对网格计算系统安全结构的改进

【作者】 陈玲；

【导师】 郝玉洁； 张彬；

【作者基本信息】 电子科技大学 ， 软件工程， 2007， 硕士

【摘要】 网格是近年来发展起来的新兴技术,并已成为越来越重要的研究领域。网格安全问题是网格计算中的一个核心问题,对网格安全问题的研究与分析同样刻不容缓。在网格环境中,所有的单机系统或机群系统都可以作为一个节点,以提供和消费资源。节点之间通过网络互连,实现对资源的共享和协同应用。网格资源具有动态变化,广域分布,数量类型巨大等特点,这就决定了网格环境中的安全问题比一般网络环境下的安全问题更复杂,而且在网格环境下出现了许多新的安全问题,传统的网络安全技术已经不能很好地满足网格安全需求,因此网格安全研究是个重要、复杂而艰巨的工作。本文首先介绍了网格技术的基础知识和网格的安全需求、安全策略等,深入剖析了网格安全基础设施GSI的不足之处,针对GSI越权访问和代理滥用的问题对其进行了改进,在用户代理和资源代理之间引入中介模块,同时,在改进的GSI结构中,考虑资源申请的效率问题,提出网格树型拓扑结构,并描述了在此结构中申请网格资源的过程;探讨了网格安全访问控制策略,针对GSI访问控制策略的不足,提出了基于Agent的访问控制策略模型,分析了该模型的基本原理和过程;认真研究了“信息安全业务基础平台”中的安全开放技术规范——开放安全技术框架(OPENSTF),描述了其总体结构、安全中间件以及分布式核心,提出了架构网格计算系统安全体系结构的五点要求,根据这些要求,设计了一个五层的安全体系结构,并将安全中间件部署到此安全体系结构中,使安全体系结构具有更好的扩展性;最后结合这一体系结构,引出一种分层的网格计算系统安全架构模型,并与原有的OGSA安全架构进行了比较。通过这些讨论和研究,本文从理论上给出了一些网格计算系统安全体系结构的解决方案,为以后网格安全技术的研究和发展提供了借鉴和指导。更多还原

【Abstract】 Grid is a rising technology developed in recent years, it becomes an increasingly important field of research. Grid resources have the characteristics of changing dynamically, widely distributed, enormous quantity types, so grid computing concerns more security problems than any other common problems, and a lot of new security problems have appeared in the grid environment .So the research of grid security has become a very important, complex and tough job.This article first introduces the grid technology elementary knowledge and the grid security requirements, the security policies and so on; thoroughly analysis the grid security infrastructure inadequacies of the GSI, against unauthorized access and abuse of agents has been improved, introduces the intermediary module between the user agent and the resources proxy, simultaneously, in the improvement GSI structure, considers the efficiency of the resources, proposes the grid tree topology, and describes applied for the grid resources in this structure of the process; Has discussed the grid safe access control strategy , in view of the GSI access control strategy insufficiency, proposes based on the Agent access control strategy model, has analyzed basic principle and the process of this model; Earnestly has studied the Open Security Technical Framework (OpenSTF), describes its overall structure, the security middleware as well as the distributional core, proposes five requests of the grid computing system security architecture, according to these requests, has designed a five-story structure of the security system, and the security middleware has been deployed into the security system structure, then it has better scalability; Finally unifies this system structure, draws out one kind of stratified grid computing system security architecture model, and has carried on the comparison with the original OGSA security framework.By these discussion and research, this paper presents a few grid secure solutions from theory. It is a reference and direction for research and development of grid secure technology in the future.更多还原