作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2012, Vol. 38 ›› Issue (04): 129-133. doi: 10.3969/j.issn.1000-3428.2012.04.042

• 安全技术 • 上一篇    下一篇

基于面向对象信任攻击图的信任风险传播模型

陆秋琴,和 涛,黄光球   

  1. (西安建筑科技大学管理学院,西安 710055)
  • 收稿日期:2011-07-21 出版日期:2012-02-20 发布日期:2012-02-20
  • 作者简介:陆秋琴(1966-),女,副教授、博士,主研方向:信任评估,电子商务;和 涛,硕士研究生;黄光球,教授、博士
  • 基金资助:
    西安建筑科技大学人才科技基金资助项目(RC1019); 陕西省重点学科建设专项基金资助项目(zdxk2010)

Trust Risk Propagating Model Based on Object-oriented Trust Attack Graph

LU Qiu-qin, HE Tao, HUANG Guang-qiu   

  1. (School of Management, Xi’an University of Architecture & Technology, Xi’an 710055, China)
  • Received:2011-07-21 Online:2012-02-20 Published:2012-02-20

摘要: 针对信任环境系统中存在的信任攻击问题,设计基于面向对象的信任攻击图模型。利用Take规则、Grant规则和Pervade规则,描述信任主体对象属性弱点导致的信任级别的提升、信任关系的传递、渗透与扩散问题,使攻击可达距离更大。根据弱点利用规则和信任关系盗用规则,提出多项式时间复杂度信任关系传递闭包生成算法及基于信任关系传递闭包的信任风险传播算法。实验结果证明了该模型的正确性。

关键词: 信任, 风险传播模型, 信任攻击, 信任关系网络, 信任关系盗用

Abstract: In order to study the trust attack problem in complicated trust environment, the object-oriented trust attack graph model is put forward. In the model, the rule take, grant and pervade are used to describe trust level escalating, trust relation transiting, pervading and spreading resulting from utilization of vulnerabilities existing in attributes of trust entity objects, therefore a longer attack reachable distance can be reached. The model carries the attack complexity and harmfulness index which are used to determine the attack threat index, the vulnerability utilizing rules and trust relation embezzling rules are used to establish the trust relation transitive closure generating algorithm with polynomial time complexity, based on which a trust risk propagating algorithm is established. Through an experiment based on modeling real vulnerabilities for a system, the model is proofed to be correct.

Key words: trust, risk propagating model, trust attack, trust relation network, trust relation embezzling

中图分类号: