P2P环境下基于分类的访问控制研究
|
摘要
随着Internet的迅速发展和普及,Peer-to-Peer(P2P)网络技术得到快速发展。但是P2P网络正处在发展阶段,目前尚无成熟的标准,加上自身分布式的特点,P2P网络缺乏集中控制,这使得P2P网络的安全成为一个突出的问题。尤其是P2P文件共享系统,虽然为共享资源提供了方便,却无法保证资源的真实性。而且,开放和匿名的P2P系统允许任意节点的加入和离开,一些恶意节点可能对系统造成危害,进而加剧了P2P系统的不安全因素。由于传统的集中式信任机制不再适合P2P系统的要求,因此有必要建立一个分布式信任机制来加强系统的可靠性。
信任模型是P2P信任机制中的重要构件。本文在分析现有信任模型的基础上,提出了一种资源分类信任模型。该模型基于现实世界的信任机制,根据节点提供的资源及历史交易信息给节点分类,通过节点的类别来选择信任消息获得的途径,减少网络中的信息流量,提高信任信息获取的有效性。并且,通过对相关的节点的历史信息的搜集、分析,将信任分为直接信任信息和推荐信任信息,依据各节点评价能力的不同对相关信息进行修正,计算交易节点的信任度,作为交易决策的依据。通过仿真实验对该模型的性能进行了研究,证明了模型的有效性和可行性。但也存在不足,需要在以后的工作中进一步研究和改进。
With the rapid development of Internet, the Peer-to-Peer (P2P) network technology develops rapidly now days. At present, the P2P network is under developing without a mature standard. With the distributed characteristic, P2P network lacks centralized control and its safety becomes a serious problem, especially in the shared resources. Moreover, the P2P system with open and anonymous character admits the entrance and departure of any peer, some evil peers could do harm to the system and enhance the unsafely of P2P system. The traditional central trust mechanism will not meet the demand of the P2P system anymore, so it is necessary to establish a distributed trust mechanism to enhance the dependability of the P2P system.
Trust model is the most important parts in the trust mechanism, this paper puts forward a comparatively simple distribution model after analyzing the existing trust model. The model evaluates the credit by the method of estimation based on the credit mechanism of the realistic word. Though the resources provided and the transaction information of the node to decide the classification of the node, chooses the way which the trust news obtains through the node's category, reduces the capacity of information in the P2P network, enhances the validity of the trust information acquisition . The credit are divided into direct credit information and recommended credit information after the collecting and analyzing of the information related to the peers. The reputation value of trade node is calculated as the proof whether the trade will go on after the correction of the related information by the different evaluation ability. As verified, this trust mode is feasible and practical, effectively boosting the general capability of the P2P network. Also, the model needs further study and improvement in the future.
信任模型是P2P信任机制中的重要构件。本文在分析现有信任模型的基础上,提出了一种资源分类信任模型。该模型基于现实世界的信任机制,根据节点提供的资源及历史交易信息给节点分类,通过节点的类别来选择信任消息获得的途径,减少网络中的信息流量,提高信任信息获取的有效性。并且,通过对相关的节点的历史信息的搜集、分析,将信任分为直接信任信息和推荐信任信息,依据各节点评价能力的不同对相关信息进行修正,计算交易节点的信任度,作为交易决策的依据。通过仿真实验对该模型的性能进行了研究,证明了模型的有效性和可行性。但也存在不足,需要在以后的工作中进一步研究和改进。
With the rapid development of Internet, the Peer-to-Peer (P2P) network technology develops rapidly now days. At present, the P2P network is under developing without a mature standard. With the distributed characteristic, P2P network lacks centralized control and its safety becomes a serious problem, especially in the shared resources. Moreover, the P2P system with open and anonymous character admits the entrance and departure of any peer, some evil peers could do harm to the system and enhance the unsafely of P2P system. The traditional central trust mechanism will not meet the demand of the P2P system anymore, so it is necessary to establish a distributed trust mechanism to enhance the dependability of the P2P system.
