CN101800755A

CN101800755A - Method for realizing credible and controllable network protocol

Info

Publication number: CN101800755A
Application number: CN 201010135553
Authority: CN
Inventors: 罗军舟; 韩志耕; 蒋健; 李伟; 杨明; 刘波
Original assignee: Southeast University
Current assignee: Southeast University
Priority date: 2010-03-30
Filing date: 2010-03-30
Publication date: 2010-08-11

Abstract

The invention provides a method for realizing credible and controllable network protocol. The method is as follows: a credibility decision layer, a credibility observation layer, a credibility resource layer and a credibility interaction layer are provided, wherein the credibility interaction layer realizes the interaction between the existing network protocol and the credibility resource layer, the credibility resource layer provides credibility flow to the credibility observation layer, and the credibility observation layer picks up characteristics from the credibility flow to provide a credibility view with good consistency and observability to the credibility decision layer; according to the observable credibility view, the credibility observation layer puts forward a control proposal which is supplied to the existing network protocol through the credibility interaction layer to reach control purpose; and at the same time, the credibility of all the protocol elements at that time is presented and supplied to the credibility observation layer in the form of historical credibility flow through the credibility interaction layer. Under the support of the four layers, the method enables the network protocol to be a closed self-feedback system in the whole processes from monitoring, detecting and analyzing to decision-making and control and satisfies the requirement of controllability over the predictability and the manageability of the implementation of the network protocol and the user action.

Description

A kind of method that is used to realize credible and controllable network protocol

Technical field

The present invention relates to network security and field of network management, specifically a kind of method that is used to realize credible controlled procotol, be used to realize procotol is carried out and the expecting, can manage of protocol entity behavior, for the credible controlled procotol of the next generation provides foundation structure.

Background technology

Procotol is the basic point and the standard of network interaction between peer entity.At present industry is to being used to guarantee not unified suggestion of network interaction safe structure in the Internet, even the main means that should adopt assurance network interaction safety are also uncertain.With regard to present open research, current research at network interaction fail safe and credible aspect can be divided into two major parts: based on the network interaction of hard security mechanism with based on the network interaction of soft security mechanism.

Mainly be meant by means of traditional means that guarantee network security based on the network interaction of hard security mechanism and may cause mutual unsafe factor to stop outside reciprocal process, to guarantee mutual fail safe, credibility those.Such mechanism thinks that security information possesses imperfection in the network system, the additional information that the security decision of system need rely on trusted third party to provide, the technology that extensively adopts mainly contains encryption, access control, service filter, flow control etc. at present, and representative research comprises: IPSec (IP Security) security system and the defence that DoS (Denial of Service) is attacked.Based on the network interaction of soft security mechanism mainly is to be that means are guaranteed mutual fail safe, credibility with sociology notions such as trust, prestige.Such mechanism thinks that network system shows as the dynamic cooperative system that is made up of a plurality of software services, system configuration just changes to service mode addressable and dynamic cooperative that open, public from the form towards sealing, the user group who knows well and relative static state, do not have the managerial authority of centralization to rely on, can't obtain the full detail of a certain main body; Under this dynamic and probabilistic environment, hard security mechanism can't adapt to this demand well.Representative research comprises: trustable network connects and credible protocol.The main research contents that these procotol structures and network interaction control and management are relevant is as follows:

1.IPSec security system

The internet security system still is in developing stage at present, and industry attempts to solve from different perspectives the safety problem of information interaction in the network.Computer circle standardization honor each working group of representative IETF also formed corresponding RFC and draft for this reason.Mainly comprise: DNSSEC working group forms RFC (2137,2535 and 2541), is used for DNS fail safe enhancing and safe DNS information synchronization and upgrades; IPSec working group has formulated IPSec (IP Security) security protocol standard; TLS working group focuses on and strengthens the mutual fail safe of transport layer information, based on the SSLv3.0 protocol issuance TLSv1.0 (SSLv3.1) Transport Layer Security draft, formed RFC2246; The shell fail safe has been studied by SECSH working group, and main achievement is SSH (one group of agreement that is used for carrying out safety long-distance login and the service of some other network on insecure network), does not form RFC, only forms draft; WTS working group mainly sets up secure HTTP service (SHTTP), only forms the RFC (2084) that clearly should organize action at present, and concrete work still is in the draft stage.Consider that each working group's research contents is overlapping to some extent, at present the common recognition reached of industry is that ipsec protocol and tls protocol (particularly the former) are very useful, also very necessary to solving internet security.

The ipsec network security system is mainly used in provides network layer information interaction security service end to end, intends guaranteeing safety of data transmission from agreement.IETF has announced a series of RFC recommended standards about IPSec for this reason, mainly contain RFC 2401 (Internet protocol security structure), RFC 2402 (IP authentication header AH), RFC 2403 (adopting the HMAC-MD5-96 standard among enhancement service point and the AH), RFC 2404 (adopting the HMAC-SHA-1-96 standard among enhancement service point and the AH), RFC 2406 (IP ESP enhancement service point), RFC 2409 (Internet cipher key change), RFC2410 (NULL cryptographic algorithm and the application in IPSec thereof), RFC2411 (IPSec document list), RFC1829 (enhancement service point DES-CBC conversion) etc.IPSec provides authentication, data integrity, three kinds of protection forms of confidentiality by AH (checking head) agreement, enhancement service point (ESP) agreement and IKE (internet key exchange) agreement, has realized comprising to services such as network element access control, data source authentication, connectionless integrity service, replay data newspaper monitoring/refusal, data confidentialities.It is emphasized that IPSec is not an independent agreement, it has provided a whole set of architecture that is applied to network data security on the IP layer; IPSec has not only defined the security service that the IP layer uses, and also can provide transparency protected for upper layer data simultaneously.

