以作者查詢圖書館館藏 、以作者查詢臺灣博碩士 、以作者查詢全國書目 、勘誤回報 、線上人數:47 、訪客IP:3.133.129.8
姓名 林信宏(Hsin-Hung Lin) 查詢紙本館藏 畢業系所 資訊管理學系 論文名稱 行動代理人為基礎的虛擬組織授權管理網格
(Mobile Agent-based Virtual Organization Management Grid)相關論文 檔案 [Endnote RIS 格式] [Bibtex 格式] [相關文章] [文章引用] [完整記錄] [館藏目錄] [檢視] [下載]
- 本電子論文使用權限為同意立即開放。
- 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
- 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
摘要(中) 在網格運算環境下,各個網點自主性進行資源配置的網格經濟模式,是必然的趨勢。網點間透過分享資源自然形成虛擬組織,各個虛擬組織有各自不同的屬性。而網格運算在資源分享時,所衍生的經濟行為,將產生各自不同型態的市場模式,各個市場模式儼然形成虛擬組織的群落,需要有系統的進行管理。
各個虛擬組織有其專業性,網點間在進行組織內或跨組織的資源分享時勢必牽涉到資源分享公平性與安全性的問題,是故,資源分享需要設計一個安全的授權規劃與執行管理方式。
有鑑於網格經濟對於市場型態的虛擬組織管理與授權機制缺少相關文獻與研究,故本研究企圖以網格經濟模型為基礎,建立一個虛擬組織管理架構。提供的管理操作包含註冊授信、運算代理要求、代理確認與授權委派執行。
本研究所設計之架構,允許代理人透過漫遊至市場主機後,可向市場管理者提出註冊請求,完成合法授信流程。代理人間完成資源協商交易之後,可要求公正的市場管理者為代理運算請求的交易進行背書,確立交易的合法性。資源買賣雙方並可透過管理者的合法背書,要求其對交易進行仲裁。本研究針對進行代理運算所需要的授權政策提出改良的設計,除了提昇政策制定的彈性與運算本身的私密性之外,也確保授權運算的完整性與正確性。本研究對網格環境內的虛擬組織由身份認證、組織內成員管理、授權管理以至於授權委派的執行提出一個系統性的架構,並予以實作,為網格虛擬組織管理架構提出一個參考的依據。摘要(英) It’s inevitable that Grid economy emerged from nodes in Grid computing environment sharing resources with each other autonomously. Nodes form virtual organization which called VO by sharing resources, and each VO has its own specific properties. When the economic behavior occurred derived from sharing, there will be different types of market pattern. Those types of market obviously form a VO or sub-groups. So, it’s important to build a systematic management mechanism for the VO management.
Each VO owns private domain knowledge. When it comes to sharing resource in internal or external organization, the issue about fairness and security emerged. So, it’s a critical issue for designing secure authorization operation plans and execution management.
We propose a virtual organization authorization management model to provide a management architecture for VO in the Grid environment. Management operations include building trust relationship from authentication and authorization, VO member management, delegation request, proxy execution and authorization management. Besides that, we also improve the flexibility of the authorization policy to increase more security and more privacy when enforcing the delegated mission.
Based on such concept, we implement this architecture and accomplish several management scenarios practically. Besides that, we carry out experiments to prove the feasibility of the proposed model.關鍵字(中) ★ 虛擬組織管理
★ 網格運算
★ 網格經濟
★ 授權委派
★ 網格安全關鍵字(英) ★ Delegation
★ Authorization Policy
★ Virtual Organization Management
★ Grid Computing
★ Grid Security論文目次 第一章 緒論 1
1.1 研究背景 1
1.2 研究動機 3
1.3 研究目的 4
1.4 研究步驟 5
1.5 論文架構 5
第二章 文獻探討 6
2.1 網格運算 6
2.2 虛擬組織管理與CAS服務 7
2.3 CAS的安裝與部署 10
2.4 CAS的運行與操作方式 13
2.5 網格安全標準架構 15
2.6 GSI訊息規格 17
2.7 授權政策與授權管理 20
第三章 系統模型 26
3.1 系統假設 26
3.2 系統角色 27
3.3 情境說明 28
3.3.1 註冊 30
3.3.2 代理要求 33
3.3.3 代理確認 35
3.3.4 授權執行 36
3.3.5 Mobile Agent-based VOAM Grid提供的安全性 36
第四章 系統實作 37
4.1 Mobile Agent-based VOAM Grid 37
4.1.1 軟體代理人及JADE平台 38
4.1.2 CAS Utility Tool 40
4.1.3 Policy Enforce Engine 42
4.1.4 Globus Web Service Container 44
4.1.5 GSI Utility Tool 45
4.1.6 Grid Security Infrastructure 47
4.1.7 Community Authorization Service與CAS Database 47
4.1.8 Computing Service 48
4.2 授權政策設計 49
4.3 系統執行與實驗設計 54
4.3.1 Mobile Agent-based VOAM Grid執行畫面 54
4.3.2 實驗設計與目的 56
4.3.3 實驗一:授權管理實驗 57
4.3.4 實驗二:執行效能實驗 62
第五章 結論與未來研究方向 66
參考文獻 69參考文獻 1. 王世甫,民95,「MAREG─以行動代理人及網格經濟為基礎之網格資源管理系統」,碩士論文–國立中央大學資訊管理學系研究所。
2 詹晏誠,民95,「適用網格計算環境之多重代理人付款系統」,碩士論文–國立中央大學資訊管理學系研究所。
英文文獻
3. Afsarmanesh, H., Camarinha, M., “A Framework for Management of Virtual Organization Breeding Environments”, Proceedings PRO-VE’2005, pp 35-48, Sep 2005.
