Dynamic context-aware access control for grid applications

The emerging grid infrastructure presents many challenges due to its inherent heterogeneity, multidomain characteristic, and highly dynamic nature. One critical challenge is providing authentication, authorization and access control guarantees. We present the SESAME dynamic context-aware access control mechanism for pervasive grid applications. SESAME complements current authorization mechanisms to dynamically grant and adapt permissions to users based on their current context. The underling dynamic role based access control (DRBAC) model extends the classic role based access control (RBAC). We also present a prototype implementation of SESAME and DRBAC with the Discover computational collaboratory and an experimental evaluation of its overheads.

[1]  Von Welch,et al.  Fine-Grain Authorization for Resource Management in the Grid Environment , 2002, GRID.

[2]  Dennis G. Kafura,et al.  Supporting Secure Ad-hoc User Collaboration in Grid Environments , 2002, GRID.

[3]  Thomas A. Corbi,et al.  The dawning of the autonomic computing era , 2003, IBM Syst. J..

[4]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[5]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[6]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[7]  Gregory D. Abowd,et al.  The context toolkit: aiding the development of context-enabled applications , 1999, CHI '99.

[8]  Konstantin Beznosov,et al.  Supporting relationships in access control using role based access control , 1999, RBAC '99.

[9]  Timothy W. Finin,et al.  Trust-Based Security in Pervasive Computing Environments , 2022 .

[10]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[11]  Lavanya Ramakrishnan,et al.  An Authorization Framework for a Grid Based Component Architecture , 2002, GRID.

[12]  Ian T. Foster,et al.  A National-Scale Authentication Infrastructur , 2000, Computer.

[13]  Manish Parashar,et al.  A Middleware Substrate for Integrating Services on the Grid , 2003, HiPC.

[14]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[15]  Vijay Mann,et al.  Engineering an interoperable computational collaboratory on the Grid , 2002, Concurr. Comput. Pract. Exp..

[16]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[17]  Vijay Mann,et al.  DISCOVER: An environment for Web‐based interaction and steering of high‐performance scientific applications , 2001, Concurr. Comput. Pract. Exp..

[18]  William E. Johnston,et al.  Authorization and attribute certificates for widely distributed access control , 1998, Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253).

[19]  Timothy W. Finin,et al.  Communications - Trust-Based Security in Pervasive Computing Environments , 2001, Computer.

[20]  D. Salber,et al.  The Context Toolkit : Aiding the Development of Context-Aware Applications , 2000 .

[21]  Mustaque Ahamad,et al.  Generalized Role-Based Access Control for Securing Future Applications , 2000 .

[22]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[23]  Manish Parashar,et al.  A distributed object infrastructure for interaction and steering , 2003, Concurr. Comput. Pract. Exp..

[24]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[25]  Mustaque Ahamad,et al.  A context-aware security architecture for emerging applications , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[26]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.