基于信任管理系统的点对点网络安全问题研究
|
摘要
点对点网络安全问题研究对于点对点网络的应用具有至关重要的意义。点对点网络具有动态、自主和离散的特点。这些特点使得点对点网络的安全解决方案面临新的挑战,一些传统的安全机制不再适用于点对点网络。为此本文从点对点网络的信任管理系统入于研究点对点网络的安全问题,这些研究包括四方面的内容:如何从点对点网络的安全需求定义出点对点网络的信任关系,如何增加信任管理系统表达能力以适应点对点网络的特点,如何实现点对点网络信任关系可证明分析,如何在点对点网络环境下实现和应用信任管理系统。
本文对点对点网络安全问题的研究从网络攻击和网络应用安全需求两方面入手,分析出目前点对点网络存在网络攻击的本质原因,它和安全需求一样都与信任关系的确立有关。本文分析了为解决点对点网络安全问题,引入信任管理系统的必要性。并根据安全需求,给出了点对点网络的信任关系定义。
本文重点研究了信任管理系统的设计实现和应用,提出了基于SPKI扩展的信任管理系统——ExSPKI系统。本文详细定义了ExSPKI的证书结构,信任关系描述和系统的执行机构。ExSPKI系统定义了强命名的操作,该操作修正了SPKI系统关于复合命名的安全隐患;ExSPKI引入了操作请求和操作响应的标准形式,它使ExSPKI可以统一的处理与信任管理相关的证书数据,提高了ExSPKI的实用性,并且为ExSPKI的形式化分析提供了便利。ExSPKI在授权和委托证书中增加了条件域,该域增强了ExSPKI的灵活性和描述能力。
为了更为深入理解ExSPKI系统和对信任关系进行形式化分析,我们给出了ExSPKI基于模态逻辑的语义分析,重点是定义了限定委托的逻辑谓词和语义,并且针对Abadi研究中存在的不足提出了新的命名语义。我们设计了ExSPKI的逻辑系统,并基于该逻辑系统对ExSPKI进行了逻辑重建。通过对逻辑系统正确性的证明和对ExSPKI推理规则为逻辑系统定理的证明,保证了信任关系形式化分析的正确性。
基于ExSPKI系统,本文提出了点对点网络的安全路由协议SRP2P和点对点网络安全结构SAP2P。为了便于以上协议和结构的实现和对网络系统进行信任关系的形式化逻辑分析,我们首先设计了安全管道协议。安全管道协议提供了消息和ExSPKI证书的安全传递管道,并且它使管道两端密钥所发布的ExSPKI证书得到确认,基于这一结果可以在形式化分析时,直接引用证书的内容。
安全路由协议SRP2P使用ExSPKI所提供的信任关系定义和信任管理服务,对参与路由协议的节点资格进行审核,并在路由信息传递时发送资格证书,从而保证了路由信息的传递是在可信的对等点之间进行的。
为了满足点对点网络应用的需要本文设计了新的安全结构SAP2P。该结构引入用户代理的概念,把用户与实际运行的系统隔开,适合了点对点网络动态、自主的特点。在系统中,由用户代理完成相关的操作,减少了用户信息的暴露和密钥的使用。通过SAP2P提供的一组基于ExSPKI的协议,可以保证认证和资源访问控制符合信任关系的约束。
为了验证ExSPKI系统的有效性和执行效率,本文在JAVA环境下基于RMI接口和SSL协议实现了ExSPKI应用实例,其中RMI接口提供通信网支持,SSL提供安全管道支持。通过该实例,我们验证了ExSPKI的有效性,实验结果也表明证明序列缓冲技术可以提高ExSPKI的执行效率。同时本文还实现了JXTA平台上的SRP2P和SAP2P应用实例。
本文的研究成果推进了信任管理系统的研究,并对点对点网络安全性的增强和点对点网络应用的实际开发提供有益的借鉴。
Research on P2P (Peer-to-Peer) network plays a significantly important part in the security of P2P applications. P2P network is dynamic, independent and discrete. These features make the security solutions of P2P network confronted with new challenges. Some traditional security solutions are not adapted to P2P network. For this reason, this thesis starts the study of the security problems of P2P network with the trust management system. Thesis researches consist of four main parts, including: how to define the trust relationships in P2P network from the security requirements of P2P applications, how to enhance the expression ability to fit the features of P2P network and how to implement, how to give a provable analyse of the trust relationship and how to use the trust management system in P2P network.
This thesis studies the research of security issues of P2P network with network attacks and security requirements of P2P applications, pointing out the fundamental causes of P2P network attack which are related with trust relationship like security requirements. This thesis analyses it necessary to solve the security issues of P2P network using trust management system, and gives the definition of trust relation in P2P network according to the security requirement.
This thesis emphasizes the research of the design, implement and usage of trust management system, presenting the trust management system named ExSPKI based on the extension of SPKI. This thesis defines the forms of ExSPKI certificates, description of trust relationship and implementation framework. ExSPKI gives the definition of bound-naming which amend the security hidden trouble in the extended naming operation in SPKI; ExSPKI introduces the standard forms of request and response, which make the certificate data related with trust relationship to be deal with uniformly in ExSPKI; ExSPKI add the condition field in the authorization and delegation certificate, which enhance the agility and ability of description of ExSPKI.
To study the characters of ExSPKI deeply and give the formalization analyzing of trust relation of a system, we give the semantic analyse based on modal logic in ExSPKI. We give the limited-delegation logic predication and the semantic of it. We also design the new naming semantic based on the mend of research by Abadi on authorization computation and SDSI's naming semantic. We design the logic system of ExSPKI, and give the logic reconstructing of ExSPKI. We give the proof the correctness of the logic system and proof of the deducing rule in ExSPKI to be the theorem, which providing the logic foundation of the analyzing of the trust relation of a system.
This thesis presents the security routing protocol SRP2P and security architecture SAP2P. To make the implementation and formalization analyzing of trust relationship easily, we design the security channel protocol. The security channel protocol provides the security channel transporting the messages and ExSPKI certificates.
Based on ExSPKI, the security routing protocol SRP2P is presented. SRP2P using the trust relationship definition and trust management service looks through the qualification of joining the routing peers, which guarantees the routing message exchange between trusted peers.
To fit the requirement of P2P applications, the new security architecture SAP2P is designed. The concept of user agent is using in SAP2P, which separates the user from the P2P application and satisfy the features of P2P network. Using user agent, the exposure of user's information and the usage of user's key is cut down. The authentication and resource access control are fit the restriction of trust relation, using the protocol in SAP2P.
To validate the validity and the efficiency of ExSPKI, this thesis gives the implementation of ExSPKI in the circumstance of JAVA using RMI and SSL interface. Through the analyzing of the implementation result, we validate the validity of ExSPKI and draw the conclusion that the cache technology can improve the efficiency of ExSPKI. And the implementation of SRP2P and SAP2P based on JXTA is also presented.
To summarize, researching results in this thesis have promoted researches of security issues of P2P network and provide a good way for the development of secure P2P network applications.
