【作者】 桂劲松；

【导师】 陈志刚；

【作者基本信息】 中南大学 ， 计算机应用技术， 2008， 博士

【摘要】 虚拟组织是网格协同解决问题的高效资源组织形式。按需、动态、即时构建虚拟组织适应了网格应用的多样性和网格资源的动态性。但目前支持动态构建虚拟组织的声誉机制、保障其可靠运行的授权机制尚不完善,主要表现在:集中式网格声誉模型的可扩展性差而分布式模型则普遍依赖于DHT技术来实现全局声誉管理;虚拟组织授权系统缺乏对授权执行过程的细粒度控制,而授权决策过程缺乏连续决策能力且策略规范难以表达精细的授权策略。本文针对上述问题进行了深入研究,主要工作如下:（1）研究了动态网格虚拟组织环境下的声誉评价机制。提出一种模糊集信任度量方法,按QoS属性分类度量,采用7个等级评价服务,综合评价值得出信任向量。仿真实验表明此方法较以往方法更好地刻画了网格服务的行为特征。针对网格节点上所有网格服务的行为特征给出网格节点的局部声誉度量方法。通过提出一种声誉覆盖网构建、运行与维护协议,实现了局部声誉值的汇聚。分析和仿真表明,此协议能够较好地抑止窜改和协同欺骗行为并适应了网格环境的特点。（2）提出了基于层次角色委托的服务网格虚拟组织授权执行模型。模型支持委托角色授予与撤销功能以及相应的关联性限制特性。通过加入信任度细化了关联性限制的表达粒度;通过定义角色树作为委托授权的基本单位并对角色树进行剪枝,改善了部分委托实现的难度;通过定义带信任度的委托传播树细化了对委托传播限制的控制。提出的委托凭证全面支持了角色委托的临时性、关联性、部分性、传播性限制需求。对模型中的委托授权执行规则做了形式化描述,并证明了执行规则能够细粒度地控制委托授权的执行过程。实例展示表明此模型满足了网格应用对委托限制多方面的需求。（3）提出了一套适合服务网格授权决策的使用控制模型SG_UCON_ABC以及相应的策略规范。分别针对基于授权谓词决策的UCON_A、基于义务行为决策的UCON_B和基于条件谓词决策的UCON_C表达能力弱的缺陷,提出了相应的SG_UCONA、SG_UCON_B和SG_UCON_C模型。在模型中,用委托凭证处理过程的状态组合替换原来简单的访问状态,决策组件根据请求时系统状态输出合理的委托凭证,根据系统状态的变化再决策可转换委托凭证的处理状态。为了验证SG-UCON_ABC的授权策略表达能力,给出了其相应的形式化策略规范,并证明了其完备性和正确性。实例展示表明,SG UCON_ABC及其策略规范有效地避免了相同访问请求重复产生委托凭证问题、能够细粒度地表达授权策略、输出合理的决策结果。（4）提出了一种细粒度的网格虚拟组织授权决策服务。此服务实现了网格授权属性的可变性和授权决策的连续性,并依据系统状态变化进行连续的授权决策来改变委托凭证的处理状态,而委托凭证处于激活状态时才能被授权执行服务使用,可以满足权限按需激活的要求。通过Petri网技术将主要决策过程模型化为Petri网来验证其正确性,验证结果表明其不会出现死锁、停止不前的状态,并且决策过程所处的状态是有限的,能够处理授权决策中实际出现的各种情况。（5）扩展了网格虚拟组织授权系统对工作流授权的支持。定义了委托步和委托结构体以及它们之间的依赖关系,它能形式化地描述流程任务间的内在约束关系。阐述了委托步的生命周期模型,依据它可方便地描述授权流状态的动态更新过程。提出的虚拟组织工作流授权执行控制算法确保了工作流授权执行过程不会违背委托人的意愿。实例展示表明了此模型满足职责分离和最小特权原则。更多还原

