Yingjie Xia,Guanghua Song,Yao Zheng,Jun Ni,Mingzhe Zhu

DOI: https://doi.org/10.1109/ICICSE.2008.7

2008-01-01

Abstract:This paper introduces a small world overlay Peer- to-peer (P2P) transfer system with role based and reputation based access control policies, through which we are able to solve several serious problems existed in traditional P2P systems, like resource piracy, user privacy and network jam. The role based access control policy is implemented by the certificate based cryptography, e.g. X509. The reputation based access control policy consists of artificial scoring and automatic scoring components, corresponding to the quality and quantity evaluation of the transfer resources respectively. This system, upon the two policies and the adaptive small world overlay P2P topology, can restrict the peer's role and select a more credible peer to upload and download without any loss of performance, for the reason of the dramatic topology. Indeed it provides a secure, controllable and efficient resource transfer community.

Yingjie Xia,Guanghua Song,Yao Zheng,Mingzhe Zhu

DOI: https://doi.org/10.1109/wkdd.2008.28

2007-01-01

Abstract:This paper introduces R2P, a Peer-to-Peer (P2P) transfer system with role based and reputation based access control policies. With the combination of user authentication, organization authorization and scoring system, we solve the problem of resource piracy, user privacy and network jam, which exist in traditional P2P systems. The R2P system takes advantage of the X509 certificate to implement the role based access control policy. By assembling the artificial scoring and the automatic scoring components, the system evaluates the quantity and quality of the transfer resources, putting forward the reputation based access control policy. Upon the two policies and the adaptive P2P transfer model, the R2P system provides a secure, controllable and efficient resource transfer community.

Yu Zhang,Xianxian Li,Jinpeng Huai,Yunhao Liu

DOI: https://doi.org/10.1109/ICDCSW.2005.29

2005-01-01

Abstract:As an emerging model of communication and computation, peer-to-peer networking represents a fully distributed, cooperative network design, and has recently gained significant acceptance. Peer groups share the properties of peer-to-peer overlay network, including full decentralization, symmetric abilities, and dynamism, which make security problems more complicated. In this paper, we propose a fine-grained and attribute-based access control framework forpeer-to-peer systems. This design employs a novel policy model which extends role-based trust management language RT to satisfy security requirements of peer groups. Intend for a pure decentralized model without centralized server, our framework presents distributed delegation authorization mechanism which could avoid single point of failure. We also introduce our implementation experience.

Lina Zhao,Yin Zhang,Sanyuan Zhang,Xiuzi Ye

DOI: https://doi.org/10.1007/11534310_53

2005-01-01

Abstract:With the rapid development of the network technologies, software development is becoming more and more complicated. Traditional software engineering management methods based on Client/Server structure have not been very competent for large-scale software development. This paper proposes a software engineering management method based on P2P structure. By exploring the characteristics of P2P, our system takes “Peer Group” as the unit to build up services including source code management, task assignment and software visualization. Our framework overcomes the server's “bottleneck” existed in the C/S structure. Although it still has a server in the network, the server only provides indexing function and does not store the document. In this way, the loads of the server are transferred to the network boundary. Our method takes full advantages of computation resources, and can increase the system's performance. We will also show in the paper the performance increases by our method in software development for practical applications.

Changqin Huang,Guanghua Song,Yao Zheng,Deren Chen

DOI: https://doi.org/10.1007/978-3-540-30102-8_39

2004-01-01

Abstract:Large-scale scientific and engineering computation is normally accomplished through the interaction of collaborating groups and diverse heterogeneous resources. Grid computing is emerging as an applicable paradigm, whilst, there is a critical challenge of authorization in the grid infrastructure. This paper proposes a Parallelized Subtask-level Authorization Service architecture (PSAS) based on the least privilege principle, and presents a context-aware authorization approach and a flexible task management mechanism. The minimization of the privileges is conducted by decomposing the parallelizable task and re-allotting the privileges required for each subtask. The dynamic authorization is carried out by constructing a multi-value community policy and adaptively transiting the mapping. Besides applying a relevant management policy, a delegation mechanism collaboratively performs the authorization delegation for task management. In the enforcement mechanisms involved, the authors have extended the RSL specification and the proxy certificate, and have modified the Globus gatekeeper, jobmanager and the GASS library to allow authorization callouts. Therefore the authorization requirement of an application is effectively met in the presented architecture.

Zude Li,Guoqiang Zhan,Xiaojun Ye

DOI: https://doi.org/10.1007/11775300_17

2006-01-01

Abstract:Peer-to-peer (P2P) resource dissemination has raised some security concerns for privacy protection and intellectual property rights protection along resource dissemination over the network. To solve these challenges, we propose the Role-Based P2P model, in which the role notion is functioned as the bridge component between users and resources to enforce secure resource dissemination together with relative constraints. The property rights attached to resource and user's private identity information are both protected as promise by taking each local role as a permission set in local centralized network and each global role as a user's pseudonym in global decentralized network. Furthermore, we propose the access control algorithm to describe how to handle access requests by the role policy in the role-based hybrid P2P model. In addition, we illustrate the intra and inter access schemas as two kinds of access processes. The model is feasible as its role structure and the connection with user and resource in open environment are consistent with the application objectives. The model is extensible, as the role structure can be also available for Purpose-Based Privacy Protection technologies.

