A Formal Logic for Shared Resource Access Control in the Grid

This paper presents a formal logic that can be used to model security mechanisms associated with the access-control of shared resources in the grid environment. The logic uses the K45 n , a standard modal logic of belief, and a fine-grained trust relationship to describe and reason about the access-control related issues. In this paper, the motivation, syntax, semantics, inference rules of the logic as well as how to encode credentials and security policies using the logic are introduced. An example that demonstrates how to use the logic in authorization decision making for resource requests within grid environment is also given.

[1]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[2]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[3]  Cheng-Zhong Xu,et al.  Privilege delegation and agent-oriented access control in naplet , 2003, 23rd International Conference on Distributed Computing Systems Workshops, 2003. Proceedings..

[4]  Joseph Y. Halpern,et al.  A Guide to Completeness and Complexity for Modal Logics of Knowledge and Belief , 1992, Artif. Intell..

[5]  Stephen Weeks,et al.  Understanding trust management systems , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[6]  Cheng-Zhong Xu,et al.  Naplet: a flexible mobile agent framework for network-centric applications , 2002, Proceedings 16th International Parallel and Distributed Processing Symposium.

[7]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[8]  Jan Vitek,et al.  Secure Internet Programming: Security Issues for Mobile and Distributed Objects , 1999 .

[9]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[10]  Jon Howell,et al.  A Formal Semantics for SPKI , 2000, ESORICS.

[11]  Cheng-Zhong Xu,et al.  An integrated mobile agent framework for distributed network management† , 2005, Parallel Algorithms Appl..

[12]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[13]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[14]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[15]  Ami Marowka,et al.  The GRID: Blueprint for a New Computing Infrastructure , 2000, Parallel Distributed Comput. Pract..

[16]  Ian Foster,et al.  The Grid 2 - Blueprint for a New Computing Infrastructure, Second Edition , 1998, The Grid 2, 2nd Edition.

[17]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[18]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[19]  P. Venkat Rangan,et al.  An axiomatic basis of trust in distributed systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[20]  Mary R. Thompson,et al.  CA-based Trust Model for Grid Authentication and Identity Delegation , 2002 .

[21]  Jinyuan You,et al.  Modeling Trust Management System for Grids , 2003, GCC.

[22]  Cheng-Zhong Xu,et al.  A coordinated spatio-temporal access control model for mobile computing in coalition environments , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[23]  Cheng-Zhong Xu,et al.  A mobile agent based push methodology for global parallel computing , 2000, Concurr. Pract. Exp..

[24]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[25]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.