2.DoS attack defending

Attack as a kind of resource-hungry, DoS has brought potential safety hazard to information interaction in the network; Because the opening of system inherence, the Internet, does not still have real effectively safe practice with general connective at present in order to tackle this type of attack.It has been generally acknowledged that and internet architecture do not carried out under the prerequisite of great change that it is extremely difficult thoroughly defending such attack.From existing research, in order to alleviate the harm that DoS attack brings to information interaction in the network in varying degrees, by internet architecture being implemented change in various degree, strengthen in the network some key point to the control ability of packet, occurred such as based on defense schemes such as service filter, resource-sharing, network capabilities and audits.

Defense schemes based on service filter is thought; the tradition access control technology destroys and steals when attacking in reply can implement service filter at destination usually; so can't be applicable to DoS attack; best method is on the nearest router in attack source filter to be set, thereby can utilize abundant filter to stop attack traffic.Effective method comprises: initiatively Internet service is filtered (AITF) mechanism, determines last credible point on every attack path by the IP route record mechanism of using a kind of variation, and at this some filter is set and stops attack traffic; Another is for server subnet the protection border to be set; the control point is set on the server subnet border carries out the IP encapsulation and mails to a deblocking point going to data in server; when a server was under attack, the deblocking point can be provided with filter in the encapsulation point that attack traffic encapsulates.

Do not attempt to distinguish legal and attack traffic based on the defense schemes of resource-sharing, but by for all users more optimally Resources allocation so that alleviate the influence that DoS attack brings.This mechanism considers that DoS attack and Flash Crowds are similar, thinking congested is not to be caused by single network stream or professional generally increasing, but by one group of grouping that extensively is distributed in a lot of streams, polymerization in other words causes, so tradition is not suitable for controlling DoS attack based on the congestion control mechanism of single stream.Congested control (the ACC of polymerization, Aggregation Congestion Control) mechanism is typical case's representative of this type of defense schemes, this mechanism is applicable to carrying out flow detection and control with the business that is polymerized to granularity between congested control of the single stream of tradition and active queue management.

The defense schemes of ability Network Based was divided into for two stages with network interaction by ability; Ability is set up and transfer of data, and these two stages all involve numerous authentication nodes on transmitting terminal, receiving terminal and the data transfer path.Ability is set up process, and at first transmitting terminal sends a capability requests to receiving terminal; Then each authentication node is stamped a specific markers for this request grouping and with its forwarding on the path, underlined formation " ability " together; Last receiving terminal returns to transmitting terminal with ability.TVA (Traffic Validation Architure) is typical case's representative of such scheme, in the application by the TVA support, all data that transmitting terminal is issued receiving terminal all contain capable, and each authentication node is by authenticating to guarantee the security credibility of network interaction mark of correlation in the ability.Need to prove,, make authentication node under the situation of not knowing network connection state (promptly not knowing divide into groups transmitting terminal and receiving terminal), just can remember the row authentication into the ability acceptance of the bid because TVA has used the smart tags technology in ability.

Think that based on the defense schemes of audit existing network lacks auditability at the fragility that shows aspect the DoS attack network that has its source in, existing the Internet system does not have specific behavior to the related ability of implementing entity, and auditing possibility must be as the important goal of the Internet System Design.For overcoming numerous defectives that existing other scheme exists, such as mechanism complicated (complex mechanism of introducing as the scheme of ability Network Based has been destroyed the opening of the Internet), rely on trusted entity (need obtain the support of trusted certificates authorized party and credible address registration center as the S-BGP scheme), operation responsive (requiring correctly configuration filter of operator) as scheme based on service filter, take into account the terseness of existing the Internet simultaneously, attempt to adopt Internet protocol AIP (Accountable Internet Protocol) the replacement IP agreement of to audit based on the scheme of audit; AIP uses the network address of the checking certainly collection of level type, and each address all is the function of entity public key.In addition, AIP can also the reply source deception, route is kidnapped and malicious attack such as route forgery.

3. trustable network connects

David Clark points out that the next generation network security system should comprise a perfect faith mechanism, be used for the relation of between network entity, breaking the wall of mistrust, and trusting relationship is converted into trust chain, and finally form a trust network space, guarantee the credibility of network interaction with this.Based on this kind conception, American National natural science fund assistance in 2006 information space trust (Cyber Trust) project, national research council has also proposed information space and has trusted research proposal.

Similarly, as far back as the early 1990s in last century, the auspicious academician of famous information security expert Shen Chang solves the secure interactive problem with regard to proposing to start with from terminal, and this is the essence recurrence to safety problem.In recent years, the rise of " credible calculating " is just to the approval of this thought.Structural dangerous in order to solve information terminal, promoting reliable computing technology in the world, so that strengthen the credibility of network interaction from fundamental aspect; With strongest influence powerly in all researchs be, the credible calculating platform group TCG (Trusted Computing Group) that takes the lead by companies such as Compaqs, this tissue is devoted to strengthen the fail safe of information interaction always on the computing platform architecture, formulated " trustable network connection " standard TNC (Trusted Network Connection) specially, this standard adopt standard interface definition a disclosed standard, with traditional network security technology and " credible calculating " technology combination, reliable hardware TPM (Trusted Platform Module) is integrated in the trustable network linked system structure, plan is root of trust by trust chain thought with manufacturer's hardware, up trust layer by layer, set up trusted computation environment, mistrustful accessing operation is controlled at the source end, makes up believable interactive environment with this.

