Semantic Access Control for Medical Applications in Grid Environments

Access control is the field of security which deals with permissions to access resources, where resources may be computing power, storage capacity and data. On the other hand computational grids are systems, where users share those resources in a mostly transparent way. Grid access control poses novel challenges, since the distributed nature of grids make it difficult to manage access control by a central authority. Numerous overlapping domains with different access control policies exist and the sharing of storage resources makes it possible that data leaves the domain of its owner. To enable the owner to enforce his access control policy in such cases, access control solutions adapted to grid environments are needed. In this article we introduce Semantic Access Certificates as an extension to existing access control solutions for grids, to solve some problems that arise when grids are used to process medical data.

[1]  Ian Foster,et al.  The Grid 2 - Blueprint for a New Computing Infrastructure, Second Edition , 1998, The Grid 2, 2nd Edition.

[2]  Federico Ruggieri The Datagrid Project , 2001 .

[3]  Evi Nemeth,et al.  UNIX System administration handbook , 1995 .

[4]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2001, TSEC.

[5]  Ian Foster,et al.  The Globus toolkit , 1998 .

[6]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[7]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[8]  Jean Bacon,et al.  Access control and trust in the use of widely distributed services , 2001, Softw. Pract. Exp..

[9]  I. Nikolaidis Unix system administration handbook, 3rd edition [Book review] , 2001, IEEE Network.

[10]  Evi Nemeth,et al.  UNIX system administration handbook (2nd ed.) , 1995 .

[11]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[12]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[13]  Ami Marowka,et al.  The GRID: Blueprint for a New Computing Infrastructure , 2000, Parallel Distributed Comput. Pract..

[14]  Ian T. Foster,et al.  GASS: a data movement and access service for wide area computing systems , 1999, IOPADS '99.

[15]  Ravi S. Sandhu,et al.  Role-Based Access Control , 1998, Adv. Comput..

[16]  Andrew S. Grimshaw,et al.  A Flexible Security System for Metacomputing Environments , 1999, HPCN Europe.