Trust model is the most important parts in the trust mechanism, this paper puts forward a comparatively simple distribution model after analyzing the existing trust model. The model evaluates the credit by the method of estimation based on the credit mechanism of the realistic word. Though the resources provided and the transaction information of the node to decide the classification of the node, chooses the way which the trust news obtains through the node's category, reduces the capacity of information in the P2P network, enhances the validity of the trust information acquisition . The credit are divided into direct credit information and recommended credit information after the collecting and analyzing of the information related to the peers. The reputation value of trade node is calculated as the proof whether the trade will go on after the correction of the related information by the different evaluation ability. As verified, this trust mode is feasible and practical, effectively boosting the general capability of the P2P network. Also, the model needs further study and improvement in the future.
引文
[1]Ramesh Subramanian,Brian D.Goodman.Peer to Peer Computing:The Evolution of A Disruptive Technology[M].Idea Group Publishing,2005:2-3,35-54
[2]Sylvia Ratnasamy,Paul Francis,Mark Handley,et al.A Scalable Content-Addressable Network.ACM Press,New York,NY USA,2001:161-172
[3]P.Herrmann,H.Krumm.Trust-Adapted Enforcement of Security Policies in Distributed Component-Structured Applications.IEEE Computer Society Press,NW Washington,DC USA,2001:1530-1346
[4]Yao Wang,Julita Vassileva.Trust and reputation model in peer-to-peer networks.IEEE Computer Society Press,NW Washington,DC USA,2003.150-158
[5]吴连龙.基于特别兴趣组的P2P网络搜索算法,计算机应用,2007,27(8):1871-1876
[6]Xi Tong,Dalu Zhang,Zhe Yang.Efficient content location based On Interest-Cluster in Peer-to-Peer system,IEEE Computer Society Press,NW Washington,DC USA,2005:324-331
[7]PMei Li,PGuanling Lee,Wang-Chien lee,at al.PENS:an algorithm for density-based clustering in peer-to-peer systems,ACM Press,New York NY USA,2006:39-es
[8]Voulgaris S,Kermarrec A.M,M assouli'e L,et al.Exploiting Semantic Proximity in Peer-to-Peer Content Searching.IEEE Computer Society,NW Washington,DC USA,2004:238-243
[9]P Haase,R Siebes.F Harmelen.Peer selection in peer-to-peer networks with semantic topologies[C].In:International Conference on Semantics of a Networked World:Semantics for Grid Databases,2004
[10]Alfarez Abdul-Rahman,Stephen Hailes.A distributed trust model.ACM Press,New York,NY USA,1998:48-60
[11]Farag Azzedin,Muthucumaru Maheswaran.Towards Trust-Aware Resource Management in Grid Computing Systems.In:Proceedings of the 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid,IEEE Computer Society,DC USA,2002:452
[12]Yumei Liu,Shoubao Yang,Leitao Guo,et al.A Distributed Trust-based Reputation Model in P2P System,IEEE computer Society,NW Washington,DC USA,2007:294-299
[13]Xiong L,Liu L.PeerTrust:Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities.IEEE Transactions on Knowledge and Data Engineering,IEEE Educational Activities Department,NJ USA,2004:843-857
[14]Shashidhar Merugu,Sridhar Srinivasan,Ellen Zegura.Adding structure to unstructured peer-to-peer networks:the use of small-world graphs,Academic Press,FL USA,2005:142-153
[15]Mujtaba Khambatti,Partha Dasgupta,Kyung Dong Ryu.A Role-Based Trust Model for Peer-to-Peer Communities and Dynamic Coalitions[C],IEEE Computer Society,NW Washington,DC USA,2004:141
[16]Alessandro Linari,Gerhard Weikum.Efficient peer-to-peer semantic overlay networks based on statistical language models,Proceedings of the international workshop 上 Information retrieval in peer-to-peer networks,ACM Press,NY USA,2006:9-16
[17]王容芳,郭中,郭金庚,等.开放分布式系统中的信任管理,计算机工程,2004,8(30):117-119
[18]陈妹,方滨兴,周勇林.P2P技术的研究与应用,计算机工程与应用,2003,13:20-23
[19]Stefan Saroiu,P.Krishna Gummadi,Steven D.Gribble.Measuring and analyzing the characteristics of Napster and Gnutella hosts,Springer-Verlag New York,NJ USA,2003:170-184
[20]Kelsey Anderson.Analysis of the Traffic on the Gnutella Network.http://www.cs.ucsd.edu/classes/wi01/cse222/proje cts/reports/p2p-2.pdf.
