Policies and Security Aspects For Distributed Scientific Laboratories

Web Services and the Grid allow distributed research teams to form dynamic, multi-institutional virtual organizations sharing high performance computing resources, large scale data sets and instruments for solving computationally intensive scientific applications, thereby forming Virtual Laboratories. This paper aims at exploring security issues of such distributed scientific laboratories and tries to extend security mechanisms by defining a general approach in which a security policy is used both to provide and regulate access to scientific services. In particular, we consider how security policies specified in XACML and WS-Policy can support the requirements of secure data and resource sharing in a scientific experiment. A framework is given where security policies are stated by the different participants in the experiment, providing a Policy Management system. A prototype implementation of the proposed framework is presented.

[1]  Bob Atkinson Web Services Security (WS-Security) , 2003 .

[2]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[3]  Hamideh Afsarmanesh,et al.  Towards a Framework for Creation of Dynamic Virtual Organizations , 2005, PRO-VE.

[4]  Changzhou Wang,et al.  A Multi-Layer Security Enabled Quality of Service (QoS) Management Architecture , 2007, 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007).

[5]  Roch Guérin,et al.  A Framework for Policy-based Admission Control , 2000, RFC.

[6]  Silvana Castano,et al.  Managing Workflow Authorization Constraints through Active Database Technology , 2001, Inf. Syst. Frontiers.

[7]  Giovanni Della-Libera,et al.  Web Services Trust Language (WS-Trust) , 2002 .

[8]  Rajkumar Buyya,et al.  Policy-based Resource Allocation in Hierarchical Virtual Organizations for Global Grids , 2006, 2006 18th International Symposium on Computer Architecture and High Performance Computing (SBAC-PAD'06).

[9]  Giovanni Della-Libera,et al.  Web Services Security Policy Language (WS-SecurityPolicy) , 2002 .

[10]  Ian T. Foster,et al.  A Multipolicy Authorization Framework for Grid Security , 2006, Fifth IEEE International Symposium on Network Computing and Applications (NCA'06).

[11]  Ian T. Foster Service-Oriented Science: Scaling eScience Impact , 2006, 2006 IEEE/WIC/ACM International Conference on Web Intelligence (WI 2006 Main Conference Proceedings)(WI'06).

[12]  Ernesto Damiani,et al.  Fine grained access control for SOAP E-services , 2001, WWW '01.

[13]  Maria Grazia Fugini,et al.  Supporting Distributed Experiments in Cooperative Environments , 2005 .

[14]  Hao Jiang,et al.  Access Control for Workflow Environment: The RTFW Model , 2006, CSCWD.