自動信任協商(Automated Trust Negotiation)被提出以用於分散式系統架構之下進行存取控制以及認證之問題，其中心訴求是為了實現在多個虛擬組織之間的資源共享和協同運算，需要透過一種快速、有效的機制替數目龐大、動態分散的個體或組織之間建立信任關係，而服務之間的信任關係常常是動態建立、調整，需要依靠協商方式達成協同或資源共享的目的，並能維護服務的自制性、隱私性等安全需要。通訊雙方於協商過程中會透過指定的存取控制政策(Access Control Policy)來互相描述對方必須滿足的特徵，特徵通常是由憑據(Credential)構成，透過一連串的互相描述以及滿足，最後建立信任關係。
迄今為止，自動信任協商的研究方向包括基礎架構、存取控制政策和憑據、協商策略、協商協定、協商系統等等，本文著重於探討於信任協商當中存取控制政策的指定準則以及協商策略之研究。存取控制政策規範了欲存取受保護的資源所需滿足的憑據，但是為了避免跨領域間之政策一致性檢查機制過於複雜，因此對政策制定方式做出合理的約束是必要的，而僅透過制定政策的要求及表示政策的格式並未能真正為所有資源具體指定政策，而且政策指定須考量到權限問題，為了使自動信任協商能更明確執行，本文提出了一種專屬自動信任協商的、具體指定政策的準則，導入「權限分級」的概念。
另一方面，為了能夠使得建立信任關係的過程合理化，特定的協商策略便因應而生，在以往所提出的各種協商策略都各有其訴求，但是於運作模式的設計上仍有其缺陷存在，以Eager策略來說，其協商效率高，但是交握機制過程卻公開了與當次協商不相干的憑據，安全性令人堪憂；而PRUNES策略的安全性良好，但是由於其暴力回溯的概念，使得協商效率便相對緩慢。本文提出了一擷取所有協商策略的優勢並嘗試整合的混合型協商策略，以Parsimonious策略為基礎，保留其優勢，並加入了Eager與PRUNES的特性，且額外新增迭代計算來提升協商效率。於最後的實驗結果，證明本文所提出之協商策略確實兼顧了效能及安全性。

Automated trust negotiation is proposed to be used under the framework of distributed systems for the issues of access control and authentication. The most important demand is to achieve more resource sharing and collaborative computing between many virtual organizations. In order to implement the requirement, we need a fast and effective mechanism for the large number of dynamically distributed individuals or organizations to establish trust; in addition, the trust relationship between many network services often dynamically establish and adjust, so we need to rely on negotiation to achieve the purpose of collaboration or resource sharing and also can make maintenance of self-control, privacy and other security issues. Communicating parties in the negotiation process describe each other's characteristics that should be satisfied through the specified access control policies, and the characteristics usually consist of credentials. Via a series of descriptions and fulfillments, finally the two parties establish a mutual trust relationship.

So far, the research of automated trust negotiation interests include infrastructure, access control policy and credentials, negotiation strategies, negotiation protocol, negotiation systems…etc., this article focuses on the research about the assignments of access control policies and the processes of negotiation strategies in the trust negotiation. Access control policies are assigned to regulate credentials that should be satisfied while accessing protected resources; however, in order to avoid that the policy consistency checking mechanism is too complex in the cross-region, it is necessary to make reasonable constraints for policy assignments. Nevertheless, it cannot really concretely assign policies for all the resources only through setting up the policy requirements and representing the policy format, and authority should be also considered in policy assignments. To make the automated trust negotiation be more specific implementation, this paper proposed proprietary and concrete policy assignments and implement them with the concept "classification authority".

On the other hand, in order to make the process of establishing trust rationalization, a specific negotiation strategy will be proposed. In the past, a variety of proposed negotiation strategies had their own demands, but there are still several flaws for the design of the operation. For example, the Eager strategy, it has high efficiency, but the reason that it has disclosed irrelevant credentials in the handshake mechanism results in a poor security; the PRUNES, it has high security defense, but it makes low negotiation efficiency based on the concept of backtracking. In this paper, we retain the advantages of each of the negotiation strategy and try to integrate a hybrid negotiation strategy. Based on Parsimonious strategy, we have made a binding using the features of Eager and PRUNES strategies; in addition, we add iteration computing to improve the negotiation efficiency. In the experimental results, we have proved that the proposed hybrid negotiation strategy does take into account the performance and security.

