| 一种入侵容忍的资料库 |
| |
| 引用本文: | 刘海蛟,荆继武,林璟锵,杜皎.一种入侵容忍的资料库[J].中国科学院研究生院学报,2006,23(1):46-51. |
| |
| 作者姓名: | 刘海蛟 荆继武 林璟锵 杜皎 |
| |
| 作者单位: | 信息安全国家重点实验室(中国科学院研究生院),北京,100049 |
| |
| 基金项目: | 科技部科研项目;国家科技攻关项目 |
| |
| 摘 要: | ARECA的设计保护了CA私钥的保密性,使ARECA能实时在线地为用户签发证书或撤销证书;但作为安全的在线CA,分发证书的资料库的安全也是关键问题。ARECA的资料库是入侵容忍的,通过将复制的服务器组织成分发屏蔽失效法定数目团体系统,能屏蔽良性失效或者被攻击者控制的服务器的行为,为用户提供正确的证书和证书撤销列表查询服务。异步通信条件下,n>3f个服务器组成的资料库能够容忍至多f个服务器同时失效。
|
| 关 键 词: | 入侵容忍 拜占庭法定数目团体系统 CA 资料库 |
| 文章编号: | 1002-1175(2006)01-0046-06 |
| 修稿时间: | 2005年1月7日 |
Building an Intrusion Tolerant Repository |
| |
| LIU Hai-Jiao,JING Ji-Wu,LIN Jing-Qiang,DU Jiao.Building an Intrusion Tolerant Repository[J].Journal of the Graduate School of the Chinese Academy of Sciences,2006,23(1):46-51. |
| |
| Authors: | LIU Hai-Jiao JING Ji-Wu LIN Jing-Qiang DU Jiao |
| |
| Institution: | State Key Laboratory of Information Security (Graduate School of Chinese Academy of Sciences), Beijing 100039, China |
| |
| Abstract: | On-line ARECA's ability to protect its private key enables it to sign certificates or revoke certificates securely. Yet to be a secure on-line CA, its repository should also be protected. ARECA's repository comprises several replicated servers and is designed into a Dissemination Quorum System, which can mask the benign failure or Byzantine (even malign) failure of the servers. ARECA's repository which consists of n(n>3f) serves,is able to provide a correct service even when at most f servers fail. |
| |
| Keywords: | intrusion tolerant Byzantine Quorum Systems CA repository |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《中国科学院研究生院学报》浏览原始摘要信息 |
| 点击此处可从《中国科学院研究生院学报》下载免费的PDF全文 |