NIU Xin-zheng,SHE Kun,LU Gang,ZHOU Ming-tian

DOI: https://doi.org/10.3969/j.issn.1001-0548.2007.03.003

2007-01-01

Abstract:According to the security requirement of Peer-to-Peer (P2P) technology, this paper analyzes the advantages of current P2P access control strategy and proposes an efficient P2P clustering model. The model urity mechanism based on Rule Based Access Control (RBAC) as well as Java Authentication and Authorization vice (JAAS) are discussed, and the filter technology is also considered. Project application results show that AC technology is efficient for access control in P2P systems.

ZHANG Yan-xia,WANG Jin-lin

2007-01-01

Journal of Computer Applications

Abstract:Centralizedity is not appropriate in peer-to-peer (P2P) systems, because nodes in peer groups are equal inherently. This challenges the security and efficiency of the networking access control. The work done by some other researchers shows that it is very difficult to design a multi-party, multi-round protocol which is efficient and secure, robust at the same time. The application of threshold cryptography in peer-to-peer network can provide robust and high fault-tolerance access control. It also provides scalability by distributing trust throughout the peer group; therefore it is a new solution to peer-groups security service. This new design can also eliminate the vulnerability in the existing P2P access control protocols.

Chen Yang,Hu Shuang,Chen Gongliang,Li Jianhua

DOI: https://doi.org/10.1109/iccsn.2017.8230277

2017-01-01

Abstract:P2P (Peer to Peer) technology by its virtue of its inherent decentralization, autonomy, fault tolerance and scalability, it is widely applied in file sharing system. P2P file sharing system overcomes the weaknesses of traditional C/S network system like sluggish response, while also embodying security risks such as fraud and unreliable service owing to poor trust mechanism. Establishing an effective trust mechanism in P2P network is significant for improving its feasibility. First, we design a multi-dimensioned trust model, which covers time cost and risk factors and enhances the reliability of existing trust measurement. Then we purpose an improved trust and authorization mechanism, which combines our trust model with SPKI (Simple Public Key Infrastructure) to resolve the trust problem. In general, the proposed trust and authorization mechanism can effectively optimize the trust strategies of P2P file sharing system by experiment, thus ameliorate its reliability and availability, and promotes its extensive application.

LIU Wu,DUAN Hai-Xin,ZHANG Hong,WU Jian-Ping

2008-01-01

Periodical of Ocean University of China

Abstract:In traditional network security management systems,system administrators could not prevent malicious users from illegal actions in time.This paper introduces the trust mechanism to dynamically evaluate user's reputation which is correlated with the user's privilege in the network and based on which we proposed and implemented the key algorithm of trust based access control in P2P Network.

YANXIA ZHANG,JINLIN WANG

DOI: https://doi.org/10.3969/j.issn.1008-0570.2007.15.028

2007-01-01

Abstract:In fully distributed peer-to-peer systems,secure services have to be fulfilled by the union of peer-group members because there is no centralized authority.This paper investigates the application of threshold cryptography for membership control in p2p system .We analyze the secure flaws in prior works and design a multi-party self-service p2p access control protocol on the basis of threshold computation protocols.No centralized authority is needed through the whole protocol process.The analysis of security,robust and efficiency is provided.

Haiyong Xie,Arvind Krishnamurthy,Avi Silberschatz,Y. Richard Yang

2007-01-01

Abstract:The emergence of peer-to-peer (P2P) is posing signifi- cant new challenges to achieving efficient and fair utilizat ion of network resources. In particular, without the ability to explicitly communicate with network providers, P2P appli- cations depend mainly on inefficient network inference and network-oblivious peering, leading to potential inefficie ncies for both P2P applications and network providers. In this pa- per, we propose a simple, light-weight architecture called P4P to allow more effective cooperative traffic control be- tween applications and network providers. Our evaluations show clear performance benefits of the framework.

Yi-sheng AN,Bing-jie LUO,Xiang-mo ZHAO,Ren-hou LI

DOI: https://doi.org/10.3969/j.issn.1000-1220.2012.09.020

2012-01-01

Abstract:Focusing on assurance of activity based dynamic assignment and retrieve of cooperative permission in multi user environment,and its reliability verification,an activity-role based mechanism of cooperative permission dynamic management is proposed in this paper,and CPNs based modeling and analyzing issues are also provided.In this model,the shared cooperative document and view space are divided according to the sequence of interdependent activities,and the cooperative activities are associated with the assignment and retrieve of role,therefore,the problem of authorized users with persistent permissions to specific object in traditional access control is solved.In the final,state space based analysis shows that constraint conditions such as dependencies between activities,reachability of activity-role binding,and deadlock prevention in applying for cooperative permission can be verified,and the requirements of frequent change of cooperative permission are satisfied in the access control of cooperative design system.