本文对点对点网络安全问题的研究从网络攻击和网络应用安全需求两方面入手,分析出目前点对点网络存在网络攻击的本质原因,它和安全需求一样都与信任关系的确立有关。本文分析了为解决点对点网络安全问题,引入信任管理系统的必要性。并根据安全需求,给出了点对点网络的信任关系定义。
本文重点研究了信任管理系统的设计实现和应用,提出了基于SPKI扩展的信任管理系统——ExSPKI系统。本文详细定义了ExSPKI的证书结构,信任关系描述和系统的执行机构。ExSPKI系统定义了强命名的操作,该操作修正了SPKI系统关于复合命名的安全隐患;ExSPKI引入了操作请求和操作响应的标准形式,它使ExSPKI可以统一的处理与信任管理相关的证书数据,提高了ExSPKI的实用性,并且为ExSPKI的形式化分析提供了便利。ExSPKI在授权和委托证书中增加了条件域,该域增强了ExSPKI的灵活性和描述能力。
为了更为深入理解ExSPKI系统和对信任关系进行形式化分析,我们给出了ExSPKI基于模态逻辑的语义分析,重点是定义了限定委托的逻辑谓词和语义,并且针对Abadi研究中存在的不足提出了新的命名语义。我们设计了ExSPKI的逻辑系统,并基于该逻辑系统对ExSPKI进行了逻辑重建。通过对逻辑系统正确性的证明和对ExSPKI推理规则为逻辑系统定理的证明,保证了信任关系形式化分析的正确性。
基于ExSPKI系统,本文提出了点对点网络的安全路由协议SRP2P和点对点网络安全结构SAP2P。为了便于以上协议和结构的实现和对网络系统进行信任关系的形式化逻辑分析,我们首先设计了安全管道协议。安全管道协议提供了消息和ExSPKI证书的安全传递管道,并且它使管道两端密钥所发布的ExSPKI证书得到确认,基于这一结果可以在形式化分析时,直接引用证书的内容。
安全路由协议SRP2P使用ExSPKI所提供的信任关系定义和信任管理服务,对参与路由协议的节点资格进行审核,并在路由信息传递时发送资格证书,从而保证了路由信息的传递是在可信的对等点之间进行的。
为了满足点对点网络应用的需要本文设计了新的安全结构SAP2P。该结构引入用户代理的概念,把用户与实际运行的系统隔开,适合了点对点网络动态、自主的特点。在系统中,由用户代理完成相关的操作,减少了用户信息的暴露和密钥的使用。通过SAP2P提供的一组基于ExSPKI的协议,可以保证认证和资源访问控制符合信任关系的约束。
为了验证ExSPKI系统的有效性和执行效率,本文在JAVA环境下基于RMI接口和SSL协议实现了ExSPKI应用实例,其中RMI接口提供通信网支持,SSL提供安全管道支持。通过该实例,我们验证了ExSPKI的有效性,实验结果也表明证明序列缓冲技术可以提高ExSPKI的执行效率。同时本文还实现了JXTA平台上的SRP2P和SAP2P应用实例。
本文的研究成果推进了信任管理系统的研究,并对点对点网络安全性的增强和点对点网络应用的实际开发提供有益的借鉴。
Research on P2P (Peer-to-Peer) network plays a significantly important part in the security of P2P applications. P2P network is dynamic, independent and discrete. These features make the security solutions of P2P network confronted with new challenges. Some traditional security solutions are not adapted to P2P network. For this reason, this thesis starts the study of the security problems of P2P network with the trust management system. Thesis researches consist of four main parts, including: how to define the trust relationships in P2P network from the security requirements of P2P applications, how to enhance the expression ability to fit the features of P2P network and how to implement, how to give a provable analyse of the trust relationship and how to use the trust management system in P2P network.
This thesis studies the research of security issues of P2P network with network attacks and security requirements of P2P applications, pointing out the fundamental causes of P2P network attack which are related with trust relationship like security requirements. This thesis analyses it necessary to solve the security issues of P2P network using trust management system, and gives the definition of trust relation in P2P network according to the security requirement.
This thesis emphasizes the research of the design, implement and usage of trust management system, presenting the trust management system named ExSPKI based on the extension of SPKI. This thesis defines the forms of ExSPKI certificates, description of trust relationship and implementation framework. ExSPKI gives the definition of bound-naming which amend the security hidden trouble in the extended naming operation in SPKI; ExSPKI introduces the standard forms of request and response, which make the certificate data related with trust relationship to be deal with uniformly in ExSPKI; ExSPKI add the condition field in the authorization and delegation certificate, which enhance the agility and ability of description of ExSPKI.
To study the characters of ExSPKI deeply and give the formalization analyzing of trust relation of a system, we give the semantic analyse based on modal logic in ExSPKI. We give the limited-delegation logic predication and the semantic of it. We also design the new naming semantic based on the mend of research by Abadi on authorization computation and SDSI's naming semantic. We design the logic system of ExSPKI, and give the logic reconstructing of ExSPKI. We give the proof the correctness of the logic system and proof of the deducing rule in ExSPKI to be the theorem, which providing the logic foundation of the analyzing of the trust relation of a system.
This thesis presents the security routing protocol SRP2P and security architecture SAP2P. To make the implementation and formalization analyzing of trust relationship easily, we design the security channel protocol. The security channel protocol provides the security channel transporting the messages and ExSPKI certificates.
Based on ExSPKI, the security routing protocol SRP2P is presented. SRP2P using the trust relationship definition and trust management service looks through the qualification of joining the routing peers, which guarantees the routing message exchange between trusted peers.
To fit the requirement of P2P applications, the new security architecture SAP2P is designed. The concept of user agent is using in SAP2P, which separates the user from the P2P application and satisfy the features of P2P network. Using user agent, the exposure of user's information and the usage of user's key is cut down. The authentication and resource access control are fit the restriction of trust relation, using the protocol in SAP2P.
To validate the validity and the efficiency of ExSPKI, this thesis gives the implementation of ExSPKI in the circumstance of JAVA using RMI and SSL interface. Through the analyzing of the implementation result, we validate the validity of ExSPKI and draw the conclusion that the cache technology can improve the efficiency of ExSPKI. And the implementation of SRP2P and SAP2P based on JXTA is also presented.
To summarize, researching results in this thesis have promoted researches of security issues of P2P network and provide a good way for the development of secure P2P network applications.
引文
[1] J. R. Douceur "The Sybil attack". In First International Workshop on Peer-to-Peer Systems (IPTPS '02) Cambridge, MA, 2002.
[2] E. Sit and R. T. Morris "Security considerations for peer-to-peer distributed hash tables" In First International Workshop on Peer-to-Peer Systems (IPTPS '02).Cambridge, MA, 2002.
[3] Miguel Castro, Peter Druschel, Ayalvadi Ganesh, Antony Rowstron and Dan S.Wallach " Secure routing for structured peerto-peer overlay networks" OSDI'02:Proceedings of the 5th symposium on Operating systems design and implementation
[4] D. G. Andersen, H. Balakrishnan, M. F. Kaashoek, R. Morris, "Resilient Overlay Networks", in Proc. 18th of ACM SOSP, 2001
[5] Ion Stoica, Robert Morris, David Liben-Nowell, David R. Karger, M. Frans Kaashoek, Frank Dabek, and Hari Balakrishnan. "Chord: a scalable peer-to-peer lookup protocol for internet applications" IEEE/ACM Trans. 2003.
[6] P. Druschel and A. Rowstron. "Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems" In IFIP/ACM International conference on Distributed systems platforms (Middle ware)
[7] S. Ratnasamy, R. Francis, M.Handley, R. Krap, J. Padye, and S.Shenker. A scalable content-addressable network. In ACM SIGCOMM, 2001.
[8] I.Clarke, O.Sandberg, B.Wiley, T. W. Tong. Freenet: Adistributed anonymous information storage and retrieval system, http://freenet.sourceforge.net/
[9] The Gnutella home page,http://Gnutella.wego.com/
[10]Gavin Lowe. An attack on the Needham-Schroeder public key authentication protocol
[11]Clay Shields. What do we mean by network denial of service attacks in the proceedings of 2002 IEEE workshop on Information assurance and security.
