高级检索

    分布式的SPKI/SDSI2.0证书链搜索算法

    Distributed Credential Chain Discovery in SPKI/SDSI2.0

    • 摘要: 信任管理是一种适用于大规模分布式网络的访问控制机制,SPKI/SDSI2.0是目前信任管理体系中最成熟、最普及的一个.可目前已有的SPKI/SDSI2.0证书链搜索算法都是集中式的,而SPKI/SDSI2.0系统是一种分布式系统,证书是以分布式方式分发和存储的.针对此问题,首先给出一种合理的SPKI/SDSI2.0分布式证书存储策略,其中的证书是对象方完全可追溯的(subject-traces-all).在此基础上,提出了一种分布式的SPKI/SDSI2.0证书链搜索算法DCCDS,它是面向目标的(goal-directed).理论分析表明,算法具有较高的执行效率,而且可以实现对委托深度(delegation depth)的细粒度控制.

       

      Abstract: Trust management is an approach to access control in a distributed environment. SPKI/SDSI2.0 is the most popular trust management system at present. But the existing credential chain discovery algorithms in SPKI/SDSI2.0 are all centralized. The needed credentials are either provided by users or it is assumed that they have been distributed to local machines before search, but SPKI/SDSI2.0 is a distributed system, in which the credentials are often issued and stored in a distributed manner. To address this problem, a reasonable distributed credentials storage scheme is proposed in this paper. Each credential is stored in one place and all the credentials are subject-traces-all. Based on this scheme, DCCDS (distributed credential chain discovery in SPKI/SDSI2.0) is put forward. Unlike other algorithms, DCCDS neednt reduce credentials and compute the name-reduction closure of a set of credentials. DCCDS searches all the name credentials for one princpal, at the same time, looks for the authorization credentials to all those name credentials. Finally, depth-first search is used to determine whether there exists a chain from self to the requestor. DCCDS is goal-directed, and it could gather automatically relevant name and authorization credentials which are needed. It is shown by theoretical analysis that DCCDS has a higher efficiency; moreover, it could solve the problem of delegation depth elegantly.

       

    /

    返回文章
    返回