Research On Simple Public Key Infrastructure Based Trust Management

Recently, tremendous growth of large-scale distributed systems has been fueled by the rapid proliferation of the Internet and the advances in distributed computing technologies. From the secure viewpoint, these distributed systems are composed of multi domains. The domains must cooperate to share the subset of their protected resources, while preventing these resources from unauthorized access. Ensuring security in such an environment poses serious challenges, and access control is one of the key problems. However, traditional access control models are developed in the central environments and can not be used effectively in Distributed Environment. Based on trust management technologies, some research work has been done. Unfortunately, there remain many challenging problems.The credential chain discovery problem has not been investigated sufficiently, which is a main obstacle to the widespread deployment of TM systems. Firstly, the credential chain discovery problem in Simple Public Key Infrastructure is discussed, and is extended to support the threshold subject. Then, the distributed credential chain discovery algorithm in Simple Public Key Infrastructure is proposed. In this algorithm, some credential graphs are used to denote the credential and credential chains. It is shown that the algorithm has good soundness and completeness, it is more flexible and efficient and has better performance in distributed enviroments.The problem of secutity analysis in Simple Public Key Infrastructure mainly includes Directionary Access Control and Delegation Control. Delegation is a core concept in TM systems, which express the trust among different entities. As trust is not transitive, delegation must be limited. Most TM systems have considered the desire to limit the delegation depth. However, they didn't limit the delegation width, and most TM systems have not provided sufficient expressive power as to the delegation depth. At first, the delegation depth control approach in TM systems is discussed. And then use the Integer Control instead of Bool Control in Authorization Credential, and add the depth control into Name Credential with two methods. Finally, the temp key is used to support the Width Control in Authorization Credential.