《安全管理和分布式数字矿山系统的部署外文翻译》由会员分享,可在线阅读,更多相关《安全管理和分布式数字矿山系统的部署外文翻译(14页珍藏版)》请在金锄头文库上搜索。
1、附录A:英文翻译Security management and deployment of distributed digital mine SystemAbstractDistributed system has been used in Digital Mine System. Because of the complexity inherent in distributed systems, security has become a crucial aspect in it. This paper proposed an access control mechanism for dis
2、tributed system. By enforcing dynamic authorization as well as fine-grained organization of resource object, the access control policy provides the required flexibility of security management and deployment for Digital Mine SystemKeywords: distributed system; authorization; fine-grained access contr
3、ol1. IntroductionDistributed systems relying on middleware are used in Digital Mine System including smart cards, PDAs,embedded systems, standard PCs and workstations, and highperformance application servers. One of the prime reasons for employing distributed systems rather than centralized systems
4、is the potential for combining resources to build systems that are more powerful than any single centralized system1. Another reason why distributed systems are used is the increased availability of resources that may be achieved if single point of failure is avoided and redundancy is provided in th
5、e design of a system.An immediate consequence of all these uses of distributed systems is that multiple different nodes and resources have to be installed and managed. The complexity inherent in distributed systems constitutes a major problem for overall security.2. Security problems and solutions2.
6、1. Security problemsThe main question in distributed systems is how the specification, deployment and management of applicationoriented access control policies in distributed object systems can be supported in a way that increases the overall security.2.2. Ways to solve the problemsIt is concluded t
7、hat an integrated approach to secure software development and management is required and that it can best be supported by the definition of a declarative policy language. The technical feasibility of the access control is shown through an implementation of the required security infrastructure, which
8、 includes an interceptorbased access control mechanism, a language compiler, objects and role repositories.Allocating security functions at the application level and not at the level of individual operating systems is first an important step to reduce the complexity incurred by heterogeneity. The pr
9、imary focuses of Security Service are thus security policies for application objects. The central concepts of access control policy are views as a firstclass concept for the typesafe aggregation of access rights, roles as a taskoriented abstraction of callers, and schemas as a means of specifying tr
10、iggered dynamic changes in the protection state.3. Access control mechanismAny mechanism for controlling access to resource objects must be able to intercept and check all possible accesses, i.e., the mechanism must be interposed between the object and its callers and not be bypassed.Interceptors ar
11、e a convenient way to implement this mechanism and the security service specifies an access control interceptor for this purpose. The implementation presented here also uses an interceptor. The interceptor establishes this context upon the first request to a given target and the Access Decision obje
12、ct retrieves and updates it, if necessary.Access control is performed when processes try to access protected objects at runtime. It is shown, however, that policy issues must be addressed in earlier stages in the application life cycle to enable appropriate runtime management. The following context
13、describes the management tasks related to access policies at runtime and the deployment of earlier stages.The three main tasks that can be identified correspond directly to what can be called the three basic dimensions of access control: principal management, object management and policy management,
14、 they and their relationship to access policy are examined as following.3.1. Policy managementPolicy representationThe improved access control policy includes several concepts: subject(principal), role, view, object. There are two extra elements which are role and view when subjects access operation
15、s. The policy is described as follows:After identity authentication, a subject is assigned to several roles, among which there are constraints called constraints1. Objects organized by views are used to call System resources, which benefits to fine-grained security modeling and management. There are
16、 constraints called constraints2 between operations of objects. The content of policy item is a mapping from roles to views. The mapping is realized by constraints called constraints3, the relationship between the elements is shown in the following Fig.1.Fig.1. Policy rulesThere are three kinds of Constraints:constraints1: There are three kinds of constraints when a role is defined: base number constraints; leading role constraint