[21]孙默.P2P网络安全模型的研究与设计实现[D].硕士论文,西安电子科技大学,2005
[22]Karlo Berket,Abdelilah Essiari,Artur Muratas.PKI-Based Security for Peer-to-Peer information Sharing,IEEE Computer Society,NW Washington,DC USA,2004:45-52
[23]阙喜戎、孙锐等.信息安全原理及应用,清华大学出版社,2003:20-12
[24]Girish Suryanarayana,Mamadou H.Diallo,Justin R.Erenkrantz,et al.Architecting trust-enabled peer-to-peer file-sharing applications,ACM Press,2005,New York,NY USA,2006:5
[25]Guha R,Kumar R,Raghavan P.Propagation of trust and distrust.In:www2004,New York,USA,2004:17-22
[26]Caronni G.Walking the Web of trust[C].Proceedings IEEE 9th international workshop on enabling technologies(WET ICE'2000).Los Alomitos:IEEE Computer Society Press,2000:153-158
[27]J Scott.Soeial Network Analysis:a handbook.SAGE Publication,2000
[28]S Wasserman.Soeial Network Analysis:methods and applications.Cambridge University Press,1994
[29]Diego Gambett.Trust:Making and Breaking Cooperative Relations.http://www.sociology.ox.ac.uk/papers/gambetta213-237.pdf
[30]Yu B,Singh M.Trust and Reputation Management in a Small-world Network[A].Proc of the 4th Int Conf on Multi-agent Systems[C].Washington DC,2000:449-450
[31]Nitesh Saxena,Gene Tsudik,Jeong Hyun Yi.Admission control in Peer-to-Peer:design and performance evaluation,ACM Press,New York,NY USA,2003:104-113
[32]Grandison T,Slonlan M.A survey of trust in Internet applications.IEEE Communications Surveys and Tutorials.2000,4(4):2-16
[33]Carbone M,Nielsen M.A formal model for trust in dynamic networks,In:Proc.of IEEE International Conference on Software Engineering and Formal Methods (SEFM'03),Brisbane,Australia,Sept.2003
[34]A.A.Selcuk,E.Uzun,M.R.Pariente.A Reputation-Based Trust Management System for P2P Networks,IEEE Computer Society,NW Washington,DC USA,2004:251-258
[35]L.Xiong and L.Liu.A reputation-based trust model for peer-to-peer ecommerce communities.In IEEE Conference on E-Commerce(CEC'03).2003
[36] PRohit Gupta, PArun K.Somani. Reputation management Framework and its use as Currency in Large-Scale Peer-to-Peer Networks, IEEE Computer Society, NW Washington, DC USA, 2004:124-132
[37] Sepandar D. Kamvar, Mario T. Schlosser, Hector Garcia-Molina. The Eigentrust algorithm for reputation management in P2P networks, In: Proc.of the 12th Int'l World Wide Web Conf, ACM Press, New York, NY USA, 2003:123-134
[38] Altaian J.PKI Security for JXTA overlay networks. Technical Report, TR-I2-03-06, Palo Alto: Sun Microsystem, 2003
[39] Albrecht K, Ruedi AR. Clippee: A large-scale client/peer system. Technical Report, TR-410, Swiss Federal Institute of Technology, 2003
[40] Abhilash Gummadi, Jong P. Yoon. Modeling Group Trust For Peer-to-Peer Access Control, Proceedings of the Database and Expert Systems Applications, 15th International Workshop on (DEXA'04), IEEE Computer Society, DC USA, 2004:971-978
[41] Fabrizio Cornelli, PErnesto Damiani, Sabrina De Capitani di Vimercati, et al. Choosing reputable servents in a P2P network. In: Proc. Of the 11th Int'l World Wide Web Conf, ACM Press, New York NY USA, 2002:441-449
[42] Marsh S. Formalising trust as a computational concept[D], Stirling:University of Stirling, 1994.
