节点文献
基于策略的网格安全框架研究
【作者】 王娟;
【导师】 焦素云;
【作者基本信息】 长春工业大学 , 计算机应用技术, 2010, 硕士
【摘要】 网格是近几年来研究较为热门的一项技术,它是建立在传统网络之上的超级计算机,实现计算资源、存储资源、数据资源、信息资源、知识资源等的全面共享。随着研究的深入和网格技术应用范围的扩大,网格所要面临的直接问题就是网格系统的安全问题。本文首先介绍了网格所面临的安全问题和安全需求,介绍了网格安全框架的研究现状。其次,分析了GSI网格安全模型的相关技术。第三,结合以往网格安全模型的特点,提出并设计了基于策略的网格安全框架,包括认证模块、访问控制模块、安全审计模块和策略模块。针对认证技术,首先分析了Kerberos和X.509的优缺点,在此基础上,提出了一种基于Kerberos和X.509的混合认证模型,不仅确保网格系统的安全,还提高了认证效率。针对访问控制技术,根据不同域的安全级别,采用不同的访问控制策略,提高了系统的灵活性。最后,描述了框架的运行流程,设计了框架的接口,实现了基于概念格的策略存储和冲突检测机制,测试了框架的可行性,对实验数据进行了分析。本文的创新之处在于:首次提出基于策略的网格安全框架,通过策略使安全体系结构模型具有良好的扩展性,能够适应动态的环境,更好地克服以往网格安全框架的不足。
【Abstract】 Grid computing has been researched broadly in recent years. Gird is a super computer which is built on the traditional network. It can share the computing resources, storage resources, data resources, information resources, and knowledge resources. Grid system security problem becomes critical with its deeper research and widen application.This paper first introduced the security issues and security requirements which were faced by grid technology. Secondly, I analyzed the related technologies of GSI grid security model. Thirdly, combining the characteristics of the old grid security models, I proposed and designed grid security framework based on policy. The new framework included the authentication module, access control module, security audit module and policy module. For the authentication technology, I analyzed the advantages and disadvantages of Kerberos and X.509 and proposed a mix authentication model which is based on Kerberos and X.509. It not only ensured grid security of the system, but also improved the efficiency of the authentication. For the access control technology, I used different accesses control strategies for different security levels. This improved the flexibility of the system. Finally, I described the running processes of the framework, designed the interface, implemented the policy storage and conflict detection mechanism based on concept lattice, tested the feasibility of the framework, and analyzed the data.The innovation of this paper is the proposal of the GSFBP (Grid Security Framework Based on Policy). Policies made the security framework more flexible and extensible to dynamic environments, overcoming the disadvantages of the traditional security framework.