[12]Pasi Eronen. Denial of service in public key protocols. In Proceedings of the 2001 USENIX Security Symposium, 2001.
[13]Eytan Adar and Bernardo A. Huberman Free riding on Gnutella.URL:http://www.firstmonday.dk/issues/issue5_10/adar/
[14]Groove :http://office.microsoft.com/groove.
[15]Bram Cohen. Incentives Build Robustness in BitTorrent
[16]Mayank Mishra, Kapil Kumar. Performance enhancement with passive caching in Peer-to-peer systems. http://www.cs.sunysb.edu/Mayank/cachreports.pdf
[17]PUnar Yolum Munindar P. Singh.Flexible Caching in Peer-to-Peer Information Systems. 2nd International Peer To Peer Systems Workshop (IPTPS 2003)
[18]Tyron Stading, Petros Maniatis, Mary Baker Peer-to-Peer Caching Schemes to Address Flash Crowds (2002) 1st International Peer To Peer Systems Workshop(IPTPS 2002)
[19]Jared Saia , Amos Fiaty, Steve Gribble, Anna R. Karlin, Stefan Saroiu.Dynamically Fault-Tolerant Content Addressable Networks. International Workshop on Peer-to-Peer Systems ,2002,Cambridge,MA
[20]Moni Naor , Udi Wieder. A Simple Fault Tolerant Distributed Hash Table.International Workshop on Peer-to-Peer Systems,2003 , Berkeley, CA,USA
[21]L. Lamport, R. Shostak, and M. Pease. The Byzantine Generals Problem. ACM Transactions on Programming Languages and Systems, July 1982.
[22]F. B. Schneider. Implementing Fault-Tolerant Services Using The State Machine Approach: A Tutorial. ACM Computing Surveys, December 1990.
[23]Stefan Saroiu, P. Krishna Gummadi and Steven D. Gribble. A Measurement Study of Peer-to-Peer File Sharing Systems. In Proceedings of Multimedia Computing and Networking, 2002.
[24]David Moore, Geoffrey Voelker and Stefan Savage. Inferring internet denial-ofservice activity. In Proceedings of the 2001 USENIX Security Symposium, 2001.
[25]Michael J. Freedman and David Mazi'eres.Sloppy hashing and self organizing clusters. In Proc. 2nd Intl. Workshop on Peer-to-Peer Systems (IPTPS '03) Berkeley, CA, February 2003
[26]Andrew Nash 等著,张玉清等译,公钥基础设施(PKI):实现和管理电子安全,RSA Press, 2002.12
[27]SSL :http:// www.openssl.org/
[28]Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized Trust Management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164{173.IEEE Computer Society Press, 1996.
[29]Carl Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian Thomas, and Tatu Ylonen. SPKI Certificate Theory. IETF RFC 2693, September 1999.
[30]Dan S. Wallach, Andrew W. Appel, and Edward W.Felten. SAFKASI: a security mechanism for language-based systems. ACM Transactions on Software Engineering and Methodology,9(4):341-378,October 2000.
[31]Bernard Traversat,Mohamed Abdelaziz,Mike Duigou,Jean-Christophe Hugly,Eric Pouyoul and Bill Yeage,Sun Microsystems,Inc.Project JXTA Virtual Network.October 28,2002.
[32]RFC 1510.The Kerberos Network Authentication Service(V5)
[33]R.Chen and W.Yeager,"Poblano:A Distributed Trust Model for Peer-to-Peer Networks",Sun Microsystems Technical Paper,2000,http://www.sun.com/software/jxta/poblano.pdf
[34]Matt Blaze,Joan Feigenbaum,John Ioannidis,and Angelos D.Keromytis.The KeyNote Trust-Management System,Version 2.IETF RFC 2704,September 1999.
[35]Trevor Jim.SD3:a trust management system with certi cate evaluation.In Proceedings of the 2001 IEEE Symposium on Security and Privacy,pages 106{115.IEEE Computer Society Press,2001.
[36]Security and Project JXTA,Sun Microsystems,Inc.,October 25,2001,http://www.jxta.org/project/www/docs/SecurityJXTA.PDF
[37]Jeffrey Eric Altman,CTO,PKI Security for JXTA Overlay Networks,IAM Consulting Inc.,jxta@iamx.com http://www.iamx.com,1 February 2003
[38]Gambetta,D.Can we trust trust? In:Gambetta,D.,ed.Trust:Making and Breaking Cooperative Relations.Basil Blackwell:Oxford Press,1990.213-237
[39]Frank Dabek,M.Frans Kaashoek,Davie Karger,Robert Morris,Ion Stoica.Wide-area cooperative storage with CFS.In Proceedings of ACM SOSP 2001.
[40]Dreamtech软件研发组,吴文辉等译,对等网络编程源代码解析,电子工业出版社,2002年8月第一版;
[41]Dejan S.Milojicic etc,Peer-to-Peer Computing,HP Laboratories Palo Alto,March 8th,2002;
[42]张联峰、刘乃安,综述:对等网(P2P)技术,计算机工程与应用,2003年第12期;
[43]蒋兴浩,基于PKI机制的对等网络信任管理问题研究,浙江大学博士论文,2002年11月;
[44]蒋兴浩、万晨妍等,利用SPKI证书实现分布式访问控制,电讯技术,2002年1期;
[45]李祖鹏、赵修斌等,Peer-to-Peer网络中安全对等组的实现,计算机工程与应用2003年24期;
[46]"The Peer-to-Peer Trusted Library(Release 0.2)README." Version 0.2.April 5,2001,http://sourceforge.net/docman/display_doc.php?docid=3851 &groupid= 19950(3 July 2001).
[47]Abdul-Rahman A., Hailes S. Supporting Trust in Virtual Communities. In: Hawaii Int. Conference on System Sciences 33, Maui, Hawaii, January 2000;
[48]Karl Aberer, Zoran Despotovic, Managing Trust in a Peer-to-Peer Information System, Department of Communication Systems Swiss Federal Institute of Technology (EPFL) 1015 Lausanne, Switzerland {karl.aberer,zoran.despotovic}@epfl.ch
[49]R. Rivest SEXP (S-Expressions), draft-rivest-sexp-00.txt, Internet Draft, May 4,1997 http://theory.lcs.mit.edu/~rivest/sexp.txt;
[50]Sameer Ajmani, How to Resolve SDSI Names Without Closure, MIT Computer Science and AI Lab, http://pmg.lcs.mit.edu/~ajmani/papers/sdsi-algos.pdf;
[51]JSDSI: A Java SPKI/SDSI implementation, 2002.http://jsdsi.sourceforge.net.
[52]S. Ajmani, D. Clarke, C.-H. Moh, and S. Richman.ConChord: Cooperative SDSI certificate storage and name resolution. In Proceedings International Workshop on Peer-to-Peer Systems (IPTPS), Mar. 2002.
[53]D. Clarke, J. Elien, C. Ellison, M. Fredette, A. Morcos, and R. L. Rivest. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 2001.
[54]C. M. Ellison and D. E. Clarke. High speed TUPLE reduction. Memo, Intel, 1999.
[55]N. Li, W. H. Winsborough, and J. C. Mitchell. Distributed credential chain discovery in trust management. In Proc. 8th ACM CCS, Nov. 2001.
[56]Ordignon F, Tolosa G. Gnutella: distributed system for information storage and searching model description [DB/OL].http://www.gnutella.co.uk/library/pdf/paperfinalgnutellaenglish.pdf, 2001-08-1/2001-10-11.