[43] T.Beth, M.Borcherding, B.Klein. Valuation of Trust in Open NetWork. In Proceedings of European Symposium On Research in Security, Brighton, Springer-Verlag, 1994:3-18
[44] Alfarez Abdul-Rahman, Stephen Hailes. Supporting Trust in Virtual Communities. Proceedings Hawaii International Conference on System Sciences, IEEE Computer Society, NW Washington, DC USA, 2000:6007
[45] PBin Yu, PMunindar P. Singh. An evidential model of distributed reputation management[J]. ACM Press, New York NY USA, 2002:294-301
[46] Paul Resnick, Ko Kuwabara, Richard Zeckhauser, et al. Reputation systems. ACM Press, New York NY USA, 2000:45-48
[47] R. Tahalom, B.Klein, Th.Beth. Trust relationships in secure systems-a distributed authentication perspective.In Proc.1993 IEEE symposium on Security and Pricacy,IEEE Computer Society,NW Washington,DC USA,1993:150
[48]张铁军,张玉清,战守义,等.Peer-to-Peer典型应用安全需求分析,计算机工程,2005,31(20):56-58
[49]P.Krishna Gummadi,Stefan Saroiu,Steven D.Gribble.A measurement study of Napster and Gnutella as examples of peer-to-peer file sharing systems[C],ACM Press,New York,NY USA,2002:82-82
[50]GianLuigi Folino,Agostino Forestiero,Giandomenico Spezzano.A P2P-based flocking algorithm for distributed clustering using small world structure,Wolrd Scientific and Engineering Academy and Society,2007:63-68
[51]PLu Liu,Stephen Mackin,PNick Antonopoulos.Small World Architecture for Peer-to-Peer Networks,IEEE Computer Society,NW Washington,DC USA,2006:451-454
[52]Qin Lv,Pei Cao,Edith Cohen,et al.Search and replication in unstructured peer-to-peer networks,ACM Press,New York NY USA,2002:84-95
[53]李旭峰,陈海涛,王正华,等.通用P2P模拟器的构造技术研究,计算机应用研究,2006,05:16-18
[2]Sylvia Ratnasamy,Paul Francis,Mark Handley,et al.A Scalable Content-Addressable Network.ACM Press,New York,NY USA,2001:161-172
[3]P.Herrmann,H.Krumm.Trust-Adapted Enforcement of Security Policies in Distributed Component-Structured Applications.IEEE Computer Society Press,NW Washington,DC USA,2001:1530-1346
[4]Yao Wang,Julita Vassileva.Trust and reputation model in peer-to-peer networks.IEEE Computer Society Press,NW Washington,DC USA,2003.150-158
[5]吴连龙.基于特别兴趣组的P2P网络搜索算法,计算机应用,2007,27(8):1871-1876
[6]Xi Tong,Dalu Zhang,Zhe Yang.Efficient content location based On Interest-Cluster in Peer-to-Peer system,IEEE Computer Society Press,NW Washington,DC USA,2005:324-331
[7]PMei Li,PGuanling Lee,Wang-Chien lee,at al.PENS:an algorithm for density-based clustering in peer-to-peer systems,ACM Press,New York NY USA,2006:39-es
[8]Voulgaris S,Kermarrec A.M,M assouli'e L,et al.Exploiting Semantic Proximity in Peer-to-Peer Content Searching.IEEE Computer Society,NW Washington,DC USA,2004:238-243
[9]P Haase,R Siebes.F Harmelen.Peer selection in peer-to-peer networks with semantic topologies[C].In:International Conference on Semantics of a Networked World:Semantics for Grid Databases,2004
[10]Alfarez Abdul-Rahman,Stephen Hailes.A distributed trust model.ACM Press,New York,NY USA,1998:48-60
[11]Farag Azzedin,Muthucumaru Maheswaran.Towards Trust-Aware Resource Management in Grid Computing Systems.In:Proceedings of the 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid,IEEE Computer Society,DC USA,2002:452