4 Ahsant, M,., Basney, J., Mulmo, O., “Grid Delegation Protocol”. In Proceedings of the Workshop on Grid Security Practice and Experience July 2004.
5 Barker, R., Yu, D., Wlodek, T., “A Model for Grid User Management”, Computing in High Energy and Nuclear Physics, March 2003.
6 Caire, G., “JADE Tutorial JADE Programming for Beginners”, TiLab, Dec. 2003.
7 Chadwick, D., Otenko, S., Welch, V., “Using SAML to Link the Globus Toolkit to the PERMIS Authorization Infrastructure” In Proceedings of Eighth Annual IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, Windermere, UK, Sep. 2004.
8 Cannon, S. , “Using CAS to Manage Role-Based VO Sub-Groups”, Proceedings of Computing in High Energy Physics, 2003.
9 Foster, I, “What is the Grid? A Three Point Checklist”, GRID Today, 2002.
10 Foster, I., et. al., “The Anatomy of the Grid Enabling Scalable Virtual Organizations”, International Journal of Supercomputer Applications, pp.200-222, 2001.
11 Tuecke, S., et. al., “Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile”, Internet RFC 3820, IETF, June. 2004.
12 Kanaskar, N., Topaloglu, U. and Bayrak, C., “Globus Security Model for Grid environment”, ACM SIGSOFT Software Engineering Notes, Vol. 30 No. 6, Nov. 2005.
13 Kim, B., Hong, S., Kim, J., “Ticket-based Fine-Grained Authorization Service in the Dynamic VO Environment” ACM Workshop on Secure Web Service, Oct. 2004.
14 Pearlman, L., et. al., “The Community Authorization Service Status and Future”, Proceedings of Computing in High Energy Physics, 2003.
15 Saleem, A., “Using the VOM portal to manage policy within Globus Toolkit, Community Authorisation Service & ICENI resources”, Proceedings of the UK e-Science All Hands Meeting, 2004.
16 Security Assertion Markup Language (SAML) V2.0 Technical Overview, OASIS, Oct. 2006.
17 Sotomayor, B.: The Globus Toolkit 4 Programmer's Tutorial. Globus Documentation Project, 2005.
18 The Globus Alliance: GT 4.0: Security: Community Authorization Service. Globus Documentation Project, 2005.
19 Welch, V., et. al., “X.509 Proxy Certificates for Dynamic Delegation”. In Proceedings of the 3rd Annual PKI R&D Workshop, 2004.
20 Welch, V. (Eds.), “Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective”, The Globus Security Team, July, 2005.
21 Welch, V., “Grid Security Infrastructure Message Specification”, Open Grid Forum, 2006.
網頁資料
22 Boutboul, I., “Manage credentials and access control in a grid application”, http://www.ibm.com/developerworks/library/gr-cred/index.html?S_TACT=105AGX52&S_CMP=cn-a-gr
23 The Globus Alliance, http://www.globus.org
24 WS-Trust (2005), “Web Service Trust Language (WS-Trust)”, http://www.ibm.com/developerworks/webservices/library/specification/ws-trust/
25 Java cryptography APIs, http://www.bouncycastle.org
26 Silva, V., “ Using Java with Globus Grid Security Infrastructure”, http://www.ibm.com/developerworks/grid/library/gr-ggsi.html指導教授 林熙禎(Shi-Jen Lin) 審核日期 2007-7-5 推文 facebook plurk twitter funp google live udn HD myshare reddit netvibes friend youpush delicious baidu 網路書籤 Google bookmarks del.icio.us hemidemi myshare