[57] William F. Dowling and Jean H. Gallier. Lineartime algorithms for testing the satisfiability of propositional horn formulae. Journal of Logic Programming,1(3):267-284, 1984.
[58]B Traversat, M Abdelaziz, M Duigou, J C Hugly, E Pouyoul, B Yeager. Project jxta virtual network [DB/OL]. http://www.jxta.org/project/www/docs/ JXTAprotocols.pdf.2002-10-08/2002-11-01.
[59]Foster I, Kesselman C, Tsudik G, Tuecke S. A security architecture for computational grids [A]. In Proceedings of 5th ACM Conf on Computer and Communications Security [C]. New York: ACM Press, 1998. 83-92.
[60]SETI@home: http://boinc.berkeley.edu/.
[61]A O Freier, P Karlton, P C Kocher. The SSL protocol version 3.0 [DB/OL].http://wp.netscape.com/eng/ssl3/ssl-toc.html, 1996-03/2005-11.
[62]Olav Bandmann and Mads Dam. A note on SPKI's authorization syntax. In Pre-Proceedings of 1st Annual PKI Research Workshop, April 2002. Available from http://www.cs.dartmouth.edu/pki02/.
[63]B.Lampson, M.Abadi, M. Burrows, and E.Wobber. Authentication in distributed systems: theory and practice. ACM Transactions on Computer Systems,10(4):265-310, November 1992.
[64]C.Meadows. Formal verification of cryptographic protocols: a survey. Volume 917 of Lecture Notes in Computer Science, pages 135-150. Springer Verlag, November 1994.
[65]P R Zimmermann. The official PGP user's guide [M]. MIT Press, 1995.
[66]Ninghui Li. Local names in SPKI/SDSI. In Proceedings of the 13th IEEE Computer Security Foundations Workshop, pages 2-15, July 2000.
[67]IETF RFC 2704, The KeyNote trust management system [S].
[68]Sameer Ajmani, Dwaine E Clarke, Chuang-Hue Moh, Steven Richman. ConChord: cooperative SDSI certificate storage and name resolution [A]. In Proceedings of IPTPS'02 [C]. Cambridge, MA, USA: Springer Verlag, 2002. 141-154.
[69]Zhang Dehua, Ma yong. Distributed trust relationship in P2P network [R]. NCNIPC,2005.
[70]Joseph Y. Halpern and Ron van der Meyden. A logical reconstruction of SPKI. In Proceedings of the 14th IEEE Computer Security Foundations Workshop, pages 59-72, June 2001.
[71]M S. Corson and J. Macker. Mobile ad hoc networking (manet): Routing protocol performance issues and evaluation considerations (rfc2501), January 1999.http://www.ietf.org/rfc/rfc2501.txt.
[72]J. Kleinberg. The small-world phenomenon: An algorithmic perspective. In 32nd ACM Symposium on Theory of Computing, 2000.5. Raph Levien. Attack resistant trust metrics. Draft Ph.D. Thesis, at U.C. Berkeley.
[73]J Li, J Stribling, TM Gil, R Morris, and F Kaashoek. Comparing the performance of distributed hash tables under churn. In International Workshop on Peer-to-Peer Systems (IPTPS04), 2004.
[74] Sergio Marti, Prasanna Ganesan, and Hector Garcia-Molina. SPROUT: P2P rout-ing with social networks. In First International Workshop on Peer-to-Peer and Databases (P2P&DB 2004), March 2004.
[75]Butler Lampson, Martin Abadi, Michael Burrows, and Edward Wobber.Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265-310, November 1992.
[76]Roger M. Needham. Denial of service: an example. Communications of the ACM,37(11):42{46, 1994.90.
[77] S Rhea, D Geels, T Roscoe, and J Kubiatowicz. Handling churn in a dht. In USENIX Annual Technical Conference, June 2004.
[78]Ninghui Li, Benjamin N. Grosof, and Feigenbaum. Delegation logic: A logic-based approach to distributed authorization. ACM Transactions on Information and System Security, 6(1): 128-171, February 2003.
[79]Emil Sit and Robert Morris. Security considerations for peer-to-peer distributedhash tables. In Proceedings for the 1st International Workshop on Peer-to-Peer Systems (IPTPS 02), Cambridge, Massachusetts, March 2002.
[80]Ben Y. Zhao, John D. Kubiatowicz, , and Anthony D. Joseph. Tapestry:Aninfrastructure for fault-resilient wide-area location and routing. Technical Report UCB//CSD-01-1141,U. C.Berkeley, April 2001.
[81]Jon Howell and David Kotz. A formal semantics for SPKI. In Proceedings of the Sixth European Symposium on Research in Computer Security (ESORICS 2000),volume 1895 of Lecture Notes in Computer Science, pages 140-158.Springer-Verlag, 2000.
[82]C. E. Perkins, editor. Ad Hoc Networking. Boston: Addison-Wesley, 2001.
[83]Mart'in Abadi. On access control, data integration, and their languages. In Andrew Herbert and Karen Sprck Jones, editors, Computer systems: Papers for Roger Needham. 2003. The volume, with minor updates, may be published by Springer-Verlag.
[84]Mart'in Abadi, Michael Burrows, Butler Lampson, and Gordon Plotkin. A calculus for access control in distributed systems. ACM Transactions on ProgrammingLanguages and Systems, 15(4):706—734, October1993.
[85]Andrew W. Appel and Edward W. Felten. Proofcarrying authentication. In Proceedings of the 5th ACM Conference on Computer and Communications Security, pages 52-62, November 1999.
[86]Lujo Bauer, Michael A. Schneider, and Edward W. Felten. A general and flexible access-control system for the Web. In Proceedings of the 11th USENIX SecuritySymposium 2002, pages 93-108, 2002.
[87]Elisa Bertino, Barbara Catania, Elena Ferrari, and Paolo Perlasca. A logical framework for reasoning about access control models. ACM Transactions onlnformation and System Security, 6(1):71-127, February 2003.
[88]Ninghui Li and John C. Mitchell. Datalog with constraints: A foundation for trust-management languages. In Proceedings of the Fifth International Symposium on Practical Aspects of Declarative Languages (PADL 2003), volume 2562 of Lecture Notes in Computer Science, pages 58-73. Springer-Verlag, January 2003.
[89]Ninghui Li, John C. Mitchell, and William H. Winsborough. Design of a role-based trust-management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114-130, May 2002.
[90] Jason Crampton, George Loizou, and Greg O'Shea. A logic of access control. The Computer Journal,44(2):137-149, 2001.
[91]John DeTreville. Binder, a logic-based security language. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 105-113, May 2002.
[92]Ninghui Li, William H. Winsborough, and John C. Mitchell. Beyond proof-of-compliance: Safety and availability analysis in trust management. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, May 2003. To appear.
[93]EdwardWobber, Mart'in Abadi, Michael Burrows, and Butler Lampson.Authentication in the Taos operating system. ACM Transactions on Computer Systems, 12(1):3-32, February 1994.
[94]Morrie Gasser, Andy Goldstein, Charlie Kaufman, and Butler Lampson. The Digital Distributed System Security Architecture. In Proceedings of the 1989 National Computer Security Conference, pages 305-319, October 1989.
[95]Adam J. Grove and Joseph Y. Halpern. Naming and identity in epistemic logics, I:The propositional case. Journal of Logic and Computation, 3(4):345-378, 1993.
[96]Joseph Y. Halpern and Ron van der Meyden. A logic for SDSI's linked local name spaces. Journal of Computer Security, 9(1-2):47-74, 2001.
