Skip to main content
SpringerLink
Log in

Access and Usage Control in Grid Systems

  • Chapter
Handbook of Information and Communication Security

Abstract

This chapter describes some approaches that have been proposed for access and usage control in grid systems. The first part of the chapter addresses the security challenges in grid systems and describes the standard security infrastructure provided by the Globus Toolkit, the most used middleware to establish grids. Since the standard Globus authorization system provides very basic mechanisms that do not completely fulfill the requirements of this environment, a short overview of well-known access control frameworks that have been integrated in Globus is also given: Community Authorization Service (CAS), PERMIS, Akenti, Shibboleth, Virtual Organization Membership Service (VOMS), Cardea, and PRIMA. Then, the chapter describes the usage control model UCON, a novel model for authorization, along with an implementation of UCON in grid systems. The last part of the chapter describes the authorization model for grid computational services designed by the Grid Trust project. This authorization model is also based on UCON.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 349.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 449.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 599.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. I. Foster, C. Kesselman, J. Nick, S. Tuecke: The physiology of the grid: An open grid service architecture for distributed system integration. Globus Project (2002), http://www.globus.org/research/papers/ogsa.pdf

  2. I. Foster, C. Kesselman, S. Tuecke: The anatomy of the grid: Enabling scalable virtual organizations, Int. J. Supercomput. Appl. 15(3), 200–222 (2001)

    Article  Google Scholar 

  3. Open grid forum: http://www.ogf.org/

  4. The Globus Alliance: Welcome to globus, http://www.globus.org

  5. I. Foster: Globus toolkit version 4: Software for service-oriented systems. In: Proc. IFIP Int. Conference on Network and Parallel Computing, LNCS, Vol. 3779, ed. by H. Jin, D.A. Reed, W. Jiang (Springer, 2005) pp. 2–13

    Google Scholar 

  6. I. Foster, C. Kesselman: The globus project: A status report, Proc. IPPS/SPDP ’98 Heterogeneous Computing Workshop (1998) pp. 4–18

    Google Scholar 

  7. M. Baker, R. Buyya, D. Laforenza: Grids and grid technologies for wide-area distributed computing, Int. J. Softw. Pract. Exp. 32(15), 1437–1466 (2002)

    Article  MATH  Google Scholar 

  8. S.J. Chapin, D. Katramatos, J. Karpovich, A. Grimshaw: Resource management in Legion, Future Gener. Comput. Syst. 15(5/6), 583–594 (1999)

    Article  Google Scholar 

  9. A. Vahdat, T. Anderson, M. Dahlin, E. Belani, D. Culler, P. Eastham, C. Yoshikawa: WebOS: Operating system services for wide area applications, Proc. 7th Symp. on High Performance Distributed Computing (1998)

    Google Scholar 

  10. D. Erwin, D. Snelling: UNICORE: A Grid computing environment. In: EuroPar’2001, Lecture Notes in Computer Science, Vol. 2150, ed. by R. Sakellariou, J. Keane, J. Gurd, L. Freeman (Springer, 2001) pp. 825–838

    Google Scholar 

  11. I. Foster, C. Kesselman, G. Tsudik, S. Tuecke: A security architecture for computational grids, Proc. 5th ACM Conference on Computer and Communications Security Conference (1998) pp. 83–92

    Google Scholar 

  12. M. Humphrey, M. Thompson, K. Jackson: Security for grids, Proc. IEEE 93(3), 644–652 (2005)

    Article  Google Scholar 

  13. N. Nagaratnam, P. Janson, J. Dayka, A. Nadalin, F. Siebenlist, V. Welch, I. Foster, S. Tuecke: Security architecture for open grid services, Global Grid Forum Recommendation (2003)

    Google Scholar 

  14. V. Welch, F. Siebenlist, D. Chadwick, S. Meder, L. Pearlman: Use of SAML for OGSA authorization (2004), https://forge.gridforum.org/projects/ogsa-authz

  15. IBM: Web service trust language (WS-Trust), http://specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf

  16. I. Foster, C. Kesselman, L. Pearlman, S. Tuecke, V. Welch: A community authorization service for group collaboration, Proceedings of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’02) (2002) pp. 50–59

