网格环境安全访问控制技术研究

【作者】 严晓峰；

【导师】 朱耀琴； 吴慧中；

【作者基本信息】 南京理工大学 ， 计算机应用技术， 2008， 硕士

【摘要】 网格是用来表述一种适用于高端科学和工程的分布式计算体系结构,它试图实现互联网上所有资源的全面共享,其中包括计算资源、存储资源、通信资源、软件资源、信息资源、知识资源等。网格系统相当于提供了一台虚拟的超级计算机,具有超强的能力,它将对人类和社会产生巨大的影响。由于网格是一个开放的、动态的异构环境,这使得网格系统的安全性显得尤为重要。网格安全问题是网格计算的一个核心问题,而访问控制技术又是网格安全的核心,它在保证网格安全通信过程中起到了至关重要的作用。首先,进行了访问控制技术的研究,介绍了三种访问控制技术:自主访问控制DAC,强制访问控制MAC和基于角色的访问控制RBAC,并分析了RBAC在网格环境下的适用性,根据现有的RBAC96模型进行改进,将角色细化为用户角色和资源角色两类,提出了基于双重角色的访问控制Dual-RBAC,以更好的适应网格环境。其次,重点研究了网格项目Globus下的安全基础设施GSI(Grid SecurityInflastructure),分析了GSI的访问控制模型。针对GSI现有访问控制模型的不足之处,提出了一个改进模型——基于AS和RMS的GSI访问控制模型。它将网格虚拟组织划分为多个组织单元,并在模型中加入了授权服务器AS和角色管理服务器RMS,来共同管理对用户访问资源进行授权的过程,提高了访问控制的效率。最后,设计并实现了一个简单的基于GSI安全机制的网格服务,并且实现了一个客户端测试程序,验证了GSI的安全访问控制机制。更多还原

【Abstract】 Grid is used to describe a distributed computing architecture which is adapted for advanced science and engineering. It tries to share all of the resources on the Internet, which included computation resources, storage resources, communication resources, software resources, information resources and knowledge resources etc. The grid system is equivalent to a virtual super computer and has strong abilities. It will have a great effect on the humanity and society.Due to the open and dynamic isomerism condition of grid, the security of a grid system is more important. Grid security is a core issue of grid computation. Control access is the core technology of grid security, and it plays an important role in the process of secure communication under grid systems.Firstly, the technology of control access is researched. This paper introduces three kinds of control access models: Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC). It also analyzes the applicability of RBAC using in the grid environment. Based on the model of RBAC96, this paper divides the conception of role into user role and resource role, brings forward Dual-RBAC in order to fit grid environment better.Secondly, Grid Security Infrastructure (GSI) in the Globus project is intensively researched and access control models in GSI are analyzed in this paper. Because there are some deficiencies in the existing access control models of GSI, this paper brings forward an improved model—GSI access control model base on AS&RMS. The improved model divides a grid virtual organization into many organization units and puts an authorization server (AS) and a role management server (RMS) into each organization unit. The two servers manage the authentication and authorization jointly when a user accesses a particular resource. It can improve the efficiency of access control.Finally, a simple grid service based on the security mechanism of GSI is designed and implemented. The paper also designs a client testing program in order to validate the secure access control mechanism of GSI.更多还原