目 錄
第一章、緒論	1
1.1、論文大綱	1
1.2、論文架構	5
第二章、相關研究背景	6
2.1、自動信任協商簡介	6
2.2、基礎體系架構	9
2.3、存取控制政策、憑據與協商策略	10
2.3.1、Access Control Policy	10
2.3.2、Credential	11
2.3.3、Negotiation Strategy	12
2.4、自動信任協商的應用	13
第三章、各種協商策略之比較	14
3.1、參數與政策表示的格式化	14
3.2、各種協商策略簡介	18
3.2.1、Eager Strategy	19
3.2.1.1、Concept	19
3.2.1.2、Properties	21
3.2.2、Parsimonious Strategy	21
3.2.2.1、Concept	21
3.2.2.2、Properties	23
3.2.3、PRUNES	24
3.2.3.1、Concept	24
3.2.3.2、Properties	27
3.3、特性與相關成本評估	28
3.3.1、分析方式	28
3.3.2、各項評估列表	30
3.4、總結	31
第四章、混合型信任協商策略	32
4.1、信任協商政策指定準則	32
4.2、混合型協商策略	51
4.2.1、A Hybrid Approach	51
4.2.2、Iteration using Classical Probability	54
4.2.2.1、Parameter Definition	54
4.2.2.2、Function Process	54
4.2.3、Implementation	58
第五章、實驗評估與分析	60
5.1、參數設定及模擬環境	60
5.2、模擬結果-效能評估	65
5.2.1、Negotiation Success Rate	66
5.2.2、Average Number of Handshakes	73
5.2.3、Cache Mechanism	76
5.3、模擬結果-安全性評估	82
5.4、相關成本比較	87
5.4.1、Memory, Computational, and Communication Cost	87
5.4.2、Comparison of Characteristic	89
5.5、綜合分析與討論	90
第六章、結論與未來工作	92
參考文獻	95


圖目錄
圖2.1 自動信任協商簡單實例圖	7
圖2.2 自動信任協商抽象架構圖	8
圖3.1 伺服器端政策無向圖	17
圖3.2 伺服器端政策相鄰序列圖	18
圖3.3 Eager策略完整動作示意圖	20
圖3.4 Parsimonious策略完整動作示意圖	22
圖3.5 PRUNES策略完整動作示意圖	24
圖3.6 PRUNES策略協商階段樹狀圖	25
圖3.7 PRUNES策略憑據交換階段有向圖	26
圖4.1 Eager策略缺陷示意圖	51
圖4.2 PRUNES策略優勢示意圖	52
圖4.3 Parsimonious策略缺陷示意圖	53
圖4.4 憑據成敗使用次數關係圖	55
圖4.5 混合型協商策略完整動作示意圖	58
圖5.1 協商成功率比較圖	72
圖5.2 平均交握回合數比較圖	75
圖5.3 快取機制交握比較圖	79
圖5.4 快取機制使用情形圖	80
圖5.5 快取機制綜合比較圖	80
圖5.6 憑據公開率比較圖	85


表目錄
表2.1 基於信任協商需求之4種政策語言比較表	11
表3.1 存取控制政策實例表-1	15
表3.2 存取控制政策實例表-2	19
表3.3 信任協商策略個體成本評比參數列表	30
表3.4 信任協商策略通訊成本評比參數列表	30
表3.5 信任協商策略各項特性比較表	30
表4.1 參數對照表	39
表4.2 資源等級演算法則	43
表4.3迭代取值演算法則	56
表5.1 環境參數列表	61
表5.2 隨機參數設定	62
表5.3 存取控制政策樣本-1	63
表5.4 存取控制政策樣本-2	64
表5.5 存取控制政策樣本-3	64
表5.6 存取控制政策樣本-4	65
表5.7 單次協商過程成功次數累計演算法則	69
表5.8 平均協商成功率演算法則	69
表5.9 環境參數數值設定(for Negotiation Success Rate)	70
表5.10 平均交握次數演算法則	73
表5.11 環境參數數值設定(for Average Number of Handshakes)	74
表5.12 快取機制搜尋演算法則	77
表5.13 快取機制憑據儲存演算法則	78
表5.14 環境參數數值設定(for Cache Mechanism)	79
表5.15 單次協商過程憑據公開累計演算法則	82
表5.16 平均憑據公開率演算法則	83
表5.17 信任協商策略個體成本評比參數列表(含新方法)	87
表5.18 信任協商策略通訊成本評比參數列表(含新方法)	88
表5.19 信任協商策略各項特性比較表(含新方法)	89

