive conflicts detecting method based on first-order logic. It can automatically judge the kind of conflicts and adopt corresponding measure in process of strategy integration, resolving the seurity risks of manual participation.As we known, a mass of temporary redundancy information may disturb new strategies and make the final integration sytem much more huge and complex. The integration process need optimize. We discuss the optimized method through integration order, concising conflicts detecting process and evaluating balance threshold to improve the self-adaptive ability and performance of the multi-domain strategy integration system.更多还原