计算机应用与软件
計算機應用與軟件
계산궤응용여연건
COMPUTER APPLICATIONS AND SOFTWARE
2014年
11期
289-291,320
,共4页
自动信任协商%信任证%披露策略%访问控制
自動信任協商%信任證%披露策略%訪問控製
자동신임협상%신임증%피로책략%방문공제
Automated trust negotiation%Credential%Disclosure policy%Access control
为了降低自动信任协商中的信任证披露开销,引入资源披露策略树的概念。通过在IKEv2初始交换消息的安全关联载荷中加入完整性级别域和机密性级别域,使之支持自动信任协商策略的安全交换,从而为资源披露策略树的构建提供数据基础。给出最优信任证披露序列搜索算法,它可以从资源披露策略树中搜索效率最优的信任证披露策略。
為瞭降低自動信任協商中的信任證披露開銷,引入資源披露策略樹的概唸。通過在IKEv2初始交換消息的安全關聯載荷中加入完整性級彆域和機密性級彆域,使之支持自動信任協商策略的安全交換,從而為資源披露策略樹的構建提供數據基礎。給齣最優信任證披露序列搜索算法,它可以從資源披露策略樹中搜索效率最優的信任證披露策略。
위료강저자동신임협상중적신임증피로개소,인입자원피로책략수적개념。통과재IKEv2초시교환소식적안전관련재하중가입완정성급별역화궤밀성급별역,사지지지자동신임협상책략적안전교환,종이위자원피로책략수적구건제공수거기출。급출최우신임증피로서렬수색산법,타가이종자원피로책략수중수색효솔최우적신임증피로책략。
In order to lower the overhead of credentials disclosure in automated trust negotiation (ATN), we introduce the notion of re-source disclosure policy tree (RDPT).By adding an integrity level field and a confidentiality level field to the secure associated load of initial exchange messages of IKEv2 protocol, the RDFPT is allowed to support the secure exchange of ATN policy, thus the data base is provided for the construction of RDPT.We present the optimal credential disclosure sequence search algorithm, which can search from RDPT the creden-tial disclosure policy with best efficiency.