[97]Yao Wang, Julita Vassileva. Bayesian Network-Based Trust Model. In: Proc of IEEE/WIC International Conference on Web Intelligence (WI'03). Halifax, Canada.2003. 372- 378
[98]Yao Wang, Julita Vassileva. Bayesian Network-Based Trust Model in Peer-to-Peer Networks. In: Proc of IEEE Conference on P2P Computing.Linkoeping, Sweden. IEEE Press. September 2003. 150-157
[99]Yao Wang, Julita Vassileva. Trust and Reputation Model in Peer-to-Peer Networks. In: Proc of IEEE Conference on P2P Computing. Linkoeping, Sweden.September 2003.150-157
[100] Abdul-Rahman, A., Hailes, S. A distributed trust model. In: Proceedings of the 1997 New Security Paradigms Workshop.Cumbria,UK:ACM Press,1998.48-60.http://www.ib.hu-berlin.de/~kuhlen/VERT01/abdul-rahman-trust-model 1997.pdf.
[101]Secure Electronic Transaction(SET) specification.Available from http://www.visa.com/cgi2bin/vee/sf/set/intro,html? 2 + 0,1996
[102]石文昌,孙玉芳.多级安全性策略的历史敏感性.软件学报,2003,14(1):91-961
[103]Blaze,M.,Ioannidis,J.,Keromytis,A.Trust management for IPSec.In:Proceedings of the Internet Society Symposium on Network and Distributed Systems Security(SNDSS 2001).2001.139-151.http://www.cis.upenn.edu/~strongman/papers/tmipsec,pdf.
[104]Blaze,M.,Ioannidis,J.,Keromytis,A.Offline Micropayments without Trusted Hardware.In:Syverson,F.ed.Financial Cryptography 2001.Lecture Notes in Computer Science 2339,Berlin:Springer Verlag,2002.
[105]黄建,卿斯汉,温红子.带时间特性的角色访问控制.软件学报.2003,14(11):1944-1954
[106]董光宇,卿斯汉,刘克龙.带时间特性的角色授权约束.软件学报.2002,13(8):1521-1527
[107]NingHui Li.Delegation Logic:A Logic-based Approach to Distributed Authorization[Doctor Thesis].New York University.2000
[108]Roger M.Needham and Michael D.Schroeder,"Using Encryption for Authentication in Large Networks of Computers," Communications of the ACM,21:12,pp.993-999,December 1978
[109]徐峰,吕建:Web安全中的信任管理研究与进展.软件学报,2002,11(13):2057-2064.
[110]刘洁.不确定推理及其在多智能体环境下的应用:[博士学位论文].合肥:中国科学技术大学,2000.5
[111]单智勇.多安全策略支持框架研究及其在安全操作系统中的实践:[博士学位论文].北京:中国科学院软件研究所,2002.12
[112]Martin Abadi.On SDSI's Linked Logcal Name Spaces.Journal of Computer Security,6:1-2(1998),pp.3-21.
[113]徐锋.开放协同软件环境中信任管理研究:[博士学位论文].南京:南京大学计算机软件研究所,2003.4
[114]Blaze,M.,Feigenbaum,J.,Strauss,M.Compliance Checking in the PolicyMaker Trust Management System.In:Hirschfeld,R.,ed.Proceedings of the Financial Cryptography'98.Lecture Notes in Computer Science 1465,Berlin:Springer-Verlag, 1998.254-274.
[115] Gong L, Needham R, Yahalom R. Reasoning about belief in cryptographic protocols. In: Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy. Los Alamitos: IEEE Computer Society Press,1990. 234-248.
[116] Abadi M, Tuttle MR. A semantics for a logic of authentication. In: Proceedings of the 1 Oth ACM Symposium on Principles of Distributed Computing. ACM Press,1991.201-216.
[117] van Oorschot PC. Extending cryptographic logics of belief to key agreement protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security. ACM Press, 1993. 233-243.
[118] Khare, R., Rifkin, A. Trust management on World Wide Web. World Wide Web Journal, 1997,2(3):77-112.
[119] Blaze, M., Feigenbaum, J., Ioannidis, J., et al. The role of trust management in distributed systems security. In: Secure Internet Programming: Issues for Mobile and Distributed Objects. Berlin: Springer-Verlag, 1999. 185-210.
[120] C. E. Perkins and E. M. Royer. Ad hoc on-demand distance vector routing. In Proceedings of the 2nd IEEE Workshop on Mobile Computing Systems and Applications (WMCSA'99), 1999. http://citeseer.nj.nec.com/article/perkins97adhoc.html.
[121] M. G. Zapata and N. Asokan. Securing ad hoc routing protocols. In Proceedings of ACM Workshop on Wireless Security (WiSe '02), pages 1-10, Atlanta, USA,September 2002. ACM Press. http://doi.acm.org/10.1145/570681.570682.
[122] Building Highly Dynamic Battlefield Network Infrastructure for Boeing U.S. Army Future Combat Systems Using JXTA Technology : TS-3527, 2006 http://developers.sun.com/learning/javaoneonline/2006/coolstuff/TS-3527.html
[123] D. Clarke, J. Elien, C. Ellison, M. Fredette,A. Morcos, and R. L. Rivest.Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 2001.
[124] Abrams, M. D., Heaney, J. E., King, O., LaPadula, L. J., Lazear, M B., Olson, I.M. Generalized Framework for Access Control: Towards Prototyping the ORGCON Policy. In: Proc of the 14th National Computer Security Conference, Washington,DC, October 1991.1-4
[125] M.Abrams, L.LaPadula, M.Lazear, I.Olson. Reconciling a Formal Model and Prototype Implementation —Lessons Learned in Implementing the ORGCON Policy. Mitre Coporation, Bedford, Mass.01730, November 1991
[126] L.Lapadula. Rule-Set Modelling of Trusted Computer System. Essay 9 in:M.Abrams, S.Jajodia, H.Podell, "Information Security — An integrated Collection of Essays", IEEE Computer Society Press, 1995
[127] Mudhakar Srivatsa and Ling Liu.Vulnerabilities and Security Threats in Structured Peer-to-Peer Systems: A Quantitative Analysis, in the Proceedings of Springer Intl Journal on Information Security. An extended abstract of this paper appeared in Proceedings of 20th IEEE Annual Computer Security Applications Conference (ACSAC), 2004.
[128] Syverson, PF, van Oorschot PC. On unifying some cryptographic protocol logics.In: Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1994. 14-28.
[129] Needham R, Schroeder M. Using encryption for authentication in large networks of computers. Communications of the ACM, 1978.
[130] K. Kant, "Introduction to computer system performance evaluation", ISBN 0-07-033586-9, McGraw-Hill, 1992.
[131] D. E. Bell and L. J. La Padula. Secure Computer System: Unified Exposition and Multics Interpretation. MTR-2997 Rev.1, MITRE Corporation Bedford,Massachusetts, March 1976
[2] E. Sit and R. T. Morris "Security considerations for peer-to-peer distributed hash tables" In First International Workshop on Peer-to-Peer Systems (IPTPS '02).Cambridge, MA, 2002.
[3] Miguel Castro, Peter Druschel, Ayalvadi Ganesh, Antony Rowstron and Dan S.Wallach " Secure routing for structured peerto-peer overlay networks" OSDI'02:Proceedings of the 5th symposium on Operating systems design and implementation
[4] D. G. Andersen, H. Balakrishnan, M. F. Kaashoek, R. Morris, "Resilient Overlay Networks", in Proc. 18th of ACM SOSP, 2001
[5] Ion Stoica, Robert Morris, David Liben-Nowell, David R. Karger, M. Frans Kaashoek, Frank Dabek, and Hari Balakrishnan. "Chord: a scalable peer-to-peer lookup protocol for internet applications" IEEE/ACM Trans. 2003.
