基于kerberos與x.509的網(wǎng)格認(rèn)證模型研究

1、內(nèi)蒙古科技大學(xué)碩士學(xué)位論文基于Kerberos與X.509的網(wǎng)格認(rèn)證模型研究姓名：肖健申請(qǐng)學(xué)位級(jí)別：碩士專業(yè)：控制理論與控制工程指導(dǎo)教師：譚躍生20080509內(nèi)蒙古科技大學(xué)碩士學(xué)位論文- 2 -AbstractGrid is information application service which serves users like a supercomputer by means ofusing geographically wi

2、dely distributed computation resources, storage resources, networkresources, software resources and information resources etc. Grid technologies have extensiveperspective and development scope, but researches concerning

3、it are still on the first step. There aremany key technologies which need to be solved. On one hand, the powerful functions of Gridtechnologies can bring great convenience to scientific researches，on the other hand, much

4、 attentionmust be given to the security of the grid while using the fast and convenient functions and services.Grid security is not only the first defense line, but also the most important defense line, so theauthenticat

5、ion technology receives the attention generally. Existing Grid security certificate modelsinclude: centralized CA (Certificate Authority) model, mufti-CA model and crossed certificatemodel. But these models have various

6、defects. While using centralized CA model or mufti CAmodel, managing certificates will be very complicated and the amount of data and update amountsare great by means of adopting general management mode of the centraliz

7、ed model. When adoptingcrossed certificate model, the selection of the path will arises.This thesis researches and designs a certificate model based on X.509 and Kerberos. In thismodel, terminal user certificate's pr

8、omulgation is similar with the management to the central model,some independent authentication center carries on issues, and goes upstream finally to a rootauthentication center, here name it the second-level trust terri

9、tory, has own certificate strategy andthe authentication mechanism in this trust territory, like X.509 authentication and Kerberosauthentication; In order to enable the different authentication mechanism between the grid

10、 territoryuser to be possible to visit mutually, composes a first-level trust territory the grid environment's insecond-level trust territory, the first-level trust territory does not participate in the terminal user

11、 andintermediate level CA certificate promulgation with the supervisory work, only carries on thecertificate to the second-level trust territory's root authentication center to issue and to manage,carries on the firs

12、t-level trust territory based on the X.509 PKI authentication.This model has designed grid isomerism domain authentication model based on Kerberos andthe X.509. This model including the security policy, the authenticatio

13、n agreement, the workingpattern and the module and the authentication technology's design, makes authentication moreconvenient and safe in grid isomerism territory.The authentication model has not only solved many qu