信息网格环境下的综合信任度评价模型

网格环境下的实体动态变化使得在实体的可靠运行与资源合理使用方面存在安全隐患,为了解决在动态网格环境下的安全问题,该文针对网格环境的动态特性,提出了一种评价动态实体信任度的模型。在给出了信任机制的几个主要概念的基础上,利用直接信任度、间接信任度、综合信任度构建了综合信任度评价模型(STDEM),并具体量化了各种信任度的评价参数,为网格系统中节点的可信性提供了一种评价方案。通过仿真实验对STDEM模型的相关参数进行了分析,并将综合信任度评价模型应用到了具体的数据网格系统中,验证了模型的有效性。     

A novel trust enhanced grid authentication mechanism

To improve trustworthiness in grid authentication, a novel trust enhanced grid authentication mechanism （TEGAM） is proposed in this paper where trust is divided into trust on grid entity （GE） and trust on third party （TP）. In order to obtain precise trust evaluation on GE＇s behaviors, trust on GE is further subdi- vided into trust as service consumer and trust as service provider. Details for the structure of TEGAM and related TEGAM-based authentication process are also given. Simulation results and prop- erty analysis show that, compared with current trust-based grid authentication techniques, TEGAM can not only help establish explicit and dynamic trust relationships among grid entities but also will significantly increase the efficacy of grid authentication.     

Time-Based Dynamic Trust Model Using Ant Colony Algorithm

The trust in distributed environment is uncertain, which is variation for various factors. This paper introduces TDTM, a model for time-based dynamic trust. Every entity in the distribute environment is endowed with a trust-vector, which figures the trust intensity between this entity and the others. The trust intensity is dynamic due to the time and the inter-operation between two entities, a method is proposed to quantify this change based on the mind of ant colony algorithm and then an algorithm for the transfer of trust relation is also proposed. Furthermore, this paper analyses the influence to the trust intensity among all entities that is aroused by the change of trust intensity between the two entities, and presents an algorithm to resolve the problem. Finally, we show the process of the trusts＇ change that is aroused by the time＇s lapse and the inter-operation through an instance.     

网络安全信任模型的研究

信任模型在分布式安全系统中起着非常重要的作用,普遍情况下模型都是通过量化实体行为和计算实体信任度来评估实体间的信任关系的。信任模型就是解决整个网络中实体如何得到其他实体合理信任值的问题。在获取信任值的基础上,实体间建立一定的信任关系,达到提高网络交易安全性的目的。信任和信任关系在安全系统中有着广泛的应用,文章针对近年来网络信任模型研究中存在的问题总结出了信任模型研究的热点和方向。     

基于二叉推荐树的可信评估模型

在网络安全领域,可信被定义为一个实体期望另外一个实体执行某个特定动作的可能性大小。为了加强网络的安全性,允许某个结点去评估其他结点的可信性是非常重要的。本文主要讨论的是对可信事件的推荐评估。首先介绍了可信的相关概念和特性;接着,网络被抽象成一个有向图,在该图中,顶点代表实体或用户,边被看成可信关系,这样,评估过程可以看成是在有向图当中寻找最短路径问题,通过对影响推荐信任的因素分析,得到间接信任计算公式,为每个结点建立一个二叉推荐树,用来存储该结点能够推荐的结点以及这些结点推荐信任值,并在每个周期后动态地调整和整理该二叉推荐树;最后,对该模型的有效性进行了分析。     

基于主观逻辑的Web服务信任模型

为解决当前Web服务网络中存在的一些与信任相关的安全问题、提高Web服务的安全性和可靠性，基于主观逻辑，文中提出了一个改进的自适应Web服务信任模型iWSTrust及相应的信任度和声誉评估算法，该模型利用主观逻辑对Web服务网络中的实体进行信任建模和推理，并增加可信任的第三方机构来保存信任信息，通过综合考虑Web服务环境中的各个相关实体，分析一次典型交易过程中所涉及的信任关系，并对不同类型的服务请求者进行区分，使得实体的信任度和声誉能够随着交易经验的增加而自适应地改变。模拟实验结果表明，iWSTrust能在一定程度上减少访问到恶意实体的次数，并惩罚进行欺骗的实体。     

一个用于多个实体信任度评估的模糊数学模型

以信任度评价指标的可用性、可靠性、完整性、安全防护性、可维护性、以及机密性等6个因素为出发点,建立信任评价指标体系.在此基础上,考虑到信任的主观性及主体对客体评价、判断所具有的模糊性,选用模糊综合评价方法,建立一种与数字系统信任管理相关的,可用于多个实体信任度评估的数学模型.对3个样本实体的信任状况进行实证研究,结果可为数字系统的信任管理提供依据.     

Trust calculation and delivery control in trust-based access control

Trust management system has been a promising approach to solve the access control problems in open multi-domain environments. However, the calculation of trust and the delivery of the trust are not addressed effectively in the existing trust management systems. To address the problems, this paper proposes a scheme of trust calculation and delivery control. Compared with the other schemes, it is simpler and more flexible, and also easier to be implemented.     

复杂跨组织协同中基于深度信任推理的服务组合

以云计算环境下跨组织协同中服务提供者(SP)与服务消费者(SC)的深度信任推理及演化过程为研究对象,通过构建服务直接交互信任关系为主、公共信誉反馈为辅的QoS评价及修正方法,建立支持复杂跨组织协同的基于深度信任推理的服务组合策略。该策略在前期研究基础上,利用概率密度函数来表征服务实体间的信任度,通过研究基于概率密度函数的服务间接信任关系的计算、传递及合并方法,最后设计了基于深度信任推理的服务组合算法。仿真实验表明:该方法能有效评价服务参与者的信任度,提高复杂跨组织协同环境中服务组合的质量。     

网格环境下一种基于分类的行为信任模型

在网格环境中,针对不同上下文环境下实体之间的交互行为,提出了一种新的基于分类的行为信任模型.模型根据信任等级对实体进行相应分类,在此基础上与实际社会相结合引入了交互事件重要性因子,惩罚因子,惩罚加速因子等,实现了实体动态的主体特征.分析和仿真表明,模型在性能上得到了一定程度的提高,并对恶意实体的恶意交互行为起到了一定的抑制作用.     