[6] P. Druschel and A. Rowstron. "Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems" In IFIP/ACM International conference on Distributed systems platforms (Middle ware)
[7] S. Ratnasamy, R. Francis, M.Handley, R. Krap, J. Padye, and S.Shenker. A scalable content-addressable network. In ACM SIGCOMM, 2001.
[8] I.Clarke, O.Sandberg, B.Wiley, T. W. Tong. Freenet: Adistributed anonymous information storage and retrieval system, http://freenet.sourceforge.net/
[9] The Gnutella home page,http://Gnutella.wego.com/
[10]Gavin Lowe. An attack on the Needham-Schroeder public key authentication protocol
[11]Clay Shields. What do we mean by network denial of service attacks in the proceedings of 2002 IEEE workshop on Information assurance and security.
[12]Pasi Eronen. Denial of service in public key protocols. In Proceedings of the 2001 USENIX Security Symposium, 2001.
[13]Eytan Adar and Bernardo A. Huberman Free riding on Gnutella.URL:http://www.firstmonday.dk/issues/issue5_10/adar/
[14]Groove :http://office.microsoft.com/groove.
[15]Bram Cohen. Incentives Build Robustness in BitTorrent
[16]Mayank Mishra, Kapil Kumar. Performance enhancement with passive caching in Peer-to-peer systems. http://www.cs.sunysb.edu/Mayank/cachreports.pdf
[17]PUnar Yolum Munindar P. Singh.Flexible Caching in Peer-to-Peer Information Systems. 2nd International Peer To Peer Systems Workshop (IPTPS 2003)
[18]Tyron Stading, Petros Maniatis, Mary Baker Peer-to-Peer Caching Schemes to Address Flash Crowds (2002) 1st International Peer To Peer Systems Workshop(IPTPS 2002)
[19]Jared Saia , Amos Fiaty, Steve Gribble, Anna R. Karlin, Stefan Saroiu.Dynamically Fault-Tolerant Content Addressable Networks. International Workshop on Peer-to-Peer Systems ,2002,Cambridge,MA
[20]Moni Naor , Udi Wieder. A Simple Fault Tolerant Distributed Hash Table.International Workshop on Peer-to-Peer Systems,2003 , Berkeley, CA,USA
[21]L. Lamport, R. Shostak, and M. Pease. The Byzantine Generals Problem. ACM Transactions on Programming Languages and Systems, July 1982.
[22]F. B. Schneider. Implementing Fault-Tolerant Services Using The State Machine Approach: A Tutorial. ACM Computing Surveys, December 1990.
[23]Stefan Saroiu, P. Krishna Gummadi and Steven D. Gribble. A Measurement Study of Peer-to-Peer File Sharing Systems. In Proceedings of Multimedia Computing and Networking, 2002.
[24]David Moore, Geoffrey Voelker and Stefan Savage. Inferring internet denial-ofservice activity. In Proceedings of the 2001 USENIX Security Symposium, 2001.
[25]Michael J. Freedman and David Mazi'eres.Sloppy hashing and self organizing clusters. In Proc. 2nd Intl. Workshop on Peer-to-Peer Systems (IPTPS '03) Berkeley, CA, February 2003
[26]Andrew Nash 等著,张玉清等译,公钥基础设施(PKI):实现和管理电子安全,RSA Press, 2002.12
[27]SSL :http:// www.openssl.org/
[28]Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized Trust Management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164{173.IEEE Computer Society Press, 1996.
[29]Carl Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian Thomas, and Tatu Ylonen. SPKI Certificate Theory. IETF RFC 2693, September 1999.
[30]Dan S. Wallach, Andrew W. Appel, and Edward W.Felten. SAFKASI: a security mechanism for language-based systems. ACM Transactions on Software Engineering and Methodology,9(4):341-378,October 2000.
[31]Bernard Traversat,Mohamed Abdelaziz,Mike Duigou,Jean-Christophe Hugly,Eric Pouyoul and Bill Yeage,Sun Microsystems,Inc.Project JXTA Virtual Network.October 28,2002.
[32]RFC 1510.The Kerberos Network Authentication Service(V5)
[33]R.Chen and W.Yeager,"Poblano:A Distributed Trust Model for Peer-to-Peer Networks",Sun Microsystems Technical Paper,2000,http://www.sun.com/software/jxta/poblano.pdf
[34]Matt Blaze,Joan Feigenbaum,John Ioannidis,and Angelos D.Keromytis.The KeyNote Trust-Management System,Version 2.IETF RFC 2704,September 1999.
[35]Trevor Jim.SD3:a trust management system with certi cate evaluation.In Proceedings of the 2001 IEEE Symposium on Security and Privacy,pages 106{115.IEEE Computer Society Press,2001.
[36]Security and Project JXTA,Sun Microsystems,Inc.,October 25,2001,http://www.jxta.org/project/www/docs/SecurityJXTA.PDF
[37]Jeffrey Eric Altman,CTO,PKI Security for JXTA Overlay Networks,IAM Consulting Inc.,jxta@iamx.com http://www.iamx.com,1 February 2003
[38]Gambetta,D.Can we trust trust? In:Gambetta,D.,ed.Trust:Making and Breaking Cooperative Relations.Basil Blackwell:Oxford Press,1990.213-237
[39]Frank Dabek,M.Frans Kaashoek,Davie Karger,Robert Morris,Ion Stoica.Wide-area cooperative storage with CFS.In Proceedings of ACM SOSP 2001.
[40]Dreamtech软件研发组,吴文辉等译,对等网络编程源代码解析,电子工业出版社,2002年8月第一版;
[41]Dejan S.Milojicic etc,Peer-to-Peer Computing,HP Laboratories Palo Alto,March 8th,2002;
[42]张联峰、刘乃安,综述:对等网(P2P)技术,计算机工程与应用,2003年第12期;
[43]蒋兴浩,基于PKI机制的对等网络信任管理问题研究,浙江大学博士论文,2002年11月;
[44]蒋兴浩、万晨妍等,利用SPKI证书实现分布式访问控制,电讯技术,2002年1期;
[45]李祖鹏、赵修斌等,Peer-to-Peer网络中安全对等组的实现,计算机工程与应用2003年24期;
[46]"The Peer-to-Peer Trusted Library(Release 0.2)README." Version 0.2.April 5,2001,http://sourceforge.net/docman/display_doc.php?docid=3851 &groupid= 19950(3 July 2001).
[47]Abdul-Rahman A., Hailes S. Supporting Trust in Virtual Communities. In: Hawaii Int. Conference on System Sciences 33, Maui, Hawaii, January 2000;
[48]Karl Aberer, Zoran Despotovic, Managing Trust in a Peer-to-Peer Information System, Department of Communication Systems Swiss Federal Institute of Technology (EPFL) 1015 Lausanne, Switzerland {karl.aberer,zoran.despotovic}@epfl.ch
[49]R. Rivest SEXP (S-Expressions), draft-rivest-sexp-00.txt, Internet Draft, May 4,1997 http://theory.lcs.mit.edu/~rivest/sexp.txt;
[50]Sameer Ajmani, How to Resolve SDSI Names Without Closure, MIT Computer Science and AI Lab, http://pmg.lcs.mit.edu/~ajmani/papers/sdsi-algos.pdf;
[51]JSDSI: A Java SPKI/SDSI implementation, 2002.http://jsdsi.sourceforge.net.
[52]S. Ajmani, D. Clarke, C.-H. Moh, and S. Richman.ConChord: Cooperative SDSI certificate storage and name resolution. In Proceedings International Workshop on Peer-to-Peer Systems (IPTPS), Mar. 2002.