【Abstract】 Virtual organization is defined as flexible,secure,coordinated resource sharing among dynamic collections of individuals,institutions,and resources.Constructing virtual orginazation on demand in a dynamic and timely manner is suitable for the diversity of grid applications and the dynamic characteristic of grid resources.But current reputation mechanisms for dynamic virtual organization constructing and authorization mechanisms for dynamic virtual organization running are incomplete.For example,the expansibility of centralized reputation models is bad,distributed reputation models mostly depend on distributed hash table technology to implement global reputation management;authorization systems of virtual organization lack authorization enforcement function,whereas their authorization decision processes also lack the capability of continuous decision and policy specifications do not express fine-grained authorization policies for resources.The above problems are researched deeply in this paper.The main work and contributions are presented in the following aspects:(1)To suit for the characteristic of dynamic virtual orginazation,a new reputation mechanism is proposed.The existing distributed reputation mechanisms can not efficiently solve the problems of grid environment,and the trust measurement methods can not nicely depict behaviors of grid service.A fuzzy set method of trust measurement is proposed,which adopts seven grades to evaluate grid service according to the QoS attributes and the trust vector of grid service is calculated with evaluation values.The experimental results show this method is better than the existing methods.Based on behaviors of grid service, local reputation values of grid nodes are obtained,and aggregated through proposed Reputation Overlay Network(RON).The theoretical analyses and experimental results show that,RON can efficiently restrain the forgery and collusion attack,and satisfy demands of more nicely calculating global reputation.(2)To control authorization enforcement process in a fine-grained manner and satisfy restricted delegation requirements of grid applications,a hierarchical-role based delegation authorization enforcement model for virtual organization is proposed.The dynamic characteristic of delegation role granting or revocation and the associated constraint of delegation role granting are effectively supported.The fine-grained associated role dependency is implemented by adding trustworthiness. Partial delegation problem is easily solved by defining the role tree as the basic unit of delegation authorization and by the pruning of the role tree.The delegation spread tree with trustworthiness is defined to implement multi-step delegation in a fine-grained manner.The delegation certification is proposed to fully express temporary delegation, associated role delegation,partial delegation,multi-step delegation.Based on above works,a set of formal delegation authorization enforcement rules is proposed and proved,and the delegation authorization enforcement process is effectively controlled by it.The exhibited example shows that the model satisfies various restricted delegation requirements of grid applications.(3)To keep free from weak capabilities of expression of the usage control model based on authorization predicate(UCONA),based on obligation action(UCON_B),and based on condition predication decision(UCON_C),their improved models and the corresponding policy specifications are proposed,respectively.The delegation certification is used to express decision response in a fine-grained manner,and the UCONA,UCON_B,and UCON_C are improved as SG_UCON_A(UCON_A for service grid),SG_UCON_B(UCON_B for service grid),and SG_UCON_C(UCON_C for service grid),respectively.Delegation certification processing statuses are defined to replace the simple access status.Decision component can make the reasonable delegation certification based on the system status when a request arrives,and also make decision to change the delegation certification processing status when the system status is changed.To verify expressive capabilities of the above models,the corresponding policy specifications are given,and their completeness and soundness are proved.The exhibited example shows that,they can avoid generating the delegation certification for the same access requests repeatedly,express authorization policy in a fine-grained manner,and export reasonable decision responses.(4)To implement mutability of authorization attribute and continuity of authorization decision in virtual organizations for service grid,a fine-grained grid authorization decision service is proposed.This service can maintain processing status of delegation certification when the system status is changed,such as changing its status according to response of continuous authorization decision.Delegation certification can be used by authorization enforcement service only when its processing status is‘using_dc’,which satisfy the requirement of enabled permission on demand in grid application.Authorization decision process is modeled in Petri nets,and its correctness is verified in this paper. The validation result shows there are not deadlock,stop and infinite circle in the authorization decision process,and the statuses of this process are limited and the various instances are dealt with in it.(5)To dynamically manage the permissions through tasks and tasks’status of workflow in virtual organization,an authorization enforcement model for workflow was proposed.Delegation step,delegation unit and their dependency relationships are defined to formally describe inherent restriction relationships between flow tasks,which can more nicely describe an authorization workflow.A life period model of delegation step is defined,which can more nicely describe the status update process of an authorization workflow.The authorization enforcement process of workflow can be controlled by the proposed workflow authorization enforcement algorithm in a fine-grained manner.The exhibited example shows that the model can satisfy security requirements of workflow application in virtual organization.更多还原