4. credible protocol

Present a kind of viewpoint thinks that the security credibility of network interaction should be structured on the network trusted technology, such technology is credible by increase behavior on the basis of legacy network safe practice, strengthened dynamic process, thereby the network security and the service quality control that can be intelligent adaptive provide the strategy basis to network behavior and state; This requirement need be jumped out traditional research thinking at the research of the Internet system, the believable notion of reference system, the research that tradition is isolated is fused under network trusted this target, and by making up believable network architecture, thereby user oriented provides system-level security service.Than the tool characteristic in all correlative studys is the trustable network of the Lin Chuan of Tsing-Hua University professor team proposition and the credible protocol in this framework.They think, but the credibility of network is construed as the fail safe survivability of network service, and the controllability of network; Believable network should be that network behavior and result thereof are expected, can accomplish that behavior state can be monitored, behavior outcome can be assessed, the abnormal behaviour may command.

On this basis, they spell out a kind of believable network architecture and can be made of datum plane and credible control plane, by realizing control and management and the credibility of guaranteeing network separating of data forwarding function.Datum plane is responsible for bearer service, ensures the credibility of procotol; Credible control plane comprises one group of credible protocol, be responsible for providing the control signaling of complete unanimity, realization is supported trust information sharing between trusted users, and is driven and coordinate concrete behavior control mode distributed capture, propagation and the processing of user and network operations information; Datum plane is accepted the supervision of credible control plane, and credible control plane is then opened some access interface to datum plane, thereby makes network entity and business can know the network operation and whether credible alternately; Network can be the operational mode of certain pattern of business customizing according to customer requirements also, authorizes higher level of trust, embodies higher credible security level.

On the whole, the continuous development of new technology, network system more sophisticated isomery, also variation day by day of the unusual and attack of network, the demand of service quality also constantly develops, and everything makes the credible controlled procotol of structure ensure that fail safe, credibility and the extensibility of information interaction in the network have meaning.

Yet, though hard security mechanism has guaranteed the fail safe and the trustworthiness of network interaction to a certain extent, but the design of many hard security mechanisms seldom touches the core content of architecture at present, be in the periphery disabled user and unauthorized access to be carried out shutoff by additional mechanism such as single defence, single information security and patch installing mostly, set of rule does not effectively integrate these security mechanisms to guarantee the security credibility of information interaction in the network.In fact, IPSec can only guarantee the safety that network layer information is mutual, and safety comprises the problem of many levels and aspect, can't guarantee that information interaction exempts from following attack in the whole network: on the one hand, the attack of initiating from the above application layer of network layer, as utilize the system buffer to overflow or the method for wooden horse; On the other hand, because encrypting and decrypting all needs to spend a large amount of CPU times, the hacker is by sending a large amount of encrypted packets that seems to be correct random filling to destination host, destination host a large amount of CPU time of cost is decrypted computing and can not responds other request, thereby causes Denial of Service attack; Moreover IPSec requires communicating pair to be necessary for the realization communications protection and safeguards required security strategy and Security Association, if make any third party not about the security parameter of this communication, can not forge, peep communication data.If the hacker has stolen the key that communicating pair is consulted, pretend to be validated user to start to attack to destination host, this disguised the attack in case success will be fatal to the security credibility of network interaction.Though the defence DoS attack is the significant challenge that present the Internet faces, and is not the whole of internet security problem.In designing, implementing and manage to exist fragility on each link inevitably, therefore, the network interaction that is based upon on the hard security mechanism is dangerous and incredible certainly for what is more important, security mechanism.

Though soft security mechanism has been considered the safety issue of information interaction under the situation of and attack or destruction objective reality inevitable in system's fragility, still has many deficiencies with regard to present research.One, research from trustable network connection aspect, though the research of trustable network connection has at present obtained important achievement, these achievements have been brought into play important effect to the development of information system security, but because the research that trustable network connects still is in developing stage with practice, also exist research still to rest on the engineering aspect, lacking theoretical model supports, problems such as architecture is imperfect, the most significant aspect is, existing research emphasis is placed on faith mechanism itself mostly, shortage is studied the controlling mechanism that faith mechanism relied on, can't implement management control to the interbehavior of entity, thereby be difficult to anticipate network interaction implementation and result.Its two, from the research of credible protocol, though credible protocol need outside the trusted mechanism to have emphasized controlled viewpoint, network trusted control is not well solved; Credible protocol focuses on to be attempted to make up malicious act and not to prove effective as yet or destroy the still undiscovered control method of result, but proved effective already or when destroying the result and being denied with regard to deceptive practices, credible protocol still lacks the malicious act that corresponding postaudit mechanism exists during agreement is carried out and implements to investigate punishment.

