• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
高级检索

分布式的SPKI/SDSI2.0证书链搜索算法

耿秀华, 韩 臻, 金 砺, 王青龙

耿秀华, 韩 臻, 金 砺, 王青龙. 分布式的SPKI/SDSI2.0证书链搜索算法[J]. 计算机研究与发展, 2008, 45(7).
引用本文: 耿秀华, 韩 臻, 金 砺, 王青龙. 分布式的SPKI/SDSI2.0证书链搜索算法[J]. 计算机研究与发展, 2008, 45(7).
shu
Geng Xiuhua, Han Zhen, Jin Li, Wang Qinglong. Distributed Credential Chain Discovery in SPKI/SDSI2.0[J]. Journal of Computer Research and Development, 2008, 45(7).
Citation: Geng Xiuhua, Han Zhen, Jin Li, Wang Qinglong. Distributed Credential Chain Discovery in SPKI/SDSI2.0[J]. Journal of Computer Research and Development, 2008, 45(7).
shu

分布式的SPKI/SDSI2.0证书链搜索算法

  • 1(北京交通大学计算机与信息技术学院 北京 100044) 2(太原师范学院计算机系 太原 030012) (wwwgeng@tom.com)

Distributed Credential Chain Discovery in SPKI/SDSI2.0

  • 1(School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044) 2(Department of Computer, Taiyuan Normal Institute, Taiyuan 030012)

摘要

    摘要
  • 摘要: 信任管理是一种适用于大规模分布式网络的访问控制机制,SPKI/SDSI2.0是目前信任管理体系中最成熟、最普及的一个.可目前已有的SPKI/SDSI2.0证书链搜索算法都是集中式的,而SPKI/SDSI2.0系统是一种分布式系统,证书是以分布式方式分发和存储的.针对此问题,首先给出一种合理的SPKI/SDSI2.0分布式证书存储策略,其中的证书是对象方完全可追溯的(subject-traces-all).在此基础上,提出了一种分布式的SPKI/SDSI2.0证书链搜索算法DCCDS,它是面向目标的(goal-directed).理论分析表明,算法具有较高的执行效率,而且可以实现对委托深度(delegation depth)的细粒度控制.
    Abstract: Trust management is an approach to access control in a distributed environment. SPKI/SDSI2.0 is the most popular trust management system at present. But the existing credential chain discovery algorithms in SPKI/SDSI2.0 are all centralized. The needed credentials are either provided by users or it is assumed that they have been distributed to local machines before search, but SPKI/SDSI2.0 is a distributed system, in which the credentials are often issued and stored in a distributed manner. To address this problem, a reasonable distributed credentials storage scheme is proposed in this paper. Each credential is stored in one place and all the credentials are subject-traces-all. Based on this scheme, DCCDS (distributed credential chain discovery in SPKI/SDSI2.0) is put forward. Unlike other algorithms, DCCDS neednt reduce credentials and compute the name-reduction closure of a set of credentials. DCCDS searches all the name credentials for one princpal, at the same time, looks for the authorization credentials to all those name credentials. Finally, depth-first search is used to determine whether there exists a chain from self to the requestor. DCCDS is goal-directed, and it could gather automatically relevant name and authorization credentials which are needed. It is shown by theoretical analysis that DCCDS has a higher efficiency; moreover, it could solve the problem of delegation depth elegantly.
    • HTML全文
    • 参考文献(0)
    • 相关文章
    • 施引文献
    • 资源附件(0)
计量
  • 文章访问数:  426
  • HTML全文浏览量:  0
  • PDF下载量:  495
  • 被引次数: 0
出版历程
  • 发布日期:  2008-07-14

目录

摘要
HTML全文
    参考文献(0)
    相关文章
    施引文献
    资源附件(0)

    /

    返回文章
    返回
    邮件订阅 RSS
    微信订阅号<br/>(实时资讯)

    微信订阅号
    (实时资讯)

    微信服务号<br/>(同步网站)

    微信服务号
    (同步网站)

    微信视频号<br/>(视频分享)

    微信视频号
    (视频分享)

    CCF<br/>(扫码入会)

    CCF
    (扫码入会)

    版权所有 © 《计算机研究与发展》编辑部

    本系统由北京仁和汇智信息技术有限公司开发  百度统计