./oumal
()f
Cnmpuler Applications
计耳机应用,
2015
,
35(7):
1858
一
1864
ISSN
1001-9081
CODEN JY
Il
DU
2
0l
5-
07 -
10
hup: / /www. joca. en
文辛纠
~ijJ
,}:
1001- 9081
(2015)07
-1858-07
doi:
10.
11772/j.
issn.
1001-908
1.
2015. 07. 1858
基于交错螺旋矩阵加密的自动信任协商模型
李健利莲,谢悦,王艺谋,丁洪蓦
(11
命力;防
~r
有1)
c:tì
11
'H
llf
斗'于'与技术子:[览,
I
怆尔滨
1500(1)
(在.ìlli
i
占作者也fI1J1
í
i'
i
;j
lijianli(!ll
hrbeu.
c
巾
cn)
摘
要:辛十对自动信任协商(
ATN)
中的敏感信息保护问题,提出了基于交错螺旋矩阵加密(
ISME)
的自动信任协
商模型
u
此模型采用交错螺旋矩阵加密算法以及策略迁移法,对协商中出现的
3
种敏感信息进行保护。与传统的螺
旋矩阵加密算法相比,交错螺旋矩阵加密算法增加了奇偶数位和二元纽的概念。为了支好地应用所提模型,在该协
商模型的证书中,引入了属性密钥标志位的概念,从而在二次加密时更有效地记录密钥所对应的加密敏感信息,同时
列举了在协商模型中如何用加密函数对协商规则进行表示
3
为了提高所捉摸型协商成功率和效率,提出了。
-1
图策
略校验算法。该算法利用图论中的有向图构造了
6
种基本命题分解规则,可以有效地确定由访问控制策咯抽象而成
的命题种类。之后为了证明在逻辑系统中此算法的语义概念与语法概念的等价性,进行了可靠性、完备性证明。仿真
实验表明,该模型在
20
次协商中策略披露的平均条数比传统
ATN
模型少
15.2
条且协商成功率提高了
21.7%
而协商
效率提高了
3.6%
0
关键词:自动信任协商;敏感信息保护;访问控制策咯;交错螺旋矩阵加密
;0-1
图策略校验耳法
中图分类号:
1'P3
93.08
文献标志码
:A
Automated trust negotiation model based on interleaved spiral matrix encryption
LI
Jianli
,
XIE
Yue
,
WANG
Yimou
,
DING
Hongqian
( College
of
Computer
Science
α ná
TechTwlogy,
/{,
α
rbin
Engineering University, H
,
α
rbin
Heilongji
α
ng
150001
,
Chin
α)
Absìracì:
1'he Automated 1'rust Negotiation
(A
1'
N)
Model based on Interleaved Spir
a.l
Matrix
Encrγption
(ISME)
was
proposed for the protection of sensitive infonnation in the automated trust negotiation. The interleaved spiral matrix encryption
and policy migration were used in the model to protect three kinds of sensitive information of negotiation. Compared with
the
traditional spiral matrix encryption algorithm, the concept of odd-even bit
and
triple were added into the interleaved spir
a.l
matrix encryption algorithm. In order
to
make the model adapt the application better, the concept of key attributes
f1
ag was
introduced in the celtification of negotiations
, and thus it recorded the sensitive infonnation which corresponded to the
encrypled key effectively. Meanwhile
,
how
to
represent the negotiation rules through encryption function was listed in the
negotiation mode
l. 1'0 increase efficiency and success rate of lhe model, the 0-1 graph policy parity algorithm was proposed.
1'he decomposition rules of six basic propositions were constructed by directed graph of graph theory in the 0-1 graph policy
parity algorithm.
1'he propositions abstracted
by
the access control policies could be detennined effectively and
the
reliability
and completeness was testified to prove the equivalence of semantics concept and syntax concept in logistic system. Finally
,
the simulation results demonstrate that the model of the average number of disclosure strategy is
15.2
less than the tradition
a.l
model in
20
negotiations. 1'he successful rate of the negotiation is increased by 2
1.
7%
and the efficiency of the negotiation is
increased by
3.
6 %
Key
WOI
由
Automated
1'rust Negotiation
(A
1'
N);
sensitive infonnation protection; access control policy; Interleaved
Spir
a.l
Matrix Encryption
(ISME);
0-1 graph policy parity algorithm
。
引言
Winsborough
等
[IJ
提出的自动信任协商
(Automated
Trust
Negotiation
, A1'
N)
,已经成为网络安全中一个全新的研究领
域。自动信任协商是通过资源访问者和资源拥有者利用证
书、访问策略的互相披露,从而为处于不同安全城之间的主体
建立信任,来达到交换资源的目的。它与传统的访问控制差
异较大,普通的访问控制对于不同的安全域不能进行有效控
制,而自动信任协商正是为了弥补这个缺陷而被提出的。传
统的自动信任协商模型对敏感信息并没有起到很好的保护作
用,且默认访问控制策略有效,而实际应用中会出现无效的访
问控制策略
[2]
因此,对敏感信息保护和访问控制策略的有
效性校验成为
A
1'
N
研究中二个重要方向。
自动信任协商中,敏感信息的保护主要有以下
3
种方式:
对资源内容敏感的保护、对资源拥有敏感的保护和对信息在
非安全物理信道中传输时的保护
[3]
。目前尚无一种自动信
收稿日期
:2015-02-11
;修回日期
:2015-03-30
0
基金项目
:1
国家自然科学:基金资助项目
(61073042)
c
作者简介:李他利
(1963
- )
,刃,山东
)tr
二
l
人,副教技,主要研究
Jní'J:
讪问控制、
I~j
L;}
J
信任协商:
谢悦
(1989
- )
,刃,河北石家庄人,
T~~j:
fiJJ
究生,主要研究方向:自动仨
dl
'I的部;
二
l
艺谋(
1
990
- ) ,
;;
J
.辽宁丹东人哼硕士研究!:[~.
.
~于要研究方问:白矿
IJfff{
T:协商
rïJ
口主(
[990
人男
.111
尔奈安人,硕
i
丁!tI
f
究吧
.ì
二要叫究方
1"1:
1;1
;dJCH
T:协副