Summary of the invention

Goal of the invention: for overcoming the deficiencies in the prior art, it is considered herein that, guarantee following network interaction secure and trusted, a kind of feasible outlet is to develop to possess credible and procotol controllable characteristics, need to accomplish following 2 points simultaneously: one, the credibility of service that procotol provides need be guaranteed from user's angle, the controllability that procotol is carried out need be guaranteed from the protocol architecture design point of view; Its two, credible and controllability can be accomplished good fusion in the credible and controlled framework of agreement.Realize above-mentioned 2 points, the credible control of procotol must effectively be solved, and can provide necessary trusted mechanism that the procotol implementation is effectively managed and controlled.For this reason, the present invention is intended to utilize the existing network protocol structure, logically makes up a kind of credible controlled procotol structure thereon, and provides corresponding control methods, make procotol have fail safe when satisfying convenient the management, realize expecting, can manage the procotol behavior.Till, the invention provides a kind of method that is used to realize credible controlled procotol, be used for realizing to user behavior, procotol operation and control of procotol resources effective and management, be subjected at network under the situation of internal and external interference, the detection that the procotol state is also continued user behavior, analysis and decision, and then to protocol devices, the Control Parameter of protocol is carried out the adaptive optimization configuration, make the transfer of data of procotol, protocol resource distributes and user's service reaches the degree that can expect, the controlled foundation structure that provides for procotol, solve the controlling technology problem of current network agreement on the whole, guaranteeing provides believable service to procotol executor and user.

Technical scheme:

A kind of method that is used to realize credible and controllable network protocol, on the basis of existing network protocol structure, increase credible controlled four layers of logical construction, thereby realize expecting and can managing of procotol execution, credible controlled four layers of logical construction comprise trust decisions layer, trust observation layer, trusted resource layer, trust alternation of bed; The specific implementation method is as follows:

Timely perception is carried out in the various actions to procotol term of execution of step I, trusted resource layer, and the result of perception and monitoring is converted into based on seasonal effect in time series trusts stream, and promptly the current reliability of network component changes, and sends to the trust observation layer by trusting alternation of bed;

Trust observation layer by converging from the trust stream of trusted resource layer and the historical reliability of giving by the constituent element historical behavior Network Based of trust decisions layer feedback, degradation anomaly and user behavior under procotol fault, malicious entities attack and the service quality are in time detected, and from abstract, discrete reliability data, extract relevant dystropic feature, be unusual and situation of change according to the feature identification trip, be transmitted to the trust decisions layer by trusting alternation of bed with considerable simple and clear form;

Step I ii, the trust decisions layer is according to trusting the observed result that observation layer provides, employing is based on game, voting, collaborative, competitive method, change situation and network system interests of the whole maximization angle from the network component reliability, provide the concrete scheme that the Control Network agreement is carried out, being characterized as that this control is implemented carried out continuous updating to abstract trust stream, and affact procotol to reach the purpose that control is carried out by trusting alternation of bed, the reliability that provides this each network component of moment simultaneously feeds back to the trust observation layer with the form that the history trust flows, as the historical reliability of constituent element historical behavior Network Based being given described in the step I i afterwards.

The feature of trusting stream described in the step I of the method that is used to realize credible and controllable network protocol of the present invention also comprises based on seasonal effect in time series agreement user behavior information except comprising the timing variations of protocol entity behavior.

Procotol control under said structure supports involves perception and monitoring, understanding and detection, judgement and decision-making, control and can reach four function links, finished by these four the logic function parts cooperations of perceptron, observer, decision-making device and actuator respectively, whole control process is as follows:

(1) perceptron monitor procotol carry out be subjected to variation that extraneous behavior disturbance takes place after, to change to trust the streamed observer that offers based on behavior of seasonal effect in time series network component and agreement user behavior, the mode of perception and monitoring can be centralized monitoring, distributed self check or third party's announcement etc.;

(2) observer compiles trust stream that perceptron submits to and decision-making device and trusts network component and user's reliability change histories of streamed submission with history, understand with detect after intermediate object program is trusted view with global coherency and ornamental form submit to decision-making device.Understand with detection means and comprise several stages such as trusting admittance control, unusual mutual detection, controllable characteristics extraction.Wherein, trusting the admittance control stage mainly distinguishes the reliability data after compiling by mechanism such as measurement, detection, tokens; Unusual mutual detection-phase is mainly by identifying unusually distinguishing back reliability data such as abnormality detection algorithms such as behavior detection techniques such as justice is mutual, undeniable and trust data statistics; The controllable characteristics extraction stage is mainly by such as controllable characteristics extraction algorithms such as behavior clusters, generate four steps the suspicious network component behavior that has identified is handled by off-note extraction, invariant features selection, network component behavior cluster, signature, so that produce the characteristic signature of network component abnormal behaviour, as the basic element of trusting view.

