Fine-grained and History-based Access Control with Trust Management for Autonomic Grid Services

Grid technology provides an Internet-wide environment where a very large set of entities share their resources. The main feature of a grid environment is that resource providers belong to distinct administrative domains each with its own security policies and enforcement mechanisms. Even more, service providers and entities, exploiting the grid infrastructure, typically have incomplete information about each other mainly because each administrative domain manages its policies and resources with high degree of autonomy. Thus, controlling access to grid resources has become a major security issue and a grid infrastructure has to provide a proper set of mechanisms and tools that allow for a fine-grained and history-based access control management. This paper proposes a comprehensive access control and enforcement framework for grid computational resources. The framework is based on a behavioral model that defines fine-grained and history-based monitoring and on a trust management model that provides access decisions and proper access rights management. The framework provides dynamic and context-aware access control enforcement by generating temporal credentials at run time while user's applications are exploiting grid's resources

[1]  Srilekha Mudumbai,et al.  Certificate-based authorization policy in a PKI environment , 2003, TSEC.

[2]  Fabio Martinelli,et al.  Towards Continuous Usage Control on Grid Computational Services , 2005, Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services - (icas-isns'05).

[3]  Von Welch,et al.  Fine-Grain Authorization for Resource Management in the Grid Environment , 2002, GRID.

[4]  Richard O. Sinnott,et al.  Comparison of advanced authorisation infrastructures for grid computing , 2005, 19th International Symposium on High Performance Computing Systems and Applications (HPCS'05).

[5]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[6]  Fabio Massacci,et al.  Interactive Access Control for Web Services , 2004, SEC.

[7]  Ian Foster,et al.  The Security Architecture for Open Grid Services , 2002 .

[8]  Ian T. Foster,et al.  The Community Authorization Service: Status and Future , 2003, ArXiv.

[9]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[10]  Fabio Martinelli,et al.  Improving Grid Services Security with Fine Grain Policies , 2004, OTM Workshops.

[11]  Ian T. Foster,et al.  Globus Toolkit Version 4: Software for Service-Oriented Systems , 2005, Journal of Computer Science and Technology.

[12]  J. van Leeuwen,et al.  Logic Programming , 2002, Lecture Notes in Computer Science.

[13]  Ian T. Foster Globus Toolkit Version 4: Software for Service-Oriented Systems , 2005, NPC.

[14]  Von Welch,et al.  Fine-Grained Authorization for Job and Resource Management Using Akenti and the Globus Toolkit , 2003, ArXiv.

[15]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[16]  Fabio Martinelli,et al.  Towards an Integrated Formal Analysis for Security and Trust , 2005, FMOODS.

[17]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2002, SACMAT '02.

[18]  Stephen Weeks,et al.  Understanding trust management systems , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[19]  Fabio Massacci,et al.  Interactive Credential Negotiation for Stateful Business Processes , 2005, iTrust.

[20]  Marty Humphrey,et al.  Security for Grids , 2005, Proceedings of the IEEE.