面向跨信任域互联网场景的拜占庭容错访问控制架构
CSTR:
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

TP309

基金项目:

国家重点研发计划(2022YFB2701600)


Access Control Structure Based on Byzantine Fault Tolerance in Cross-trust-domain Internet Scenarios
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    工业界现用的访问权限控制技术愈来愈难以应对广域互联网场景下部署的分布式系统的访问控制问题, 特别是跨多个信任域部署的大型信息系统在地理分布上不断分散化, 造成防护弱点不断增加. 基于共识的访问控制策略共享技术能够使跨信任域部署的访问控制节点安全快速地达成一致决策. 首先提出面向多节点的基于共识的访问权限控制模型, 提出强安全高性能的访问控制引擎共识算法Super-Dumbo. 该算法突破Dumbo2共识协议的性能瓶颈, 优化消息广播、随机掷币、共识算法设计等关键步骤的设计, 减少数字签名验证等计算开销、有效提升带宽利用率, 从而在吞吐量和延迟时间等性能方面取得大幅提升, 满足CBAC访问控制模型对底层共识算法低延迟、大吞吐量的性能要求.

    Abstract:

    In the industrial field, currently used access permission control technologies are increasingly struggling to address access control issues of distributed systems deployed in wide-area internet scenarios. This situation is particularly exacerbated when dealing with large-scale information systems distributed across multiple trust domains, thereby engendering an escalating proliferation of vulnerabilities. Consensus-based access control policy sharing technologies can facilitate the secure and expeditious attainment of consensus decisions among access control nodes deployed across trust domains. This study first proposes a consensus-based access permission control model for multiple nodes and presents the Super-Dumbo consensus algorithm for access control engines, which features robust security and high performance. Super-Dumbo surmounts the performance bottlenecks of Dumbo2 by optimizing the design of key steps encompassing message broadcasting, random coin toss procedures, and consensus algorithm constructs. Notably, it reduces computational overhead such as digital signature verification, thereby effectively enhancing bandwidth utilization. This achieves a substantial improvement in performance metrics, such as throughput and latency, aligning seamlessly with the performance prerequisites of the CBAC access control model, which demands low latency and high throughput from the underlying consensus algorithm.

    参考文献
    相似文献
    引证文献
引用本文

韩将,张振峰,刘雨果,胡可欣,何双羽.面向跨信任域互联网场景的拜占庭容错访问控制架构.软件学报,,():1-18

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2023-11-14
  • 最后修改日期:2024-05-13
  • 录用日期:
  • 在线发布日期: 2024-12-25
  • 出版日期:
文章二维码
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号