(3) decision-making device compiles trust view that observer submits to and the actuator network component reliability value of giving according to the procotol implementation status with the streamed feedback of original trust, judge with decision-making after intermediate object program is handled by two kinds of forms: submit to actuator, trust the form that flows with history and feed back to observer with the form of trusting control flows.The means of judging and making a strategic decision mainly comprise trust filtering, trust revaluation, several stages such as guarding, trust prediction, control generation vibrate.Wherein, trust filtering and trust two stages of revaluation take turns to the reliability The data after compiling successively based on the reliability data one by one examination of reliability filtering techniques such as credit value or personalized similarity to non-honesty, and the data after adopting the multiple assessment algorithm to examination carry out different levels, different dimensions, varigrained reappraising, till intermediate object program is tending towards convergence; Intermediate data after stable has two kinds of output forms: the form of trusting stream with history feeds back to observer, handles with the form products for further of initial data.Vibration is guarded and is trusted two stages of prediction according to above-mentioned intermediate object program, adopts strategies such as game, voting, collaborative, competition successively network component burst fluctuation behavior, the improvement of network component reliability and many aspects such as deterioration, the unconscious misdeed of network component, network component behavior congruence and network component future behaviour to be measured successively, distinguish, tolerate, reflected and predict; On this basis, the control generation phase proposes the procotol controlling schemes from current situation of system and interests of the whole maximization angle, submits to actuator with the form of trusting control flows;

(4) actuator is controlled the trust control flows of decision-making device submission and can be reached processing, and final result is handled by two kinds of forms: the procotol form mutual, that flow with original trust that acts on the band disturbance with the form of trusting control command feeds back to decision-making device; Control and the means that can reach mainly comprise several stages such as peer-entities selection, credential security exchange, agreement controllable execution, execution result feedback.Wherein, the peer-entities choice phase enables peer-entities and selects to serve the trusted entities of selecting to participate in this procotol operation in the multiple entity of comforming according to trusting the peer-entities choice criteria of formulating in the control flows (such as the reliability threshold); The credential security switching phase is by encrypting and technical construction protocol interaction voucher such as digital signature and exchange these two steps of voucher in the security service framework, realize that selected inter-entity agreement behavior and agreement carry out the related in twos and binding of back reliability feedback, with the completeness of guaranteeing the reliability feedback information and the accountability of agreement execution; The agreement controllable execution stage is carried out concrete procotol between peer-entities mutual, and protocol status is followed the trail of, and advises that according to trusting to control in the control flows execution is implemented dynamically to control to protocol anomaly; The execution result feedback stage, trust evaluation is carried out in the entity behavior that monitors on the one hand agreement being carried out, form with original trust stream feeds back to decision-making device, on the other hand, carry out the control effect according to the epicycle agreement and advise dynamically adjusting again, act on the network system of band behavior disturbance with the form of behavior control command trusting to control in the control flows.

(5) behavior control is with the behavior disturbance, dynamically adjusts trusting situation in the network system, makes to trust situation along with procotol tends towards stability alternately in the network system, and whole control process is moved adaptively with the closed loop feedback form.

Beneficial effect:

Effective part of the present invention is:

The mutual basic element of each interlayer is to trust stream in four layers of credible steering logic structure, the feature of this trust stream is with the signal fluid existing network network protocol parameter based on sequential with consistency pattern, procotol operation and network service quality, this signal flow comprises by trusting the reliability situation of change of alternation of bed mechanism acquisition based on seasonal effect in time series user behavior, procotol state and each network component, can in time reflect ruuning situation, the abnormal conditions of network service and protocol resource.

In the new credible and controllable network protocol structure,, both separation have logically been realized though protocol data-flow and agreement control flows both take identical channel simultaneously by trusting trusted mechanism realization transmission in the alternation of bed; In the new credible and controllable network protocol structure, all are all described with the trust stream of abstract aspect based on the service operation situation that seasonal effect in time series procotol state parameter, procotol entity behavior parameter, procotol realize, the realization behavior is consistent what describe with service, for the ornamental of describing provides the foundation; Based on the new control method of New Deal structure, make whole procotol move in the mode of closed loop self feed back, guarantee the procotol self-diagnosable, recover ground certainly and return stable state.

Do not have a complete understanding clearly around the credible and controllable network protocol problem at present, procotol when existing procotol theoretical tool is not enough to finish malicious act existed is analyzed, believable procotol control method waits to inquire into, and still a neither one credible and controllable network protocol model or a cover procotol control method satisfy three essential characteristics that believable network control that GENI thinks should possess: system information source, believable decision-making diagnosis mechanism and adaptive system control method reliably.The present invention compared with prior art has the following advantages:

(1) existing procotol only provides standard for the information interaction between peer-entities in the network, do not consider under inevitable and attack or the destruction objective reality situation interbehavior to be implemented the problem of control, be difficult to fail safe and credibility that guarantee agreement is carried out in network system fragility.Protocol interaction control problem when the present invention is mainly used in and realizes that malicious act exists, it is mutual to guarantee can carry out arbitrarily between the network component of any a group " behavior is good " the expected procotol of safety, and makes malice or the network component destroyed can't be intervened this mutual.

Control problem when (2) existing procotol control theory and method are only considered the protocol interaction fault, the result that will be in reciprocal process detected malicious act such as switch political loyalty is brought also is considered as fault.The present invention considers that not only malicious act is different from the particularity of general protocol fault, especially reactive mode is shifted to an earlier date, system's reliability that reliability feedback that provides based on the self adaptation trust management and the analysis of reliability monitoring and evaluation obtain changes situation, focuses on to make up malicious act and do not prove effective as yet or destroy the still undiscovered control method of result;

(3) in network system under the deceptive practices objective reality situation, existing network protocol can't provide the arbitration foundation for the network interaction dispute, is difficult to the auditing possibility, the credibility that guarantee that procotol is carried out.The present invention considers the particularity of the attack or the destruction of deceptive practices difference and malicious entities, the procotol implementation is dissolved in collection, maintenance and the checking of network interaction incident and the closely-related non-repudiation evidence of behavior, is focused on and make up deceptive practices and proved effective already or destroy the procotol manner of execution that the result is denied;

