Task-and-role-based access-control model for computational grid

Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based access control (TBAC). In this model, condition restrictions are defined and concepts specifically tailored to Workflow Management System are simplified or omitted so that role assignment and security administration fit computational grid better than traditional models; permissions are mutable with the task status and system variables, and can be dynamically controlled. The CG-TRBAC model is proved flexible and extendible. It can implement different control policies. It embodies the security principle of least privilege and executes active dynamic authorization. A task attribute can be extended to satisfy different requirements in a real grid system.

[1]  Fabio Martinelli,et al.  Towards Continuous Usage Control on Grid Computational Services , 2005, Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services - (icas-isns'05).

[2]  Hai Jin,et al.  RB-GACA: A RBAC Based Grid Access Control Architecture , 2003, GCC.

[3]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[4]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[5]  Ravi S. Sandhu,et al.  Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management , 1997, DBSec.

[6]  Hai Jin,et al.  RB-GACA: an RBAC based grid access control architecture , 2005, Int. J. Grid Util. Comput..

[7]  Zhiwei Xu,et al.  Access control in semantic grid , 2004, Future Gener. Comput. Syst..

[8]  Li Rui-xuan,et al.  Dynamic Role and Context-Based Access Control for Grid Applications , 2005, TENCON 2005 - 2005 IEEE Region 10 Conference.