[1]	W. Winsborough, K. Seamons, and V. Jones, “Automated Trust Negotiation”, in Proc. of DARPA Information Survivability Conference and Exposition, Los Alamitos: IEEE Press, 2000, vol. 1, pp. 88–102

[2]	T. Yu, X. Ma, and M. Winslett, “PRUNES: An Efficient and Complete Strategy for Automated Trust Negotiation over the Internet”, in Proc. of ACM Conference on Computer and Communications Security, 2000

[3]	T. Yu, M. Winslett, and K. Seamons, “Interoperable Strategies in Automated Trust Negotiation”, in Proc. of the 8th ACM Conf. on Computer and Communications Security, New York: ACM Press, 2001, pp. 146-155

[4]	W. Winsborough, and N. Li, “Towards Practical Automated Trust Negotiation”, in Proc. of the Third International Workshop on Policies for Distributed Systems and Networks, 2002, pp. 92-103

[5]	T. Yu, M. Winslett, and K. Seamons, “Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation”, in Proc. of ACM Trans. on Information and System Security, 2003, 1(6):1-42

[6]	T. Yu, “Automated Trust Establishment in Open Systems [Ph.D. Thesis]”, Provo: Brigham Yang University, 2003

[7]	R. Jarvis, “Protecting Sensitive Credential Content during Trust Negotiation [Master Thesis]”, Illinois: University of Illinois, 2003

[8]	I. H. Katugampala, H. Yamaki, and Y. Yamaguchi, “Memory Complexity of Automated Trust Negotiation Strategies”, in Proc. of (PRIMA 2009), LNAI 5925, 2009, pp. 229-244

[9]	T. Yu, X. Ma, and M. Winslett, “PRUNES: An Efficient and Complete Strategy for Automated Trust Negotiation over the Internet”, in Proc. of the 7th ACM conference on Computer and communications security, Athens, Greece, November 01-04, 2000, pp.210-219

[10]	W. Chen, L. Clarke, J. Kurose, and D. Towsley, “Optimizing Cost-sensitive Trust-negotiation Protocols”, in Proc. of 24th Annual Joint Conference of the IEEE Computer and Communications Societies(INFOCOM 2005), 13-17 Mar. 2005, vol. 2

[11]	Y. He, M. Zhu, and C. Zheng, “An Efficient and Minimum Sensitivity Cost Negotiation Strategy in Automated Trust Negotiation”, in Proc. of International Conference on Computer Science and Software Engineering, 2008, vol. 3, pp.182-185

[12]	K. Seamons, M. Winslett, T. Yu, B. Smith, E. Child, J. Jacobson, H. Mills, and L. Yu, “Requirements for Policy Languages for Trust Negotiation”, in Proc. of the 3rd Int’l Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Washington:IEEE Computer Society Press, 2002, pp.68-79

[13]	 N. Li, J. Mitchell, and W. Winsborough, “Design of a role-based trust management framework”, in Proc. of the 2002 IEEE Symp. on Security and Privacy, Washington: IEEE Computer Society Press, 2002, pp.114-130

[14]	 G. Andro, “Automated Trust Negotiation Models”, in Proc. of the 33rd International Convention, MIPRO, 24-28 May 2010, pp.1197-1202


[15]	N. Li, J. Mitchell, and W. Winsborough, “Distributed Credential Chain Discovery in Trust Management”, in Proc. of the 8th ACM Conference on Computer and Communications Security (CCS-8), ACM Press, November 2001, pp. 156-165

