Date of Award
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
Security plays an important role for a large distributed system in an open community. Without enough knowledge about the user, it is hard to make access decision to the local resources. Current Public Key Infrastructure (PKI) uses a trusted third party, called Certificate Authority (CA), to check the identity of the users. The assumption of PKI is that every entity trusts CA absolutely and equally. This is also a weakness of PKI. The security problem in a Single-Sign-On (SSO) environment is more difficult to manage. Most of the current SSO security approach relies heavily on the pre-established trust relationship. This prevents wider adoption of SSO and greatly affects the local autonomy of the security policy making. Such SSO approaches have been employed recently in the Security Assertion Mark-up Language (SAML). Based on the Dempster-Shafer theory and derived subjective logic, we propose an authorization-enhanced framework for large-distributed systems using a Single-Sign-On security approach. We extended the SAML assertion set to include opinions of the assertion issuer about the user. Based on the assertion issuer's opinion about the user and the trust relationship between the asserting party and accepting party, new assertion is generated at each local site. The probability expectation about the user's trustworthiness is computed. This value provides a reference for the system to make the access control decision. Two sub-frameworks will be discussed. The first is a Peer-to-Peer model involving two parties and a technique of discounting opinions. The second is a multi-party model. In the latter case, opinions about the user from many asserting parties are considered and computed using a consensus operator to combine opinions. A numerical study is performed to compare these two models. We also compare this approach with other work related with trust management. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2003 .C48. Source: Masters Abstracts International, Volume: 42-03, page: 0959. Adviser: Robert Kent. Thesis (M.Sc.)--University of Windsor (Canada), 2003.
Cheng, Haiyan., "Authorization-enhanced security framework for OGSA support." (2003). Electronic Theses and Dissertations. 1248.