A Dynamic Active Multicast Group Access Control Framework Based on Trust Management System

The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members＇ access control and distributing authorization of traditional IP multicast.     

A New Kind of Subjective Trust Model

Based on the outstanding characteristics of Cloud Model on the process of transforming a qualitative concept to a set of quantitative numerical values, a formalized model of subjective trust is introduced by which we can transform between qualitative reputation and quantitative voting data. The present paper brings forward algorithms to compute direct trust and recommender trust. Further more, an effective similarity measuring method used to distinguish two users＇ reputation on knowledge level is also proposed. The given model properly settles the uncertainty and fuzziness properties of subjective trust which is always the weakness of traditional subjective trust model, and provides a step in the direction of proper understanding and definition of human trust.     

Self-Organized Public-Key Management for Mobile Ad Hoc Networks Based on a Bidirectional Trust Model

In traditional networks , the authentication is performed by certificate authoritys（CA）,which can＇t be built in distributed mobile Ad Hoc Networks however. In this pa per, we propose a fully self-organized public key management based on bidirectional trust model without any centralized authority that allows users to generate their public-private key pairs, to issue certificates, and the trust relation spreads rationally according to the truly human relations. In contrast with the traditional self-organized public-key management, the average certificates paths get more short, the authentication passing rate gets more high and the most important is that the bidirectional trust based model satisfys the trust re quirement of hosts better.     

Analysis and Application for Integrity Model on Trusted Platform

To build a trusted platform based on Trusted Computing Platform Alliance (TCPA)‘s recommendation, we analyze the integrity mechanism for such a PC platform in this paper. By combinning access control model with information flow model, we put forward a combined process-based lattice model to enforce security. This model creates a trust chain by which we can manage a series of processes from a core root of trust module to some other application modules. In the model,once the trust chain is created and managed correctly,the integrity of the computer‘s hardware and sofware has been mainfained, so does the confidentiality and authenticity. Moreover, a relevant implementation of the model is explained.     

一种新的分布式网络环境信任评估模型

针对分布式网络中缺乏权威机构导致网络中的实体缺乏足够的全局信息,使实体的信任度难以评估的问题. 综合考虑具有全局性与客观性的声誉值及具有局部性与主观性的信任值,提出一种新的基于声誉计算规则、信任推荐规则、声誉加权规则及信任计算规则的4规则信任评估模型. 通过模拟实验将该信任模型与抗攻击信任度模型的安全性进行了比较. 仿真实验表明,该信任模型在安全性问题上较已有模型有一定的改进.     

一种基于广义传递闭包的信任评估模型TREM

提出了一个基于信任路径的信任关系评估模型．该模型根据用户之间信任关系度量值和信任经验得出信任评估结果,然后将其递归地应用于计算其他用户的信任组合值,形成信任关系的完整集合．从实验结果来看,该模型适合于信任状态信息的收集和评估的自动化实现,信任评估过程对于噪声和恶意用户而言是健壮的,信任评估结果较为客观地反映出信任关系的多变性、不确定性和互依赖性．     

Design and Implementation of a Bootstrap Trust Chain

The chain of trust in bootstrap process is the basis of whole system trust in the trusted computing group （TCG） definition. This paper presents a design and implementation of a bootstrap trust chain in PC based on the Windows and today＇s commodity hardware, merely depends on availability of an embedded security module （ESM）. ESM and security enhanced BIOS is the root of trust, PMBR （Pre-MBR） checks the integrity of boot data and Windows kernel, which is a checking agent stored in ESM. In the end, the paper analyzed the mathematic expression of the chain of trust and the runtime performance compared with the common booring process. The trust chain bootstrap greatly strengthens the security of personal computer system, and affects the runtime performance with only adding about 12% booting time.     

P2P网络中基于交易代价的信任模型研究

文中借鉴人类社会对交易过程中信任的评估和习惯,提出了一种在P2P网络中基于交易代价的信任评估模型,着重考虑了节点之间交易代价对信任值变化的影响,并给出了信任值计算的方法和仿真实验.实验结果表明该信任评估模型在对节点恶意行为的识别上,其成功率上要优于不考虑节点之间交易代价的模型.     

网格信任模型的研究

研究如何在网格中建立基于行为的信任模型,排除内部恶意节点,提高系统的安全可靠程度.提出一种新型的基于行为的信任计算模型来处理网格环境中实体间的信任关系,该模型对域内信任关系和域间信任关系分别采取不同的方法进行处理,能够评估实体与实体间的信任关系,从而解决网格环境中存在的某些安全问题.     

一种改进的DyTrust信任模型

为了提高DyTrust模型信任评价的准确度,解决信任模型的粒度比较粗糙以及节点的个体经验对信任评价带来影响的问题,在DyTrust模型的基础上,通过对节点所提供的服务进行细化和引入经验因子的方法,提出了一种改进的信任评价算法.与DyTrust模型的比较和分析表明,改进后的模型精化了信任算法的粒度,提高了信任评价的准确度,体现了节点的个性化特性,在反馈可信度的算法方面有较大的改善,同时该反馈可信度算法具有较好的可扩展性.