| 一种入侵容忍的资料库 |
| |
| 作者姓名: | 刘海蛟 荆继武 林璟锵 杜 皎 |
| |
| 作者单位: | 信息安全国家重点实验室(中国科学院研究生院),北京 100049 |
| |
| 摘 要: | ARECA的设计保护了CA私钥的保密性,使ARECA能实时在线地为用户签发证书或撤销证书;但作为安全的在线CA,分发证书的资料库的安全也是关键问题。ARECA的资料库是入侵容忍的,通过将复制的服务器组织成分发屏蔽失效法定数目团体系统,能屏蔽良性失效或者被攻击者控制的服务器的行为,为用户提供正确的证书和证书撤销列表查询服务。异步通信条件下,n>3f个服务器组成的资料库能够容忍至多f个服务器同时失效。
|
| 关 键 词: | 入侵容忍 拜占庭法定数目团体系统 CA 资料库 |
Building an Intrusion Tolerant Repository |
| |
| Authors: | LIU Hai-Jiao JING Ji-Wu LIN Jing-Qiang DU Jiao |
| |
| Institution: | State Key Laboratory of Information Security (Graduate School of Chinese Academy of Sciences), Beijing 100039, China |
| |
| Abstract: | On-line ARECA’S ability to protect its private key enables it to sign certificates or revoke certificates securely, yet to be a secure on-line CA, its repository should also be protected. ARECA’S repository comprises several replicated servers and is designed into a Dissemination Quorum System, which can mask the benign failure or Byzantine (even malign) failure of the servers. ARECA’S repository is able to provide correct service even when at most f servers of the n (n>3f) servers fail. |
| |
| Keywords: | Intrusion tolerant Byzantine Quorum Systems CA Repository |
|
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
