Research Of Distributed Access Control Based On The KeyNote Trust Management System

In recent years, with the popularity of Internet, the Internet based distributed computing has been developed rapidly, more and more new wide scale distributed systems, such as P2P, Grid and Web Services, have been realized. These distributed systems are open, dynamic and heterogeneous, without authoritative control center, entities inside which cannot be recognized by each other. As a critical technology in information security, the access control technology becomes more important to such open environments than ever. However, the traditional centralized access control model is not directly suitable for the distributed environments, so it is necessary to develop new access control models.The trust management has been developed to resolve the access control problems in distributed environments, which adopts transferable authority delegation mechanism, and supports strangers' accesses. Many trust management models and systems have been proposed, among which the KeyNote trust management system is the most matured and the most widely used one. The KeyNote uses credentials to distribute authorizations, and proves the accesses through the compliance check of request, credentials and local policy.Firstly, we analyzed the features and security needs for distributed network environments, and reviewed, the research situation of related theories and technologies.Secondly, we analyzed the KeyNote trust management system deeply, based on which pointed out the two week points in practical uses as the safe deliver of credential and the discovery of credential chain, and proposed the relevant improvements.Thirdly, aiming at the features and security needs of distributed network environments, integrated the advantages of KeyNote's suitability for distributed applications, and based on the improvements on KeyNote as mentioned before, we proposed a distributed access control model on the basis of KeyNote trust management, which is implemented in detail.At last, we verified the practicality of our model through the example of web access control.