【作者】 路峰；

【导师】 吴慧中；

【作者基本信息】 南京理工大学 ， 计算机应用技术， 2009， 博士

【摘要】 随着分布式网络技术的迅猛发展,对其安全管理技术也提出了新的要求。信任通过度量和评估节点间潜在的信任信息,为网络系统提供一种相对柔性的安全度量机制,目前已成为网络安全领域研究、开发和应用的热点。信任评估模型是信任评价体系的基础,由于信任本身的复杂性和不确定性,研究以信任度量节点的可信程度表示信任等级的高低,及构建高精度、低负担的信任评估模型仍然是一个具有挑战性的课题。本文从信任云表示的信任关系、全局信任的分布求解、基于资源属性的信任评估以及基于网格QoS的信任评估与资源调度这四方面入手,对信任评估模型的理论及其关键技术进行了研究,提出了一些新的信任评估模型和方法,旨在为分布式网络信任机制的推广应用提供技术支撑。首先针对当前信任评估模型普遍存在的度量合理性问题,通过对云理论模型的深入研究与扩展,提出了信任云的概念。采用云模型提取和描述主观信任信息,统一表达了信任关系中存在的随机性和模糊性以及两者之间的关联。并给出了信任云相似性度量算法,实现了基于信任云的网络服务安全决策。其次在深入研究全局信任机制的基础上,通过数学表述和分布求解协议的分析,构建了P2P环境下的全局信任模型。根据恶意节点在网络中可能存在的方式,模拟了多种类型恶意节点,分别以全面迭代和部分迭代两种分布求解算法对这些恶意节点类型进行仿真,并作了比较分析,以此作为评估两种算法适用环境的依据。全局信任模型获取的是节点的信誉,在相同的功能请求下,资源调度系统会选择网络中信誉最高的节点作为服务节点,这样会造成系统负载的不平衡以及新加入系统的节点无法获取服务机会等缺点。本文针对该问题,提出了基于信誉概率的资源调度算法,以节点的信誉作为服务选择的概率。实验结果证明了该算法在保证本文所提出的信任模型优势的前提下,合理平衡了网络负载,使新加入系统的节点也能获得服务机会。目前的主观信任模型以资源实体作为信任评估对象,以其信誉作为信任评估标准,没有考虑资源间交互的内容,这导致了信任模型粒度过于粗糙,在一些应用环境下难以实现精确的评估。本文提出了基于资源属性的信任评估模型,该模型根据信任关系的可传递性,将信任评估的粒度进一步细化,以资源的关联属性作为信任评估依据。克服了以往模型由于注重受信实体的信誉而导致评估对象单一的缺陷,实现了由关联属性量化资源信任度的目的。本文还列举了几种典型的信任情景并进行了仿真实验,实验结果及分析表明,本文提出的基于资源属性的信任评估模型在信任度量的准确度、模型结构的合理性以及模型的可扩展性等方面都取得了较好的效果。当前网格信任模型只把节点间的交易经验作为信任评估依据,忽略了对实体固有性能的评估,造成信任信息收集不全面、信任评估不细致等缺点。也导致信任模型无法充分利用网格基础架构的功能,信任机制与调度机制处于分离状态。本文最后分析了上述问题和目前网格QoS研究工作存在的缺陷,提出了一种基于网格QoS的信任评估及资源调度模型GRDM-Q。该模型以资源的QoS参数作为信任评估的依据,并以评估结果作为网格资源选择的重要依据,实现了信任机制和调度机制的有效融合。实验结果证明了GRDM-Q是一种网格环境下信任评估和资源调度的有效模型。更多还原

【Abstract】 With the rapid development of the distributed network, new requirements are put forward to security management technology. Trust is a research focusing on present network security field which provides flexible safety measurement mechanism through the measurement and evaluation of trust information wrapped in network peers. As the base for trust evaluation mechanism, trust evaluation model studies how to assess and sort peers’ reliability, however, construction of a highly precise trust evaluation model with low load is still challenging work due to the complexity and uncertainty of trust. This paper discusses theories and critical technologies of trust evaluation model from four perspectives including trust relationship described by trust cloud, distributed implementation of global trust, trust evaluation based on resource attribute and trust evaluation and resource management based on grid QoS, and presents some new trust evaluation models and methods. The purpose of our work is to provide supporting technologies for the popularization of trust mechanism in distributed networks.With regard to the rationality problem of existing trust evaluation models, we first carry out in-depth research on the cloud theory and come up with the concept of trust cloud. By using trust cloud to pick and describe subjective trust information, we describe in a unified manner the randomness and fuzziness in trust relation as well as their correlation. Algorithm of cloud similarity measurement is presented and decision-making through trust cloud on service security is also realized.Then based on further study of global trust mechanism, we present a global trust model in P2P environment through mathematic analysis and distributed implementation method. This paper provides two distributed implementation methods and experiment them with different types of malice peers described before. The experimental results are used as the basis for evaluating different network environment that the two methods can be applied. With the same resource requirements, resource management prefers to choose the highest reputation peer obtained by global trust models, which causes overload imbalance and failure of new peers serving the system. A novel resource scheduling algorithm based on the probability of peer reputation is proposed. It is shown via simulation that the algorithm achieves better performance on keeping overload balance and resisting attack of malice peers. At the same time, the new peers also obtain opportunity to serve the system.While most subjective trust models focus on entity-centered issues such as reputation, they do not model the content, ie the nature and use of the information being exchanged. Due to this problem, existing trust models fail to promise the trust computation of some special domains. According to the transferable property of trust relation, the paper proposes a novel fine-grained trust model which is based on resource attributes. Compared with prior trust models, the proposed model increases trust evaluation object. This paper simulates some use case scenarios and describes a simulation environment. Simulations show that compared with similar exising trust models, the proposed model is more accurate on trust evaluation and more reasonable and scalable on model architecture.At present, trust model in grid environment focuses on transaction experience while omitting the evaluation of peers’ proper property. This situation indicates that the trust information between peers cannot be sufficiently collected and the trust evaluate result is not precise. Moreover, existing models cannot make full use of grid computing fundamental architecture, and trust mechanism and resource management mechanism are isolated. Addressing above problems and those in present grid QoS research work, This paper presents a novel trust evaluation and resource scheduling model GRDM-Q. This model evaluates trust on the basis of resources’ QoS and uses the evaluation results as the most important factor for selecting resource, which realizes the integration of trust mechanism and resource management mechanism. Experments show that the new model is an effective approach to evaluate trust and manage resource in grid environment.更多还原