Zhenquan Qin,Lei Wang,Mingchu Li,Weifeng Sun

DOI: https://doi.org/10.1109/IIHMSP.2010.185

2010-01-01

Abstract:With the proliferation of P2P application, it is critical to consider how these systems can be run in a trust environment. We present a lightweight time-window based effective dynamic trust mechanism(Tw-Trust) considering the peer’s local and global trustworthiness. Simulation results show that Tw-Trust has the advantages in countering strategic altering behavior and dishonest feedbacks of malicious peers.

Yu Liu,Guangxi Zhu,Hao Yin

DOI: https://doi.org/10.1109/ISPACS.2007.4445985

2007-01-01

Abstract:Peer discovery is a basic service of P2P applications. It enables peers in a P2P application to locate one another so they can interact. The connectivity of a P2P system depends on the efficiency of the peer discovery mechanism adopted. There are three categories of peer discovery mechanisms([1]). Most P2P applications implement one of them. They will work perfectly in a transparent net work, where peers can communicate freely. On the Internet, peers behind NAT gateways have very,poor connectivity. They are often discriminated as 'second' or even cannot interact within their residing sub-network. In order to make use of all possible peer resources, this paper describes a hybrid discovery mechanism. Furthermore, by making full use of the local IP interface in addition, every potential connection within a sub-network is unearthed. The simulation results also prove the efficiency of the presented mechanism.

Haiyong Xie,Arvind Krishnanmurthy,Yang Richard Yang,Avi Silberschatz

2007-01-01

Abstract:As peer-to-peer (P2P) emerges as a new paradigm for scalable network application design, it is also posing significant new challe nges to achiev- ing efficient and fair utilization of network resources. In p articular, with- out the ability to explicitly communicate with network providers, P2P ap- plications may consume too much bandwidth than the network provider can afford, trigering network provider reaction. Furthermore, P2P applications depend mainly on inefficient network inference and network- oblivious peer- ing, leading to potential inefficiencies for both P2P applic ations and network providers. In this paper, we propose a simple, light-weight architecture called P4P to allow more effective cooperative traffic control betw een applications and network providers. We conduct not only extensive simulations but also real-life experiments with three major ISPs to demonstrate the effectiveness and feasibility of P4P.

Loris Penserini,Lin Liu,John Mylopoulos,Maurizio Panti,Luca Spalazzi

2003-01-01

Abstract:We are interested in peer-to-peer (P2P) computing, where a P2P application consists of a (wireless) network of nodes (peers), and assumes full peer autonomy, no global control, and intermittent connectivity. P2P computing has many advantages over classical client-server and web-based distributed architectures. However, the P2P computing model also has a number of limitations in the mechanisms it supports for data management and interchange. To overcome some of these, we propose an agent-based P2P model whose nodes are software agents (peer agents). This paper uses the i * modeling framework to analyze and evaluate peer agent cooperation strategies using three possible evaluation criteria.

Chunrui ZHANG,Fan JIANG,Ke XU

DOI: https://doi.org/10.3321/j.issn:1000-0054.2005.10.037

2005-01-01

Abstract:The P2P(peer to peer) technique is now used in many areas,but no good solutions have yet been developed to set up trust among peers.This paper presents a model,called P2Ptrust,which combines a local trust table and a global reputation table.Each peer endows a trust value to other peers respectively whose trades are trustworthy.And the values construct a local trust table.Each peer must save several global reputation tables which belong to other peers.This model uses the friend mechanism and unites the virtue of the local trust table and the global reputation table.This paper also introduces a solution for the sybil attack,the malicious collectives attack,and other such attacks.Simulation results show that the P2Ptrust model reduces communication overhead and is more robust with security and has better extensibility.

Wu Liu,HaiXin Duan,Hong Zhang,Jianping Wu

2008-01-01

Abstract:The trust mechanism was introduced to dynamically evaluate user's behavior in P2P network, and bind user's reputation with its access control privilege in the network. In addition, the trust based dynamic access control mechanism and key algorithm was proposed and implemented. With the trust based network security management system implemented based on the trust mechanism, a malicious user will be kicked out from the network system and refused from accessing resources of the network automatically when the user's reputation is lower than some threshold.

Lei Hou,Haixin Duan,Jianping Wu

DOI: https://doi.org/10.1109/icpads.2008.42

2008-01-01

Abstract:In Peer-to-Peer (P2P) networks if adversaries such as Sybil attackers have got most identities in the network, they will control routing table or traffic. In this paper, we propose a framework based on two complementary techniques to defense malicious node after they transmit data to other malicious peers instead of honest peers. The first approach, based on behaviors of destination nodes, is used to count the local nodes’ credit values in a period of Credit Construction Time. The second approach is updating the global nodes’ credit values between schedulers. We propose scheduler to maintain the trust relationship between global nodes. In order to assess the effectiveness of the above techniques, we extend Eclipse attack code in simulator p2pSim-0.3 and implement scheduler defense malicious attack behavior algorithm based on both credit and proximity. We adopt Chord protocol and Euclidean topology to implement scheduling algorithm, but the same methodology can be applied to other protocols and topologies as well.