A Dynamic Active Multicast Group Access Control Framework Based on Trust Management System

The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members＇ access control and distributing authorization of traditional IP multicast.     

Research progress of trust evaluation model

Software systems in distributed environment are changing from a close and relatively static form, whose users are familiar with each other, to an open and highly dynamic mode, which can be visited by public. In such circumstance, trust evaluation model becomes focus of intense research at current time. Trust evaluation model establishes a management framework of trust relationship between entities, involving expression and measurement of trust, comprehensive calculation of direct trust value and recommended trust value, and recognition of malicious entities and recommendations. Based on the analysis of several typical trust evaluation models, the classification of trust evaluation ideas and modes is discussed, the questions existing in current research and the directions of future research are pointed out.     

Self-Organized Public-Key Management for Mobile Ad Hoc Networks Based on a Bidirectional Trust Model

In traditional networks , the authentication is performed by certificate authoritys（CA）,which can＇t be built in distributed mobile Ad Hoc Networks however. In this pa per, we propose a fully self-organized public key management based on bidirectional trust model without any centralized authority that allows users to generate their public-private key pairs, to issue certificates, and the trust relation spreads rationally according to the truly human relations. In contrast with the traditional self-organized public-key management, the average certificates paths get more short, the authentication passing rate gets more high and the most important is that the bidirectional trust based model satisfys the trust re quirement of hosts better.     

Privacy-preserving trust negotiation with hidden credentials and hidden policies in a multi-party environment

Until now, there are numerous protocols that can achieve privacy-preserving trust negotiation between two parties involved, but there is no effective privacy-preserving trust negotiation schemes proposed between multi-users. In this paper, a privacy-preserving trust negotiation scheme with multi-parties is proposed, which can protect their credentials and access control policies during the procedure for establishing the trust between multi-strangers, and its privacy-preserving ability also is proved. These works extend the trust negotiation mechanism to multi-users, which can be thought as a substantial extension of the state-of-the-art in privacy-preserving trust negotiations between two parties involved.     

Design and Implementation of a Bootstrap Trust Chain

The chain of trust in bootstrap process is the basis of whole system trust in the trusted computing group （TCG） definition. This paper presents a design and implementation of a bootstrap trust chain in PC based on the Windows and today＇s commodity hardware, merely depends on availability of an embedded security module （ESM）. ESM and security enhanced BIOS is the root of trust, PMBR （Pre-MBR） checks the integrity of boot data and Windows kernel, which is a checking agent stored in ESM. In the end, the paper analyzed the mathematic expression of the chain of trust and the runtime performance compared with the common booring process. The trust chain bootstrap greatly strengthens the security of personal computer system, and affects the runtime performance with only adding about 12% booting time.     

一种基于信任的动态访问控制策略

基于角色的访问控制模型（role-based access control,RBAC）被普遍认为是当前最具有潜力的访问控制策略,已成为信息安全等领域研究的热点之一,然而传统的RBAC模型不能完全适合网格环境下的访问控制。针对网格环境下传统的RBAC中资源共享的伸缩性和恶意行为问题,在传统RBAC模型的基础上引入信任管理技术,提出一种新的动态的访问控制方式。这种新型的访问控制方式根据用户所属的信任等级动态调整用户的角色,在信任计算中,采用一种基于忠诚度的信任计算方法。仿真结果显示,该访问控制方式能有效地遏制恶意行为,并且可以解决伸缩性问题。     

A novel trust enhanced grid authentication mechanism

To improve trustworthiness in grid authentication, a novel trust enhanced grid authentication mechanism （TEGAM） is proposed in this paper where trust is divided into trust on grid entity （GE） and trust on third party （TP）. In order to obtain precise trust evaluation on GE＇s behaviors, trust on GE is further subdi- vided into trust as service consumer and trust as service provider. Details for the structure of TEGAM and related TEGAM-based authentication process are also given. Simulation results and prop- erty analysis show that, compared with current trust-based grid authentication techniques, TEGAM can not only help establish explicit and dynamic trust relationships among grid entities but also will significantly increase the efficacy of grid authentication.     

专利权信托之探讨

在我国,专利权转化率极低的现状阻碍着科技的发展和创新。专利权信托制度作为一种有效的财产管理制度,是一种全新的专利成果转化途径。本文认为专利权信托有利于我国的专利权转化,但由于我国目前配套制度的缺失,导致专利权信托在实践中存在着诸多问题,针对这些问题文中提出了相应的解决方法。以期专利权信托制度在我国能够顺利的进行。     

Analysis and Application for Integrity Model on Trusted Platform

To build a trusted platform based on Trusted Computing Platform Alliance (TCPA)‘s recommendation, we analyze the integrity mechanism for such a PC platform in this paper. By combinning access control model with information flow model, we put forward a combined process-based lattice model to enforce security. This model creates a trust chain by which we can manage a series of processes from a core root of trust module to some other application modules. In the model,once the trust chain is created and managed correctly,the integrity of the computer‘s hardware and sofware has been mainfained, so does the confidentiality and authenticity. Moreover, a relevant implementation of the model is explained.     

Time-Based Dynamic Trust Model Using Ant Colony Algorithm

The trust in distributed environment is uncertain, which is variation for various factors. This paper introduces TDTM, a model for time-based dynamic trust. Every entity in the distribute environment is endowed with a trust-vector, which figures the trust intensity between this entity and the others. The trust intensity is dynamic due to the time and the inter-operation between two entities, a method is proposed to quantify this change based on the mind of ant colony algorithm and then an algorithm for the transfer of trust relation is also proposed. Furthermore, this paper analyses the influence to the trust intensity among all entities that is aroused by the change of trust intensity between the two entities, and presents an algorithm to resolve the problem. Finally, we show the process of the trusts＇ change that is aroused by the time＇s lapse and the inter-operation through an instance.     