[12]Yumei Liu,Shoubao Yang,Leitao Guo,et al.A Distributed Trust-based Reputation Model in P2P System,IEEE computer Society,NW Washington,DC USA,2007:294-299
[13]Xiong L,Liu L.PeerTrust:Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities.IEEE Transactions on Knowledge and Data Engineering,IEEE Educational Activities Department,NJ USA,2004:843-857
[14]Shashidhar Merugu,Sridhar Srinivasan,Ellen Zegura.Adding structure to unstructured peer-to-peer networks:the use of small-world graphs,Academic Press,FL USA,2005:142-153
[15]Mujtaba Khambatti,Partha Dasgupta,Kyung Dong Ryu.A Role-Based Trust Model for Peer-to-Peer Communities and Dynamic Coalitions[C],IEEE Computer Society,NW Washington,DC USA,2004:141
[16]Alessandro Linari,Gerhard Weikum.Efficient peer-to-peer semantic overlay networks based on statistical language models,Proceedings of the international workshop 上 Information retrieval in peer-to-peer networks,ACM Press,NY USA,2006:9-16
[17]王容芳,郭中,郭金庚,等.开放分布式系统中的信任管理,计算机工程,2004,8(30):117-119
[18]陈妹,方滨兴,周勇林.P2P技术的研究与应用,计算机工程与应用,2003,13:20-23
[19]Stefan Saroiu,P.Krishna Gummadi,Steven D.Gribble.Measuring and analyzing the characteristics of Napster and Gnutella hosts,Springer-Verlag New York,NJ USA,2003:170-184
[20]Kelsey Anderson.Analysis of the Traffic on the Gnutella Network.http://www.cs.ucsd.edu/classes/wi01/cse222/proje cts/reports/p2p-2.pdf.
[21]孙默.P2P网络安全模型的研究与设计实现[D].硕士论文,西安电子科技大学,2005
[22]Karlo Berket,Abdelilah Essiari,Artur Muratas.PKI-Based Security for Peer-to-Peer information Sharing,IEEE Computer Society,NW Washington,DC USA,2004:45-52
[23]阙喜戎、孙锐等.信息安全原理及应用,清华大学出版社,2003:20-12
[24]Girish Suryanarayana,Mamadou H.Diallo,Justin R.Erenkrantz,et al.Architecting trust-enabled peer-to-peer file-sharing applications,ACM Press,2005,New York,NY USA,2006:5
[25]Guha R,Kumar R,Raghavan P.Propagation of trust and distrust.In:www2004,New York,USA,2004:17-22
[26]Caronni G.Walking the Web of trust[C].Proceedings IEEE 9th international workshop on enabling technologies(WET ICE'2000).Los Alomitos:IEEE Computer Society Press,2000:153-158
[27]J Scott.Soeial Network Analysis:a handbook.SAGE Publication,2000
[28]S Wasserman.Soeial Network Analysis:methods and applications.Cambridge University Press,1994
[29]Diego Gambett.Trust:Making and Breaking Cooperative Relations.http://www.sociology.ox.ac.uk/papers/gambetta213-237.pdf
[30]Yu B,Singh M.Trust and Reputation Management in a Small-world Network[A].Proc of the 4th Int Conf on Multi-agent Systems[C].Washington DC,2000:449-450
[31]Nitesh Saxena,Gene Tsudik,Jeong Hyun Yi.Admission control in Peer-to-Peer:design and performance evaluation,ACM Press,New York,NY USA,2003:104-113
[32]Grandison T,Slonlan M.A survey of trust in Internet applications.IEEE Communications Surveys and Tutorials.2000,4(4):2-16
[33]Carbone M,Nielsen M.A formal model for trust in dynamic networks,In:Proc.of IEEE International Conference on Software Engineering and Formal Methods (SEFM'03),Brisbane,Australia,Sept.2003
