【作者】 张国治；

【导师】 党小超；

【作者基本信息】 西北师范大学 ， 计算机应用技术， 2006， 硕士

【摘要】 P2P(Peer to Peer)作为年轻而又古老的技术，在资源共享和协同协作方面有着崭新的应用，目前已经成为Internet一个新的发展起点。但是该技术在计算机网络安全尤其是在信任管理和访问控制等方面存在着严重问题，P2P网络的访问控制就是这诸多问题中的一个难点。传统的访问控制都是基于身份认证的，但是P2P网络的特性决定了在P2P环境下身份认证的不现实性，因此在P2P环境下基于PKI(Public Key Infrastructure)证书管理的访问控制机制不能得到很好的应用。针对P2P的网络应用环境，本文构建了一种不同于传统访问控制的模型，这个模型采用现有的信任评价体制对P2P节点进行信任评价，并依赖评价结果对P2P节点进行信任域的划分，然后结合RBAC(Role based access control)的访问控制模型，将每个信任域指派到一类角色，最后对角色进行信任授权，从而完成用户请求到角色授权的整个过程。这个过程所使用的算法和方法简洁可行，能够实现信任管理和访问控制的完整结合。论文首先阐述了P2P网络的基本原理和存在的安全问题，并就其安全问题中的访问控制问题提出了基于信任域和RBAC结合的信任授权模型的思想。该模型弥补了传统方式下无法将信任管理和访问控制相结合的不足，使得从信任管理到访问控制的实现简单可行。该模型可以集成到各种P2P应用中，其访问控制策略也非常灵活和实用；其次，设计了信任模型的基本框架，定义了信任域及其变迁规则；设计了整个访问控制模型的框架、各个组成部分和每个部分的结构及功能；设计了授权证书和角色证书以及模型的工作流程；最后，对模型进行了分析和仿真。更多还原

【Abstract】 As a modern as well as traditional technology, P2P (peer to peer) has showed new application in the fields of resource sharing and cooperation, and has become another starting point in Internet. This technology, however, has serious problems as for Internet security, especially about trust management and access control.Traditional access control based on authentication, while the characteristics of P2P network made this approach impractical, so the access control based on PKI (Public Key Infrastructure) certificates management cannot be applied well in P2P environment. Considering the network environment of P2P, this thesis constructs a model different from the traditional. This model applies present trust evaluation system to evaluate P2P nodes, then based on this result, it divides trust domain. Combined with RBAC (Role based access control), the model assign each trust domain a role, and grant trust authorization to the roles to finish the whole process from user’s request to role authorization. The algorithm and methods used in this process are simple and feasible enough to realize complete combination between trust management and access control.This thesis, at first, put forward Trust Authorization Model based on combination of trust domain and RBAC. This model makes up the shortcoming of traditional model, i.e. trust management finding no way to combine with access control, so the realization from trust management and access control has become feasible. This model can be integrated into every application of P2P, and its access control strategies are also flexible and practical. Second, Design the basic frame of trust model, and define trust domain and transition rule. Design the trust model’s general frame, each part, and structure and function of each part. Design authorization certificate, role certificate and model’s work flow. Last, Analyzing and simulating of the model.更多还原