Distributed Access Control for Grid Environments Using Trust Management Approach

In Grid environments, virtual organizations (VOs) often need to define access control policies to govern who can use which resources for which purpose over multiple policy domains. This is challenging, not only because the entities in VOs must collaborate with each other to share resources across administrative domains, but also because there usually exist a large amount of underlying sites (resource providers) and users in VOs. In this paper, we introduce to use trust management approach to address these problems in Grid environments. We propose a rule-based policy language (RPL) framework to describe the authorization and delegation policies related to VOs, sites and users. This paper also introduces the design of an enhanced community authorization service (ECAS) based on RPL framework, which can be seamlessly integrated with local authorization mechanisms. ECAS uses different kinds of delegation policies for flexible collaboration on authorization between entities in VOs. Compared with similar research works, ECAS enhances the flexibility and scalability of decentralized authorization in Grid environments.

[1]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[2]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[3]  Ninghui Li,et al.  Distributed Credential Chain Discovery in Trust Management , 2003, J. Comput. Secur..

[4]  Richard Yee,et al.  Secure Virtual Enclaves: supporting coalition use of distributed application technologies , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[5]  Simon N. Foley,et al.  GridAdmin: decentralising grid administration using trust management , 2004, Third International Symposium on Parallel and Distributed Computing/Third International Workshop on Algorithms, Models and Tools for Parallel Computing on Heterogeneous Networks.

[6]  Ian T. Foster,et al.  The Community Authorization Service: Status and Future , 2003, ArXiv.

[7]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[8]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[9]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[10]  Ian T. Foster,et al.  Globus: a Metacomputing Infrastructure Toolkit , 1997, Int. J. High Perform. Comput. Appl..

[11]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[12]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[13]  Gabriel M. Kuper,et al.  Constraint Query Languages , 1995, J. Comput. Syst. Sci..

[14]  E. John Sebes,et al.  Secure virtual enclaves: Supporting coalition use of distributed application technologies , 2001, TSEC.

[15]  M.I.T. Press,et al.  The International Journal of Supercomputer Applications and High Performance Computing— , 1994 .

[16]  Peter Sewell,et al.  Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..