[34]A.A.Selcuk,E.Uzun,M.R.Pariente.A Reputation-Based Trust Management System for P2P Networks,IEEE Computer Society,NW Washington,DC USA,2004:251-258
[35]L.Xiong and L.Liu.A reputation-based trust model for peer-to-peer ecommerce communities.In IEEE Conference on E-Commerce(CEC'03).2003
[36] PRohit Gupta, PArun K.Somani. Reputation management Framework and its use as Currency in Large-Scale Peer-to-Peer Networks, IEEE Computer Society, NW Washington, DC USA, 2004:124-132
[37] Sepandar D. Kamvar, Mario T. Schlosser, Hector Garcia-Molina. The Eigentrust algorithm for reputation management in P2P networks, In: Proc.of the 12th Int'l World Wide Web Conf, ACM Press, New York, NY USA, 2003:123-134
[38] Altaian J.PKI Security for JXTA overlay networks. Technical Report, TR-I2-03-06, Palo Alto: Sun Microsystem, 2003
[39] Albrecht K, Ruedi AR. Clippee: A large-scale client/peer system. Technical Report, TR-410, Swiss Federal Institute of Technology, 2003
[40] Abhilash Gummadi, Jong P. Yoon. Modeling Group Trust For Peer-to-Peer Access Control, Proceedings of the Database and Expert Systems Applications, 15th International Workshop on (DEXA'04), IEEE Computer Society, DC USA, 2004:971-978
[41] Fabrizio Cornelli, PErnesto Damiani, Sabrina De Capitani di Vimercati, et al. Choosing reputable servents in a P2P network. In: Proc. Of the 11th Int'l World Wide Web Conf, ACM Press, New York NY USA, 2002:441-449
[42] Marsh S. Formalising trust as a computational concept[D], Stirling:University of Stirling, 1994.
[43] T.Beth, M.Borcherding, B.Klein. Valuation of Trust in Open NetWork. In Proceedings of European Symposium On Research in Security, Brighton, Springer-Verlag, 1994:3-18
[44] Alfarez Abdul-Rahman, Stephen Hailes. Supporting Trust in Virtual Communities. Proceedings Hawaii International Conference on System Sciences, IEEE Computer Society, NW Washington, DC USA, 2000:6007
[45] PBin Yu, PMunindar P. Singh. An evidential model of distributed reputation management[J]. ACM Press, New York NY USA, 2002:294-301
[46] Paul Resnick, Ko Kuwabara, Richard Zeckhauser, et al. Reputation systems. ACM Press, New York NY USA, 2000:45-48
[47] R. Tahalom, B.Klein, Th.Beth. Trust relationships in secure systems-a distributed authentication perspective.In Proc.1993 IEEE symposium on Security and Pricacy,IEEE Computer Society,NW Washington,DC USA,1993:150
[48]张铁军,张玉清,战守义,等.Peer-to-Peer典型应用安全需求分析,计算机工程,2005,31(20):56-58
[49]P.Krishna Gummadi,Stefan Saroiu,Steven D.Gribble.A measurement study of Napster and Gnutella as examples of peer-to-peer file sharing systems[C],ACM Press,New York,NY USA,2002:82-82
[50]GianLuigi Folino,Agostino Forestiero,Giandomenico Spezzano.A P2P-based flocking algorithm for distributed clustering using small world structure,Wolrd Scientific and Engineering Academy and Society,2007:63-68
[51]PLu Liu,Stephen Mackin,PNick Antonopoulos.Small World Architecture for Peer-to-Peer Networks,IEEE Computer Society,NW Washington,DC USA,2006:451-454
[52]Qin Lv,Pei Cao,Edith Cohen,et al.Search and replication in unstructured peer-to-peer networks,ACM Press,New York NY USA,2002:84-95
[53]李旭峰,陈海涛,王正华,等.通用P2P模拟器的构造技术研究,计算机应用研究,2006,05:16-18