[53]D. Clarke, J. Elien, C. Ellison, M. Fredette, A. Morcos, and R. L. Rivest. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 2001.
[54]C. M. Ellison and D. E. Clarke. High speed TUPLE reduction. Memo, Intel, 1999.
[55]N. Li, W. H. Winsborough, and J. C. Mitchell. Distributed credential chain discovery in trust management. In Proc. 8th ACM CCS, Nov. 2001.
[56]Ordignon F, Tolosa G. Gnutella: distributed system for information storage and searching model description [DB/OL].http://www.gnutella.co.uk/library/pdf/paperfinalgnutellaenglish.pdf, 2001-08-1/2001-10-11.
[57] William F. Dowling and Jean H. Gallier. Lineartime algorithms for testing the satisfiability of propositional horn formulae. Journal of Logic Programming,1(3):267-284, 1984.
[58]B Traversat, M Abdelaziz, M Duigou, J C Hugly, E Pouyoul, B Yeager. Project jxta virtual network [DB/OL]. http://www.jxta.org/project/www/docs/ JXTAprotocols.pdf.2002-10-08/2002-11-01.
[59]Foster I, Kesselman C, Tsudik G, Tuecke S. A security architecture for computational grids [A]. In Proceedings of 5th ACM Conf on Computer and Communications Security [C]. New York: ACM Press, 1998. 83-92.
[60]SETI@home: http://boinc.berkeley.edu/.
[61]A O Freier, P Karlton, P C Kocher. The SSL protocol version 3.0 [DB/OL].http://wp.netscape.com/eng/ssl3/ssl-toc.html, 1996-03/2005-11.
[62]Olav Bandmann and Mads Dam. A note on SPKI's authorization syntax. In Pre-Proceedings of 1st Annual PKI Research Workshop, April 2002. Available from http://www.cs.dartmouth.edu/pki02/.
[63]B.Lampson, M.Abadi, M. Burrows, and E.Wobber. Authentication in distributed systems: theory and practice. ACM Transactions on Computer Systems,10(4):265-310, November 1992.
[64]C.Meadows. Formal verification of cryptographic protocols: a survey. Volume 917 of Lecture Notes in Computer Science, pages 135-150. Springer Verlag, November 1994.
[65]P R Zimmermann. The official PGP user's guide [M]. MIT Press, 1995.
[66]Ninghui Li. Local names in SPKI/SDSI. In Proceedings of the 13th IEEE Computer Security Foundations Workshop, pages 2-15, July 2000.
[67]IETF RFC 2704, The KeyNote trust management system [S].
[68]Sameer Ajmani, Dwaine E Clarke, Chuang-Hue Moh, Steven Richman. ConChord: cooperative SDSI certificate storage and name resolution [A]. In Proceedings of IPTPS'02 [C]. Cambridge, MA, USA: Springer Verlag, 2002. 141-154.
[69]Zhang Dehua, Ma yong. Distributed trust relationship in P2P network [R]. NCNIPC,2005.
[70]Joseph Y. Halpern and Ron van der Meyden. A logical reconstruction of SPKI. In Proceedings of the 14th IEEE Computer Security Foundations Workshop, pages 59-72, June 2001.
[71]M S. Corson and J. Macker. Mobile ad hoc networking (manet): Routing protocol performance issues and evaluation considerations (rfc2501), January 1999.http://www.ietf.org/rfc/rfc2501.txt.
[72]J. Kleinberg. The small-world phenomenon: An algorithmic perspective. In 32nd ACM Symposium on Theory of Computing, 2000.5. Raph Levien. Attack resistant trust metrics. Draft Ph.D. Thesis, at U.C. Berkeley.
[73]J Li, J Stribling, TM Gil, R Morris, and F Kaashoek. Comparing the performance of distributed hash tables under churn. In International Workshop on Peer-to-Peer Systems (IPTPS04), 2004.
[74] Sergio Marti, Prasanna Ganesan, and Hector Garcia-Molina. SPROUT: P2P rout-ing with social networks. In First International Workshop on Peer-to-Peer and Databases (P2P&DB 2004), March 2004.
[75]Butler Lampson, Martin Abadi, Michael Burrows, and Edward Wobber.Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265-310, November 1992.
[76]Roger M. Needham. Denial of service: an example. Communications of the ACM,37(11):42{46, 1994.90.
[77] S Rhea, D Geels, T Roscoe, and J Kubiatowicz. Handling churn in a dht. In USENIX Annual Technical Conference, June 2004.
[78]Ninghui Li, Benjamin N. Grosof, and Feigenbaum. Delegation logic: A logic-based approach to distributed authorization. ACM Transactions on Information and System Security, 6(1): 128-171, February 2003.
[79]Emil Sit and Robert Morris. Security considerations for peer-to-peer distributedhash tables. In Proceedings for the 1st International Workshop on Peer-to-Peer Systems (IPTPS 02), Cambridge, Massachusetts, March 2002.
[80]Ben Y. Zhao, John D. Kubiatowicz, , and Anthony D. Joseph. Tapestry:Aninfrastructure for fault-resilient wide-area location and routing. Technical Report UCB//CSD-01-1141,U. C.Berkeley, April 2001.
[81]Jon Howell and David Kotz. A formal semantics for SPKI. In Proceedings of the Sixth European Symposium on Research in Computer Security (ESORICS 2000),volume 1895 of Lecture Notes in Computer Science, pages 140-158.Springer-Verlag, 2000.
[82]C. E. Perkins, editor. Ad Hoc Networking. Boston: Addison-Wesley, 2001.
[83]Mart'in Abadi. On access control, data integration, and their languages. In Andrew Herbert and Karen Sprck Jones, editors, Computer systems: Papers for Roger Needham. 2003. The volume, with minor updates, may be published by Springer-Verlag.
[84]Mart'in Abadi, Michael Burrows, Butler Lampson, and Gordon Plotkin. A calculus for access control in distributed systems. ACM Transactions on ProgrammingLanguages and Systems, 15(4):706—734, October1993.
[85]Andrew W. Appel and Edward W. Felten. Proofcarrying authentication. In Proceedings of the 5th ACM Conference on Computer and Communications Security, pages 52-62, November 1999.
[86]Lujo Bauer, Michael A. Schneider, and Edward W. Felten. A general and flexible access-control system for the Web. In Proceedings of the 11th USENIX SecuritySymposium 2002, pages 93-108, 2002.
[87]Elisa Bertino, Barbara Catania, Elena Ferrari, and Paolo Perlasca. A logical framework for reasoning about access control models. ACM Transactions onlnformation and System Security, 6(1):71-127, February 2003.
[88]Ninghui Li and John C. Mitchell. Datalog with constraints: A foundation for trust-management languages. In Proceedings of the Fifth International Symposium on Practical Aspects of Declarative Languages (PADL 2003), volume 2562 of Lecture Notes in Computer Science, pages 58-73. Springer-Verlag, January 2003.
[89]Ninghui Li, John C. Mitchell, and William H. Winsborough. Design of a role-based trust-management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114-130, May 2002.
[90] Jason Crampton, George Loizou, and Greg O'Shea. A logic of access control. The Computer Journal,44(2):137-149, 2001.
[91]John DeTreville. Binder, a logic-based security language. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 105-113, May 2002.
[92]Ninghui Li, William H. Winsborough, and John C. Mitchell. Beyond proof-of-compliance: Safety and availability analysis in trust management. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, May 2003. To appear.