(4) organically blended credibility and controllability of the present invention, can satisfy diversified procotol operational objective, in time setting up network interaction view accurately, implement the straight-forward network agreement control of convenient and efficient, is improving and innovation existing network protocol design, control and management theory;

(5) the present invention has set up the consistency principle based on credible considerable trust view, set up the credible controlled design of procotol, provide to trust degradation anomaly and user's abnormal behaviour standard to describe under protocol malfunctions, malicious attack and the service quality that stream is unified standard, in order to ruuning situation, the invasion situation of reflection network protocol service and protocol resource, can solve the complicated diversified problem of management logic in the present procotol hierarchy of control;

(6) the present invention is advanced to credible research with traditional safety research based on Internet Protocol next generation, and and the network management mechanism combination, emphasize the credibility and the controllability of protocol interaction behavior and user behavior are measured and assessment, change legacy network single defence in mutual, single information security patch, provide new approaches for effectively solving the network interaction safety problem.

Current society, the effect basic, of overall importance of information network strengthens day by day, the credible controlled key factor that influences social economy's harmonious development and national security that becomes of information interaction in the network.Yet along with the develop rapidly of network technology and application, the appearance of multiple terminals, multiple services fusion, complexity, isomery and characteristics such as ubiquitous appear in the Internet day by day, the current network system has exposed wretched insufficiency, network is faced with great actual challenges such as serious safety and management, ensures the credibility of network interaction and the active demand that controllability becomes current network development.Under this background; we propose credible controlled procotol structure; with credible and controlled problem system, that open, unified flexi mode solves network interaction; realized comprehensive consideration of network interaction; for credible controlled crucial interaction technique is created in the deployment of large-scale internetwork more, will contribute share for the research and the construction of China's information network of future generation.

The explanation of accompanying drawing table

Fig. 1 is a procotol structure chart of the present invention.

The network system trust state transition graph that Fig. 2 realizes for the present invention.

The procotol control procedure figure that Fig. 3 realizes for the present invention.

Fig. 4 carries out framework for a kind of logic of the procotol that the present invention realizes.

Embodiment

Embodiment: a kind of credible controlled procotol structure as shown in Figure 1, it is not that the arbitrary network protocol architecture of overthrowing in existing OSI seven coating systems and TCP/IP four coating systems is rebuild the new procotol structure of a class, but increase credible four layers of controlled logical construction on this basis, it comprises " trust decisions layer ", " trust observation layer ", " trusted resource layer " and " trust alternation of bed " four levels, wherein trust alternation of bed and realize the mutual of existing network protocol and trusted resource layer with unified shared platform pattern trusty, the trusted resource layer will obtain based on the seasonal effect in time series user behavior by alternation of bed mechanism, procotol state and procotol resource, trust alternation of bed and offer the trust observation layer with the form of " trusting stream " with the reliability change information of sequential and by the historical reliability of the relevant constituent element of decision-making level's service, trust observation layer from abstract, extract feature in the discrete trust stream, and provide a trust view with better consistency and ornamental by analyzing to decision-making level, the trust decisions layer is according to considerable trust view, change situation and the maximized angle of interests of the whole from the current reliability of system, provide the reliability of each constituent element in the system, and proposition controlling schemes, offer procotol by trusting alternation of bed, reach the purpose of control.

Procotol is in service may pass through a plurality of trust states, the purpose of control is to make whole procotol closed loop with self feed back in the runtime move, as shown in Figure 2, after the procotol system trusts intermediate state (a plurality of intermediatenesses that the behavior disturbance produces) by initial trust stable state process, enter and trust control state (a plurality of intermediatenesses that produce in the behavior control procedure), finally revert to the trust stable state, form the control system of a closed loop.

Under this credible and controllable network protocol structure, procotol system control procedure as shown in Figure 3, concrete steps are:

(1) the procotol system is changed by extraneous behavior disturbance, and perceptron monitors the disturbance of procotol system, and the variation of procotol state and protocol entity behavior is offered observer to trust stream based on time series;

(2) observer is to understanding from the history that trust flows and decision-making device the feeds back trust stream of perceptron output and detecting, to the doubt problem is arranged, carry out check and analysis, thereby provide a visual trust view to decision-making device for whole procotol behavior, protocol status and service scenario;

(3) decision-making device is according to flowing from the visual trust view of observer and the original trust of actuator feedback, carry out consistency analysis, these analyses comprise trust filtering, trust revaluation, behavior early warning, vibration are guarded, behavior prediction etc., decision-making device is according to these analyses based on integral body, take concrete control measure, and the result is handled by two kinds of forms: propagate to actuator, trust the streamed observer that feeds back to history with the form of trusting the trust control flows in the stream;

(4) actuator is responsible for carrying out control command, comprise that not only entity selection, constituent element are isolated, credential gathering, also comprise feedback the agreement implementation status: with behavior control command form act on the procotol interactive stream of band disturbance, with the streamed decision-making device that feeds back to of original trust;

(5) control and disturbance are dynamically adjusted trust data in the system together, and its final purpose is to make that trusting situation in the network system returns stablely along with procotol is mutual, and whole control process is moved adaptively with the closed loop feedback form.

