| Based on the Networked Manufacturing (NM), with Open Grid Service Architecture (OGSA) as the system framework, and Globus Toolkit as the developing tools, some specifications as standard, Manufacturing Grid (MG) is the application of Grid technology in the manufacturing field to realize the resource sharing and collaborative working. However, for the MG, with the trend towards the application of business, the security is becoming more and more important. It is difficult for the MG to come into application because of doubt of security. Therefore, the reliable and extensive security architecture is significant for the MG, because it is the safeguard for the MG. Without the strong MG security architecture, it is impossible for the MG to come into business.While sharing is put emphasis on, the security is ignored in the early phase of the Internet. Nowdays, the Grid has encounted the same problem. The Grid Security Architecture has not been perfect enough to meet the reality. Moreover, the MG is more complicated than the computing Grid, so the Grid Security Architecture could not satisfy the MG's requirement of security. Therefore, it is necessary for us to do some research work on the security of MG when we are developing the MG system.Based on Ontology, this dissertation proposed the Ontology based Manufacturing Grid Model for Security (OBMGMS) to abstract and synthesize the concept and the relationship in the field of MG security. In OBMGMS, it introduces the character of distributed organization composed by the unit and cell in MG. The unit is task-centered and the cell is the organization which provides the service.Resources are various with different characters and related with different operations. Therefore, they should be defined different security level. In the MG, the task can be decomposed to subtasks, one of which is responsible for by the only one cell. There are contexts related to the entities which reflect the dynamic character of MG. The OBMGMS provides the theory for the foundation of the MG security architecture and the realization of authentication and authorization in the MG.Based on the MG Architecture and OGSA, MG Security Architecture (MGSec) is proposed to meet the MG requirement according to the MG characteristic such as complicated organization structure, various manufacturing resource, long-term and large-scare involved cooperation. In the MGSec, there is Security Basic Infrastructure layer to realize the organization, certificate and policy management. With the help of this layer, it is easy to start the cooperation between the cells and it can reduce the cost of cooperation too. The layer of Global Security Service supports global authentication and authorization under the dynamic context. The Self-control Cell Layer realizes the local policy management, authorization and authentication between the cells and users. Users access the sharing service through the MGSec Portal.After doing researches in the status of dynamic organization, a context-restricted authentication mechanism is proposed. This authentication can also be applied in the any other virtual organization system. There are three certificate formats in the MG, one of which is the user's short-term certificate. The validate time of the short-term user's certificate is related with the lifetime of unit which can solve the problem caused by the dynamic characteristic of MG. The authentication process between cells and users is introduced.The Manufacturing Grid Access Control Model (MGAC) based on the Role-based Access Control (RBAC) adopts the global fine-degree and local coarse-degree authorization policy. The services which should be used in the task are enabled to use for the organization which is responsible for the task.The enabled property of the services should be adjusted when the status of tasks are transfer. The global fine-degree authorization policy considers the character of the resource type and service hiberarchy while the coarse-degree authorization policy is based on the trusts of the cells and unions. The system roles and business roles are managed apart, and the Task-Role Model is proposed to realize the management of the dynamic business roles.Finally, the Manufacturing Grid security system is developed and implemented. Its feasibility and rationality are validated by building up a test-bed of Shanghai University, and the experiences obtained from which are quite useful for further application.
|
PDF Full Text Request