[93]EdwardWobber, Mart'in Abadi, Michael Burrows, and Butler Lampson.Authentication in the Taos operating system. ACM Transactions on Computer Systems, 12(1):3-32, February 1994.
[94]Morrie Gasser, Andy Goldstein, Charlie Kaufman, and Butler Lampson. The Digital Distributed System Security Architecture. In Proceedings of the 1989 National Computer Security Conference, pages 305-319, October 1989.
[95]Adam J. Grove and Joseph Y. Halpern. Naming and identity in epistemic logics, I:The propositional case. Journal of Logic and Computation, 3(4):345-378, 1993.
[96]Joseph Y. Halpern and Ron van der Meyden. A logic for SDSI's linked local name spaces. Journal of Computer Security, 9(1-2):47-74, 2001.
[97]Yao Wang, Julita Vassileva. Bayesian Network-Based Trust Model. In: Proc of IEEE/WIC International Conference on Web Intelligence (WI'03). Halifax, Canada.2003. 372- 378
[98]Yao Wang, Julita Vassileva. Bayesian Network-Based Trust Model in Peer-to-Peer Networks. In: Proc of IEEE Conference on P2P Computing.Linkoeping, Sweden. IEEE Press. September 2003. 150-157
[99]Yao Wang, Julita Vassileva. Trust and Reputation Model in Peer-to-Peer Networks. In: Proc of IEEE Conference on P2P Computing. Linkoeping, Sweden.September 2003.150-157
[100] Abdul-Rahman, A., Hailes, S. A distributed trust model. In: Proceedings of the 1997 New Security Paradigms Workshop.Cumbria,UK:ACM Press,1998.48-60.http://www.ib.hu-berlin.de/~kuhlen/VERT01/abdul-rahman-trust-model 1997.pdf.
[101]Secure Electronic Transaction(SET) specification.Available from http://www.visa.com/cgi2bin/vee/sf/set/intro,html? 2 + 0,1996
[102]石文昌,孙玉芳.多级安全性策略的历史敏感性.软件学报,2003,14(1):91-961
[103]Blaze,M.,Ioannidis,J.,Keromytis,A.Trust management for IPSec.In:Proceedings of the Internet Society Symposium on Network and Distributed Systems Security(SNDSS 2001).2001.139-151.http://www.cis.upenn.edu/~strongman/papers/tmipsec,pdf.
[104]Blaze,M.,Ioannidis,J.,Keromytis,A.Offline Micropayments without Trusted Hardware.In:Syverson,F.ed.Financial Cryptography 2001.Lecture Notes in Computer Science 2339,Berlin:Springer Verlag,2002.
[105]黄建,卿斯汉,温红子.带时间特性的角色访问控制.软件学报.2003,14(11):1944-1954
[106]董光宇,卿斯汉,刘克龙.带时间特性的角色授权约束.软件学报.2002,13(8):1521-1527
[107]NingHui Li.Delegation Logic:A Logic-based Approach to Distributed Authorization[Doctor Thesis].New York University.2000
[108]Roger M.Needham and Michael D.Schroeder,"Using Encryption for Authentication in Large Networks of Computers," Communications of the ACM,21:12,pp.993-999,December 1978
[109]徐峰,吕建:Web安全中的信任管理研究与进展.软件学报,2002,11(13):2057-2064.
[110]刘洁.不确定推理及其在多智能体环境下的应用:[博士学位论文].合肥:中国科学技术大学,2000.5
[111]单智勇.多安全策略支持框架研究及其在安全操作系统中的实践:[博士学位论文].北京:中国科学院软件研究所,2002.12
[112]Martin Abadi.On SDSI's Linked Logcal Name Spaces.Journal of Computer Security,6:1-2(1998),pp.3-21.
[113]徐锋.开放协同软件环境中信任管理研究:[博士学位论文].南京:南京大学计算机软件研究所,2003.4
[114]Blaze,M.,Feigenbaum,J.,Strauss,M.Compliance Checking in the PolicyMaker Trust Management System.In:Hirschfeld,R.,ed.Proceedings of the Financial Cryptography'98.Lecture Notes in Computer Science 1465,Berlin:Springer-Verlag, 1998.254-274.
[115] Gong L, Needham R, Yahalom R. Reasoning about belief in cryptographic protocols. In: Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy. Los Alamitos: IEEE Computer Society Press,1990. 234-248.
[116] Abadi M, Tuttle MR. A semantics for a logic of authentication. In: Proceedings of the 1 Oth ACM Symposium on Principles of Distributed Computing. ACM Press,1991.201-216.
[117] van Oorschot PC. Extending cryptographic logics of belief to key agreement protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security. ACM Press, 1993. 233-243.
[118] Khare, R., Rifkin, A. Trust management on World Wide Web. World Wide Web Journal, 1997,2(3):77-112.
[119] Blaze, M., Feigenbaum, J., Ioannidis, J., et al. The role of trust management in distributed systems security. In: Secure Internet Programming: Issues for Mobile and Distributed Objects. Berlin: Springer-Verlag, 1999. 185-210.
[120] C. E. Perkins and E. M. Royer. Ad hoc on-demand distance vector routing. In Proceedings of the 2nd IEEE Workshop on Mobile Computing Systems and Applications (WMCSA'99), 1999. http://citeseer.nj.nec.com/article/perkins97adhoc.html.
[121] M. G. Zapata and N. Asokan. Securing ad hoc routing protocols. In Proceedings of ACM Workshop on Wireless Security (WiSe '02), pages 1-10, Atlanta, USA,September 2002. ACM Press. http://doi.acm.org/10.1145/570681.570682.
[122] Building Highly Dynamic Battlefield Network Infrastructure for Boeing U.S. Army Future Combat Systems Using JXTA Technology : TS-3527, 2006 http://developers.sun.com/learning/javaoneonline/2006/coolstuff/TS-3527.html
[123] D. Clarke, J. Elien, C. Ellison, M. Fredette,A. Morcos, and R. L. Rivest.Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 2001.
[124] Abrams, M. D., Heaney, J. E., King, O., LaPadula, L. J., Lazear, M B., Olson, I.M. Generalized Framework for Access Control: Towards Prototyping the ORGCON Policy. In: Proc of the 14th National Computer Security Conference, Washington,DC, October 1991.1-4
[125] M.Abrams, L.LaPadula, M.Lazear, I.Olson. Reconciling a Formal Model and Prototype Implementation —Lessons Learned in Implementing the ORGCON Policy. Mitre Coporation, Bedford, Mass.01730, November 1991
[126] L.Lapadula. Rule-Set Modelling of Trusted Computer System. Essay 9 in:M.Abrams, S.Jajodia, H.Podell, "Information Security — An integrated Collection of Essays", IEEE Computer Society Press, 1995
[127] Mudhakar Srivatsa and Ling Liu.Vulnerabilities and Security Threats in Structured Peer-to-Peer Systems: A Quantitative Analysis, in the Proceedings of Springer Intl Journal on Information Security. An extended abstract of this paper appeared in Proceedings of 20th IEEE Annual Computer Security Applications Conference (ACSAC), 2004.
[128] Syverson, PF, van Oorschot PC. On unifying some cryptographic protocol logics.In: Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1994. 14-28.
[129] Needham R, Schroeder M. Using encryption for authentication in large networks of computers. Communications of the ACM, 1978.
[130] K. Kant, "Introduction to computer system performance evaluation", ISBN 0-07-033586-9, McGraw-Hill, 1992.
[131] D. E. Bell and L. J. La Padula. Secure Computer System: Unified Exposition and Multics Interpretation. MTR-2997 Rev.1, MITRE Corporation Bedford,Massachusetts, March 1976