【作者】 曾帅；

【导师】 胡正名；

【作者基本信息】 北京邮电大学 ， 信号与信息处理， 2011， 博士

【摘要】 目前对普适计算安全方面的研究相对较薄弱,相对发展迅速的普适计算技术应用,安全研究的进度已经大大落后,这对普适计算由理论与实验阶段走向大规模的实际应用十分不利,对安全问题进行深入研究成为当务之急。由于普适计算具有分布性、动态性、不确定性的特点,传统的安全机制不足以应付普适计算的安全需求,其主要原因是它过分依赖于集中管理策略和静态确定的信息(包括安全策略、主体身份等)。信任作为人类社会的一个重要工具,它的主要功能是使人们能够应付由他人的自由意志所造成的不确定性。而不确定性和不可控性,也是基于计算机的协同工作中存在的问题。将人类观念中的信任观念引入计算机领域,通过建立信任管理模型,可以解决计算机领域的安全协作问题。在普适计算中建立动态信任管理模型,是本文研究的主要思路。针对上述问题,本文主要进行了以下创新性工作：(1)通过对前人工作的综合以及对信任内涵的分析,提出了一个结构清晰、适合普适计算环境、建模指导性较强的形式化信任定义,详细分析了信任特征,为进一步的信任管理提供依据与基础。(2)基于本体论对信任建模能够提供客观存在的本质认识,发挥本体论在信息表示与组织上的优势。针对已有的信任本体模型不能合理描述普适计算信任内涵的问题,基于面向对象的骨架法,提出一个基于描述逻辑的普适计算信任领域本体模型。对模型的评估和分析结果表明,该本体模型能够合理地描述普适计算信任领域的本质,满足概念一致性、逻辑规范等多项检查指标。(3)针对现有的信任管理模型不能很好地处理信任条件传递性的问题,提出了一种基于推荐审计的普适计算信任管理模型(Recommendation Audit based Trust Management Model,RATM),该模型将策略表示为将输入因素属性映射到信任值域的函数集合,在合成信任传递路径中充分考虑了领域相关性、路径长度、推荐可信度等信任传递的前置条件,解决了现有基于推荐的模型存在的忽略传递条件性引起的不准确信任评估的问题；RATM采用推荐审计机制,对推荐者的资格进行审查,在合成之前过滤了来自不可靠推荐者的信息。仿真结果及分析表明,该模型可以有效识别恶意推荐节点,从而抵抗恶意反馈攻击。(4)提出一个面向智能空间自治域的分布式信任管理框架。针对SPKI应用于智能空间的局限性,基于SPKI和智能空间自治域建立起实体的全局唯一标识；在授权证书中用委托信任度代替原委托字段,综合实体信誉、实体所在域的信任度、授权证书委托信任度、域可信阈值等,验证授权证书链的有效性。一方面增强了资源所有者对权限委托的控制,另一方面不同于SPKI以二值逻辑表示的信任关系,较好地反映了信任的不确定性。更多还原

【Abstract】 Compared with the rapid developing ubiquitous computing technology application, the progress of security research has fell behind a lot. It is greatly bad for ubiquitous computing to transit from theory and experiments to large-scale of practical application. It’s of great urgency to study In-depth on ubiquitous computing security.As ubiquitous computing is characterized by distributivity, dynamicity and uncertainty, traditional security mechanism is not sufficient enough to meet the security needs of ubiquitous computing. The main reason is that traditional security mechanism is over dependant on centralized management strategies and information made statically (including security strategies, subject identifier, etc). As an important tool for human society, trust helps people to deal with the uncertainty caused by the free will of other people. However, uncertainty and uncontrollability also exist in cooperative work based on computers, so trust concept can also be used in computer field to solve the problems in security collaboration by establishing confidence management models. The main ideas of this paper are to establish dynamic trust management models in ubiquitous computing.Aiming at these problems, following innovative work is described in this paper.1. A formalized trust definition which has clear structure and is suitable for ubiquitous computing environment and also has greater instruction in modeling is proposed. Detail analysis on the characteristics of trust is done which further provides basis and foundation for trust management.2. Through analysis of the concepts of trust-related, abstract models of entity, trust, behavior trust, identity trust, basic trust, context trust, etc, are established based on object-oriented thinking. A formalized definition of trust ontology is proposed using basic modeling metalingual; Combined with the abstract models, trust ontology model is established based on Description Logic.3. Formalized conditions for trust transfer is proposed, a trust management model for ubiquitous computing is established, formalized description about trust evaluation and trust paths combination is carried out and illusive feedback is filtered through recommended audit mechanism.4. Self-domain model for Smart space is proposed. On this basis, a trust management framework based on intelligent space self-domain is proposed. To against sybil attacks, a global unique identifier is established based on both public keys of entities and the private key of the domain manager. Also to effectively control the delegation of SPKI certificate, a M-SPKI certificate is proposed.更多还原