A New Kind of Subjective Trust Model

Based on the outstanding characteristics of Cloud Model on the process of transforming a qualitative concept to a set of quantitative numerical values, a formalized model of subjective trust is introduced by which we can transform between qualitative reputation and quantitative voting data. The present paper brings forward algorithms to compute direct trust and recommender trust. Further more, an effective similarity measuring method used to distinguish two users＇ reputation on knowledge level is also proposed. The given model properly settles the uncertainty and fuzziness properties of subjective trust which is always the weakness of traditional subjective trust model, and provides a step in the direction of proper understanding and definition of human trust.     

Adaptive Trust Management Framework in P2P Grid Computing

In P2P Grid computing systems, the authorization decision is often tackled by two different trust management methods： policy-based approach, where authorization are built on logical rules and verifiable properties encoded in signed credentials, and reputation-based approach, based on collecting, aggregating and disseminating reputation among the peers. However, the overhead caused by proof of compliance on authorization and the absence of certifying authorities may negate the strong and objective security advantages of policy-based approach, whilst vagueness, complexity and inaccurate characterization caused by reputation evolution may eliminate the quantitative and flexible advantages of reputation-based approach. We propose an adaptive trust management framework, which combines the merit of policy proof and reputation evolution such that authorization is aware of not only the strong and objective security traits, but also the calculability and the availability security traits. Finally, the framework of system is proposed.     

网络安全信任模型的研究

信任模型在分布式安全系统中起着非常重要的作用,普遍情况下模型都是通过量化实体行为和计算实体信任度来评估实体间的信任关系的。信任模型就是解决整个网络中实体如何得到其他实体合理信任值的问题。在获取信任值的基础上,实体间建立一定的信任关系,达到提高网络交易安全性的目的。信任和信任关系在安全系统中有着广泛的应用,文章针对近年来网络信任模型研究中存在的问题总结出了信任模型研究的热点和方向。     

基于二叉推荐树的可信评估模型

在网络安全领域,可信被定义为一个实体期望另外一个实体执行某个特定动作的可能性大小。为了加强网络的安全性,允许某个结点去评估其他结点的可信性是非常重要的。本文主要讨论的是对可信事件的推荐评估。首先介绍了可信的相关概念和特性;接着,网络被抽象成一个有向图,在该图中,顶点代表实体或用户,边被看成可信关系,这样,评估过程可以看成是在有向图当中寻找最短路径问题,通过对影响推荐信任的因素分析,得到间接信任计算公式,为每个结点建立一个二叉推荐树,用来存储该结点能够推荐的结点以及这些结点推荐信任值,并在每个周期后动态地调整和整理该二叉推荐树;最后,对该模型的有效性进行了分析。     

Trustworthiness Technologies of DDSS

The most significant strategic development in information technology over the past years has been ＂trusted computing＂ and trusted computers have been produced. In this paper trusted mechanisms adopted by PC is imported into distributed system, such as chain of trust, trusted root and so on. Based on distributed database server system （DDSS）, a novel model of trusted distributed database server system （TDDSS） is presented ultimately. In TDDSS role-based access control, two-level of logs and other technologies are adopted to ensure the trustworthiness of the system.     

基于贝叶斯网络和用户行为日志挖掘的行为信任研究

深入研究信任管理和行为信任的模型及方法,设计基于贝叶斯网络的信任预测和控制算法,综合利用聚类和分布密度函数设置算法参数,建立可量化的证据与信任等级之间的对应关系,算法可预测多属性下的行为信任等级.深入IIS和.Net底层实现可配置的信任管理插件,形成用户行为日志,为预测和控制算法提供证据, 免除了一般Web日志的清洗工作.实验数据表明算法的应用提高了服务器各项性能,并约束了用户的商业行为.     

P2P系统中基于属性约减的可信度评价

由于P2P系统的开放、匿名等特点,传统的访问控制和认证方法已无法在P2P系统中对信任协商进行有效的支持.本文利用信任协商机制和多信任域技术对P2P系统进行安全管理.针对信任凭证在信任协商过程中存在的安全隐患,通过属性的使用记录实现信任凭证中属性集的约减,并给出一种基于属性集的可信度评估方法.该方法减少了访问者属性信息的不必要暴露,提高了信任协商交互的可靠性和安全性.     

基于关系的信任的数学定义及评价模型

针对目前组织合作中的信任定义及度量不统一,特别是信任没有精确的数学定义等问题,首先利用经典数学关系和模糊关系分别给出了客观信任和主观信任的数学定义和性质,然后根据经典关系与模糊关系的融合给出了基于客观信任优先的信任的数学定义及其度量的概念模型.借用模糊聚类的思想,构建了信任的评价模型.     

Personalized Trust Management for Open and Flat P2P Communities

A personalized trust management scheme is proposed to help peers build up trust between each other in open and flat P2P communities. This scheme totally abandons the attempt to achieve a global view. It evaluates trust from a subjective point of view and gives personalized decision support to each peer. Simulation experiments prove its three advantages： free of central control, stronger immunity to misleading recommendations, and limited traffic overload.     

基于主观信任和推荐的信任模型

研究了分布网络环境中交易实体的信任问题,分析了信任的含义并考虑影响信任行为的外部环境因素,结合主观判断和推荐,构建了一种新型信任模型并引入惩罚机制,建立信任更新协议。