Coordinated access control with temporal and spatial constraints on mobile execution in coalition environments

Dynamics is an inherent characteristic of computational grids. The volatile nodal availablity requires grid applications and services be adaptive to changes of the underlying grid topology. Mobile execution allows mobile users or tasks to relocate across different nodes in the grid. This poses new challenges to resource access control. Resource sharing in the grid coalition environment creates certain temporal and spatial requirements for accesses by mobile entities. However, there is a lack of formal treatment of the impact of mobility on the shared resource access control. In this paper, we formalize the mobile execution of grid entities by using the mobile code model. We introduce a shared resource access language, SRAL, to model the behaviors of mobile codes. SRAL is structured and composed so that the program of a mobile code can be constructed recursively from primitive accesses. We define the operational semantics of SRAL and prove that it is expressive enough for most resource access patterns. In particular, it is complete in the sense that it can specify any program of regular trace model. A constraint language, SRAC, is defined to specify spatial constraints for shared resource accesses. Checking if the behavior of a mobile code satisfies a given spatial constraint can be solved by a polynomial-time algorithm. We apply the Duration Calculus to express temporal constraints, and show the constraint satisfaction problem is decidable as well. We extend the role-based access control model to specify and enforce our spatio-temporal constraints. To prove the concept and technical feasibility of our coordinated access control model, we implemented it in a mobile agent system, which emulates mobile execution in grids by software agents.

[1]  Francine Berman,et al.  Adaptive Computing on the Grid Using AppLeS , 2003, IEEE Trans. Parallel Distributed Syst..

[2]  Xiaoliang Song,et al.  Underestimated tropical stratiform precipitation in the National Center for Atmospheric Research (NCAR) Community Climate Model (CCM3) , 2004 .

[3]  Jason Nieh,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation , 2022 .

[4]  Ian T. Foster,et al.  Globus: a Metacomputing Infrastructure Toolkit , 1997, Int. J. High Perform. Comput. Appl..

[5]  Elisa Bertino,et al.  Temporal hierarchies and inheritance semantics for GTRBAC , 2002, SACMAT '02.

[6]  Martín Abadi,et al.  Access Control Based on Execution History , 2003, NDSS.

[7]  Ákos Frohner,et al.  VOMS, an Authorization System for Virtual Organizations , 2003, European Across Grids Conference.

[8]  Andrew A. Chien,et al.  Henri Casanova , 2022 .

[9]  Cheng-Zhong Xu,et al.  Naplet: a flexible mobile agent framework for network-centric applications , 2002, Proceedings 16th International Parallel and Distributed Processing Symposium.

[10]  Anand R. Tripathi,et al.  A security architecture for mobile agents in Ajanta , 2000, Proceedings 20th IEEE International Conference on Distributed Computing Systems.

[11]  C. R. Ramakrishnan,et al.  Logic based modeling and analysis of workflows , 1998, PODS '98.

[12]  Xu Hong-wei Temporal Role-Based Access Control Model , 2009 .

[13]  Thomas Phan,et al.  Challenge: integrating mobile wireless devices into the computational grid , 2002, MobiCom '02.

[14]  Hossein Bidgoli Handbook of Information Security , 2005 .

[15]  Roshan K. Thomas,et al.  Models for coalition-based access control (CBAC) , 2002, SACMAT '02.

[17]  Cheng-Zhong Xu,et al.  Mobile Code and Security , 2008 .

[18]  Cheng-Zhong Xu,et al.  Service migration in distributed virtual machines for adaptive grid computing , 2005, 2005 International Conference on Parallel Processing (ICPP'05).

[19]  Dejan S. Milojicic,et al.  Process migration , 1999, CSUR.

[20]  Giovanni Vigna,et al.  Understanding Code Mobility , 1998, IEEE Trans. Software Eng..

[21]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[22]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[23]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[24]  Michael Wilde,et al.  A Grid-Enabled Service for High-Throughput Genome Analysis , 2004 .

[25]  Vipin Chaudhary,et al.  History-based access control for mobile code , 1998, CCS '98.

[26]  M. Rosenblum,et al.  Optimizing the migration of virtual computers , 2002, OSDI '02.

[27]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[28]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[29]  Michael R. Hansen,et al.  Duration calculus: Logical foundations , 1997, Formal Aspects of Computing.

[30]  Vijay Karamcheti,et al.  dRBAC: distributed role-based access control for dynamic coalition environments , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[31]  Shiyong Lu,et al.  A formal framework for agent itinerary specification, security reasoning and logic analysis , 2005, 25th IEEE International Conference on Distributed Computing Systems Workshops.

[32]  William M. Farmer,et al.  Security for Mobile Agents: Authentication and State Appraisal , 1996, ESORICS.

[33]  Cheng-Zhong Xu,et al.  Privilege delegation and agent-oriented access control in naplet , 2003, 23rd International Conference on Distributed Computing Systems Workshops, 2003. Proceedings..

[34]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[35]  J. Van Leeuwen,et al.  Handbook of theoretical computer science - Part A: Algorithms and complexity; Part B: Formal models and semantics , 1990 .

[36]  Elisa Bertino,et al.  An access control model supporting periodicity constraints and temporal reasoning , 1998, TODS.

[37]  Manish Parashar,et al.  Dynamic context-aware access control for grid applications , 2003, Proceedings. First Latin American Web Congress.

[38]  Marty Humphrey,et al.  Mobile OGSI.NET: grid computing on mobile devices , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.