Research And Implementation Of Intelligent Authorization Agent In Grid

As the computing and data management infrastructure, Grid will provide the electronic underpinning for a global society in business, government, research, science and entertainment. Grid integrates networking, communication, computation and information to provide a virtual platform for computation and data management. For linking resources together as an ensemble dynamically to support the execution of large-scale, resource-intensive, and distributed applications, security is the choke point. How to use the Grid service resource efficiently and how to protect them is also the research emphasis of Grid security. For this, building efficient Grid authorization mechanism will be the key technique to solve these problems.The background of this thesis is National Natural Science Foundation of China, "Security mechanism of user cooperation in Grid Computing ". This paper inosculates Grid security with the technology and concept of Agent. A concept of Intelligent Authorization Agent in Grid is advanced. After analyzing the advantage of Agent and the problems that Grid authorization faces with, a framework of authorization agent is constructed, and its modules are also compartmentalized and expatiated concretely.After analyzing the deficiency of current authorization policy, this thesis strengthens the authorization policy by adding some new policy elements to rule database. This can reduce authorization confliction farthest and provide security guarantee and credible service. This system has some intelligent characteristic like autonomy, reactivity, collaboration, mobility and so on. So it can decrease human being and reduce the cost of management in the premises of system efficiency. After analyzing the special security demands in Grid environment, the new concept of "Minus-Authentication" is advanced on the basis of investigating current authentication system. For this, it can avoid the harm to the client resource effectively in some instances that attacker may pretend to be a server or service provider.The model is implemented in the JADE platform. As a matter of record, the expectant target is reached.