Method for searching optimum certificate chain facing risk evaluation

Abstract

The invention discloses an optimum certificate chain search method orientated trust certificate risk assessment. The invention adopts priority queue to construct certificate chains from given role to all other role expressions step by step according to increasing sequence of cumulative risk value until the target entity is located. In search process, if a connection role is found, a new round of optimum certificate chain search process starts from the root role of the connection role, so all related implicit certificates are acquired; in a similar way, if an intersection role is found, a new round of optimum certificate chain search process starts from each atom role of the intersection role, so all related implicit certificates are acquired. In the invention, each certificate chain which is obtained for the first time can be directly determined as an optimum certificate chain, so the invention greatly improves certificate chain search efficiency.

Description

technical field [0001] The invention relates to related technologies for searching an optimal certificate chain in a trust entrusted management system oriented to risk assessment, in particular to a method for searching an optimal certificate chain oriented to risk assessment. Background technique [0002] With the rapid development of the Internet, the form of software systems has undergone fundamental changes. From early network services to Web services, and then to intelligent Web services, software systems are changing from a closed, familiar user group and relatively static form to an open, publicly accessible and highly dynamic service model. This transformation complicates the security analysis of application systems in an open environment, and at the same time makes many security technologies and means based on traditional software systems, especially security authorization mechanisms, such as access control and some traditional public key certificate systems, etc. ...

AI Technical Summary

Problems solved by technology

This transformation complicates the security analysis of application systems in an open environment, and at the same time makes many security technologies and means based on traditional software systems, especially security authorization mechanisms, such as access control and some traditional public key certificate systems, etc. It is no longer suitable for solving security problems in an open environment. Traditional access control technologies are facing greater security challenges. The role-based trust entrusted management solution is a relatively effective solution among many trust certificate management methods in an open environment. It combines role-based access control and trust delegation management logic, and uses easy-to-express trust delegation management logic to describe role-based access control. Based on the foundation, how to efficiently and quickly find the certificate chain from a given entity to a given role in the trust certificate set has become one of the key issues of access control;

[0003] At present, there are some certificate chain search methods to solve the problem of certificate chain search in the role-based trust delegation management system, such as the more mature method of Ninghui Li et al., but this method does not consider the risk value of the trust certificate and only cares about finding a feasible path , so it is impossible to solve the problem of finding a certificate chain with the smallest cumulative risk value; in addition, Chapin et al. also proposed a certificate chain search method, which considers the risk value of trusted certificates, and can solve the problem of finding the optimal certificate chain with the smallest cumulative risk value problem, but the time complexity of this method is exponential. If the size of the certificate set is slightly larger, the search process cannot be completed within an effective time, thus losing practical application value, so it is not an ideal optimal certificate chain search method. ;

Images