Privacy Protection of Grid Service Requesters through Distributed Attribute Based Access Control Model

In Grid service environments, traditional identity based access control models are not effective, and access decisions need to be made based on service requesters' attributes All of previous attribute based access control (ABAC) models are lacking in protection of users' privacy because in these models, access control decisions are made by providing the service provider with user attributes This paper presents a Distributed Attribute Based Access Control (DABAC) model which protects users' privacy in Grid service environments The DABAC model is based on XACML access control framework In DABAC model, access control is distributed between home organization (service requester's organization) and destination organization (service provider's organization) In this model, user attributes are examined in home organization for which policy certificates are provided This prevents service provider from accessing users' attributes Therefore, users' privacy is protected Moreover, distributed nature of this model, makes it more efficient comparing with previous models.

[1]  Ákos Frohner,et al.  VOMS, an Authorization System for Virtual Organizations , 2003, European Across Grids Conference.

[2]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[3]  Tharam S. Dillon,et al.  On the Move to Meaningful Internet Systems, OTM 2010 , 2010, Lecture Notes in Computer Science.

[4]  Srilekha Mudumbai,et al.  Certificate-based authorization policy in a PKI environment , 2003, TSEC.

[5]  V. Welch,et al.  Attributes , Anonymity , and Access : Shibboleth and Globus Integration to Facilitate Grid Collaboration , 2005 .

[6]  David W. Chadwick,et al.  Authorisation in Grid computing , 2005, Inf. Secur. Tech. Rep..

[7]  Amirreza Masoumzadeh,et al.  PuRBAC: Purpose-Aware Role-Based Access Control , 2008, OTM Conferences.

[8]  Len LaPadula,et al.  Secure Computer Systems: A Mathematical Model , 1996 .

[9]  I. Foster,et al.  Attribute Based Access Control for Grid Computing , 2006 .

[10]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[11]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2002, SACMAT '02.

[12]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[13]  Nora Cuppens-Boulahia,et al.  XeNA: an access negotiation framework using XACML , 2009, Ann. des Télécommunications.

[14]  William E. Johnston,et al.  Certificate-based Access Control for Widely Distributed Resources , 1999, USENIX Security Symposium.

[15]  Andrew W. Appel,et al.  Access control for the web via proof-carrying authorization , 2003 .

[16]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[17]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[18]  Jim Basney,et al.  Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, Grid , 2006 .