In conjunction with the trust management of robust and the undeniable service of safety, formed a kind of procotol execution mode based on above-mentioned closed loop control method.Specifically, procotol is carried out the logical functional entity that involves carry out role's division by the trust management requirement, the logic function assembly is carried out aspect by protocol architecture to be divided, utilizing end to end, trust evaluation, third party trust the two kinds of patterns of recommending, in undeniable service framework, realize the enforcement on the credible and controllable network protocol logical meaning, comprise agreement fundamental and protocol logic execution framework.Specifically be described below:

Table 1 constitutes pattern for a kind of fundamental of the procotol that the present invention realizes.The agreement fundamental comprises logical functional entity and logic function assembly, and is as shown in table 1:

Table 1

One, logical functional entity comprise trusts object, trusts the executor, trusts main body and trusts the nominator:

(1) trusting the entity that object is meant that the main body of need establishing trust for participation agreement is mutual is trusted, can be to participate in the mutual network component and the network user, trusts emphasis and should be placed in entity identification, entity state and the entity interaction behavior.

(2) trusting the executor and be meant the entity of trusting mutual control according to the strategy execution of trusting the main body formulation, can be to carry out the physical location of control alternately, also can be one group of relevant algorithm and mechanism.

(3) trust main body and be meant, and the authorizes trust executor carries out the entity of trusting control according to the interbehavior execution trust management of trusting object.

(4) trusting the nominator is the trust main body of specific type, can finish trusting the trust management of object by trusting the auxiliary trust of the mode main body of recommending according to the behavior trust record that is had.

Its two, the logic function assembly comprises trusted edge layer protocol assembly, trusts the enhancement layer protocol component, trust evaluation layer protocol assembly and trust the alternation of bed protocol component:

(1) trusted edge layer protocol assembly

" behavior request point " operates in and trusts on the object, is used for proposing the behavior request to " trust and carry out point "." dispute initiation point " as the function subelement of behavior request point, when trusting object when having objection alternately, proposes dispute by it to " dispute process points " and handles request.Trust the execution point and operate on the trust executor, control trusting object according to the control command that " behavior mandate point " given.The function subelement that " dispute process points " conduct " is trusted and carried out point " operates in trusts the executor place, is responsible for receiving dispute and handles request, and resolve a dispute according to the strategy that " dispute is accepted a little " provides." behavior mandate point " " operate in and trust on the main body, will " trust and carry out point " control request of submitting to and be transmitted to and trust interactive service side, and will finally trust control strategy and feed back to " trust and carry out point "; In addition, trust the nominator and recommend the trust main body by the existing trust control strategy that " behavior mandate point " will be relevant with control request." dispute is accepted a little " is responsible for sorting out, analyzes and transmitted dispute processing request and give " dispute solution point ", and the dispute resolution policy is fed back to " dispute process points " as the function subelement of behavior mandate point.

(2) trust the enhancement layer protocol component

" strengthen request point " operating in and trusting the object place, and the assessment result request that provides according to " trust evaluation point " operates in " the enhancement service point " of trusting the main body place provides corresponding strategy to improve the credit value of trusting object." mutual test point " operates in and trusts the executor place, is responsible for providing the service of the admittance control before trust data is put in storage, detects the false mutual pseudo-trust data that produces." trust data accessing points " operates in and trusts the main body place, is responsible for using corresponding resource location mechanism that credible controlled data access service is provided.

(3) trust evaluation layer protocol assembly

" trust metrics agency " operates in and trusts the object place, is responsible for collecting the assessment evidence, and it is submitted to " trust evaluation point "." trust filtering point " operates in and trusts the executor place, is responsible for data are carried out trust filtering, rejects the data from strategy vibration entity, thereby guarantees the consistency of trust data.The trust evaluation point operates in trusts the main body place, utilizes the trust evaluation algorithm to carry out trust evaluation." trust future position " operates in equally and trusts the main body place, predicts its future behaviour trend according to the existing behavior context of trusting object." trust and recommend point " to operate in and trust the nominator place, have and some relevant trust evaluation evidence of trust object, and make recommendation when being necessary.

(4) trust the alternation of bed protocol component

" trust mutual customer ", have a safe lane between " trust feedback point ", " trust interactive service side ", " dispute solution point ", " trusting recommendation service side ", can obtain the trust evaluation evidence of being submitted to from " trust metrics agency " and " trust recommendation point " by its " trust evaluation point "." trust feedback point " operates in and trusts the executor place, by analysis protocol interaction result, thus necessity foundation of submitting to corresponding suggestion to carry out for " trust interactive service side " as the following agreement of decision-making.The function subelement that " dispute solution point " conduct " is trusted interactive service side " operates in trusts the main body place, and the dispute of being responsible for receiving from " dispute is accepted a little " solves request, and makes the dispute resolution policy.

The credible and controllable network protocol logic is carried out framework and is comprised trust control and deny control two parts, as shown in Figure 4:

First: trust control (the map network agreement is carried out the trust configuration in early stage and carried out the trust flow management in mid-term)

Step 0: in the protocol initializing stage, trust mutual customer and find, confirm and load the trust metrics agency, the trust evaluation point detects in trust interactive service side.

Step 1: the behavior that execution point trust object is trusted in the announcement of behavior request point changes situation, trusts the execution point and also can perceive this announcement by monitoring the way of trusting the mutual flow in object place.