[16]	Y. Song, F. Makedon, and J. Ford, “Collaborative Automated Trust Negotiation in Peer-to-Peer Systems”, in Proc. of the Fourth International Conference on Peer-to-Peer Computing (P2P’04), 25-27 Aug. 2004, pp. 108-116

[17]	E. Bertino, E. Ferrari, and A. Squicciarini, “Trust-X: A Peer-to-Peer Framework for Trust Establishment”, IEEE Transactions on Knowledge and Data Engineering, July 2004, vol. 16, pp. 827-842

[18]	T. C. Li, “A Reputation Mechanism Based on Collaborative Automated Trust Negotiation in P2P systems[Master Thesis]”, National Cheng Kung University, 2005

[19]	D. Xia, G. Zeng, Y. Huang, and Y. Bao, “Analysis of Automated Trust Negotiation Policy”, in Proc. of the 2nd International Conference on e-Business and Information System Security (EBISS), May 2010, pp. 1-4

[20]	J. X. Li, J. P. Huai, and X. X. Li, “Research on Automated Trust Negotiation”, Journal of Software, 2006, vol. 17, pp. 124-133

[21]	B. Liu; H. Lu; and Y. Zhao, “An Efficient Automated Trust Negotiation Framework Supporting Adaptive Policies”, in Proc. of the Second International Workshop on the Education Technology and Computer Science (ETCS), 2010, vol. 1, pp. 96-99

[22]	D. D′ıaz-S′anchez, A. Mar′ın, F. Almenarez, C. Campo, A. Cort′es, and C. Garc′ıa-Rubio, “Trust Negotiation Protocol Support for Secure Mobile Network Service Deployment”, in Proc. of IFIP International Federation on the Wireless and Mobile Networking, Boston: Springer, 2008, vol. 284, pp. 271-286

[23]	E. Bertino, E. Ferrari, and A. Squicciarini, “Trust Negotiations: Concepts, Systems, and Languages”, IEEE J. Computing in Science & Engineering, July-Aug. 2004, vol. 6, pp. 27-34

[24]	Y. Guo, H. Chen, Z. Yu, and H. Dong, “Generalized Trust Negotiation for Pervasive Computing”, in Proc. of ISECS International Colloquium on Computing, Communication, Control, and Management (CCCM '08), 3-4 Aug. 2008, vol. 1, pp. 684-687

[25]	E. Bertino, E. Ferrari, and A. Squicciarini, “X-TNL: A XML-based Language for Trust Negotiations”, in Proc. of the 4th International Workshop on Policies for Distributed Systems and Networks (POLICY’03), 2003

[26]	S. Guo, and W. Jiang, “An Adaptive Automated trust negotiation model and Algorithm”, in Proc. of International Conference on Communications and Intelligence Information Security (ICCIIS), 13-14 Oct. 2010, pp. 130-134

[27]	J. Huo, T. Ming, and H. Xu, “TTN: Towards Trust Negotiation for Grid Systems”, in Proc. of International Conference on Computational Intelligence and Software Engineering(CiSE 2009), 11-13 Dec. 2009, pp. 1-7

[28]	T. Yu, and M. Winslett, “A unified scheme for resource protection in automated trust negotiation”, in Proc. of Symposium on Security and Privacy, 11-14 May 2003, pp. 110-122

[29]	T. Leithead, W. Nejdl, D. Olmedilla, K. Seamons, M. Winslett, T. Yu, and C. Zhang, “How to Exploit Ontologies in Trust Negotiation”, in Proc. of 3rd Int’l Semantic Web Conf. on Trust, Security, and Reputation on the Semantic Web, 2004

[30]	H. Skogsrud, B. Benatallah, and F. Casati, “Trust-Serv: Model-Driven lifecycle management of trust negotiation policies for Web services”, in Proc. of the 13th Int’l World Wide Web Conf.(WWW2004), New York: ACM Press, 2004, pp. 53-62

[31]	T. Sundelin, “Surrogate Trust Negotiation Solving Authentication and Authorization Issues in Dynamic Mobile Network [MS. Thesis]”
Provo: Brigham Young University, 2003