Step 2: change situation at the behavior of trusting object, trust an execution point request behavior mandate point and implement trust evaluation.Have the decision scheme that this class behavior of control changes situation if trust is carried out point, then according to this trust object is implemented corresponding behavior control.

Step 3: name a person for a particular job behavior trust evaluation demand of behavior mandate is transmitted to and trusts interactive service side.

Step 4: trust evaluation point retrieval (by step a and b) is trusted the behavior trust record of object, changes the step 9 if exist then.

Step a and b: trust evaluation point is accepted by trust filtering point and T dispute and a little retrieve trust data in network.

Step 5A: mutual customer is trusted in trust interactive service side's request provides the trust evidence to be used to implement trust evaluation.

Step 5B: trust request trust recommendation service side, interactive service side the behavior trust of trusting object is made recommendation.

Step 6A: trust mutual customer and start trust metrics agency tolerance trust evidence, and obtain corresponding results.

Step 6B: trust recommendation service side and start trust recommendation point retrieval trust record, and return corresponding recommendation information.

Step 7A: trust mutual customer and integrate the tolerance result, and submit to trust interactive service side by safe lane.

Step 7B: trust recommendation service side relevant recommendation information is submitted to trust interactive service side by safe lane.

Step 8: submit to the trust evaluation point after the trust evaluation information that trust interactive service side's initial analysis is obtained, wait for the PRELIMINARY RESULTS of trust evaluation simultaneously.

Step 9: trust evaluation point is treated appreciation information based on pre-configured Rules of Assessment and is carried out trust evaluation, and PRELIMINARY RESULTS is fed back to trust interactive service side.

Step 10A: trust interactive service side the entry evaluation result is announced to trusting mutual customer, be used to improve (by step c and d) and trust the object reliability.

Step c and d: according to trusting the prestige improvement suggestion that mutual customer gives, enhancing request point and enhancement service point are consulted and the enforcement reliability is improved.

Step 10B: trust interactive service side preliminary assessment result is submitted to the trust future position, wait for final decision.

Step 11: trust future position according to the entry evaluation result who is obtained, adopt certain strategy (as Bayesian network, game theory analysis etc.) to carry out the real-time and dynamic behavior and trust prediction, and will predict the outcome and submit to the trust evaluation point.

Step 12: trust evaluation point predicts the outcome to entry evaluation result and trust and finally assesses, and the result feeds back to and trusts interactive service side.

Step 13: trust interactive service side and make a strategic decision, and the result of decision is fed back to behavior mandate point according to final assessment result.

Step 14: behavior mandate point produces the control corresponding instruction according to the result of decision, is used for trusting the execution point and trusts control to trusting object.

Step 15: trust feedback point the protocol interaction process is monitored, and obtained information is submitted to trust interactive service side by safe lane.

Step 16: trust interactive service side monitoring information is handled, and submit to the trust evaluation point with the form of original feedback trust stream and carry out Analysis of Policy Making.

Step 17and 18: the trust evaluation form that the result of decision trusts feedback flow with history of naming a person for a particular job is submitted to mutual test point, mutual test point carries out trust filtering to trusting stream, final trust data accepted a little by the T dispute in network system, store, as the foundation of following trust decisions.

Second portion: deny control (the map network agreement is carried out the dispute in later stage and handled)

Step e: after credible and controllable network protocol was complete, trusting object may be disputable to protocol implementation or result.At this moment, trust object and dispute need be handled request and collect the anti-repudiation evidence of relevant protocol interaction the agreement term of execution, cause point by dispute and submit to the dispute process points and solve together with it.

Step f: request is handled in the dispute of being submitted to, and the dispute process points is at first sought the dispute solution in the local policy storehouse, and carries out dispute and handle; If do not have, then accept and a little accept this dispute by dispute process points request dispute.

Step g: dispute is accepted some dispute to be accepted and is asked to carry out initial analysis, it mainly is the correlation degree of judging that anti-repudiation evidence that dispute accepts in the request to be comprised and agreement are taken turns, if onrelevant is then off the docket, submit to dispute solution point with the form that dispute solves request otherwise need to accept the result.

Step h: dispute solves point and serves as arbitrator role in the dispute solution process, according to certain principle dispute is arbitrated, and arbitration result is fed back to dispute accepts a little.

Step I: dispute is accepted and is produced corresponding dispute processing instruction according to arbitration result, gives the dispute process points actual treatment is carried out in dispute.

Claims

1. method that is used to realize credible and controllable network protocol, it is characterized in that: on the basis of existing network protocol structure, increase credible controlled four layers of logical construction, thereby expecting of realizing that procotol carries out and can managing, credible controlled four layers of logical construction comprise the trust decisions layer, trust observation layer, the trusted resource layer, trust alternation of bed; The specific implementation step is as follows:

Step I i, trust observation layer by converging from the trust stream of trusted resource layer and the historical reliability of giving by the constituent element historical behavior Network Based of trust decisions layer feedback, degradation anomaly and user behavior under procotol fault, malicious entities attack and the service quality are in time detected, and from abstract, discrete reliability data, extract relevant dystropic feature, be unusual and situation of change according to the feature identification trip, be transmitted to the trust decisions layer by trusting alternation of bed with considerable simple and clear form;

2. the method that is used to realize credible and controllable network protocol according to claim 1 is characterized in that: the feature of trusting stream described in the step I also comprises based on seasonal effect in time series agreement user behavior information except comprising the timing variations of protocol entity behavior.