    Google Scholar 

  17. L. Pearlman, C. Kesselman, V. Welch, I. Foster, S. Tuecke: The community authorization service: Status and future. Proceedings of Computing in High Energy and Nuclear Physics (CHEP03): ECONF C0303241, TUBT003 (2003)

    Google Scholar 

  18. D. Chadwick, A. Otenko: The PERMIS x.509 role based privilege management infrastructure, SACMAT ’02: Proc. 7th ACM symposium on Access control models and technologies (ACM Press, New York 2002) pp. 135–140

    Google Scholar 

  19. D.W. Chadwick, G. Zhao, S. Otenko, R. Laborde, L. Su, T.A. Nguyen: PERMIS: a modular authorization infrastructure, Concurr. Comput. Pract. Exp. 20(11), 1341–1357 (2008), Online, ISSN: 1532-0634

    Article  Google Scholar 

  20. A.J. Stell, R.O. Sinnott, J.P. Watt: Comparison of advanced authorisation infrastructures for grid computing, Proc. High Performance Computing System and Applications 2005, HPCS (2005) pp. 195–201

    Google Scholar 

  21. Permis: http://sec.cs.kent.ac.uk/permis/index.shtml

  22. Akenti: http://dsd.lbl.gov/security/Akenti/

  23. M. Thompson, A. Essiari, K. Keahey, V. Welch, S. Lang, B. Liu: Fine-grained authorization for job and resource management using akenti and the globus toolkit, Proc. Computing in High Energy and Nuclear Physics (CHEP03) (2003)

    Google Scholar 

  24. M. Thompson, A. Essiari, S. Mudumbai: Certificate-based authorization policy in a PKI environment, ACM Trans. Inf. Syst. Secur. 6(4), 566–588 (2003)

    Article  Google Scholar 

  25. Shibboleth project: http://shibboleth.internet2.edu/

  26. V. Welch, T. Barton, K. Keahey: Attributes, anonymity, and access: Shibboleth and globus integration to facilitate grid collaboration, Proc. 4th Annual PKI R&D Workshop Multiple Paths to Trust (2005)

    Google Scholar 

  27. Gridshib project: http://grid.ncsa.uiuc.edu/GridShib

  28. D. Chadwick, A. Novikov, A. Otenko: Gridshib and permis integration, http://www.terena.org/events/tnc2006/programme/presentations/show.php?p res_id=200

  29. Datagrid security design: Deliverable 7.6 DataGrid Project (2003)

    Google Scholar 

  30. R. Alfieri, R. Cecchini, V. Ciaschini, L. dell Agnello, A. Frohner, A. Gianoli, K. Lorentey, F. Spataro: VOMS: An authorisation system for virtual organizations, Proc. 1st European Across Grid Conference (2003)

    Google Scholar 

  31. R. Lepro: Cardea: Dynamic access control in distributed systems, Tech. Rep. NAS Technical Report NAS-03-020, NASA Advanced Supercomputing (NAS) Division (2003)

    Google Scholar 

  32. M. Lorch, D.B. Adams, D. Kafura, M.S.R. Koneni, A. Rathi, S. Shah: The prima system for privilege management, authorization and enforcement in grid environments, GRID ’03: Proc. 4th Int. Workshop on Grid Computing (IEEE Computer Society, Washington 2003) pp. 109–

    Google Scholar 

  33. R. Sandhu, J. Park: Usage control: A vision for next generation access control. In: Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security MMM03, LNCS, Vol. 2776, ed. by V. Gorodetsky, L. Popyack, V. Skormin (Springer, 2003) pp. 17–31

    Google Scholar 

  34. R. Sandhu, J. Park: The UCON_ABC usage control model, ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)

    Article  Google Scholar 

  35. D. Bell, L. LaPadula: Secure computer systems: MITRE Report, MTR 2547, v2 (1973)

    Google Scholar 

  36. R. Sandhu, E. Coyne, H. Feinstein, C. Youman: Role-based access control models, IEEE Comput. 9(2), 38–47 (1996)

    Google Scholar 

  37. X. Zhang, M. Nakae, M. Covington, R. Sandhu: A usage-based authorization framework for collaborative computing systems, Proc. 11th ACM Symposium on Access Control Models and Technologies (SACMAT’06) (ACM Press, 2006)

    Google Scholar 

  38. X. Zhang, M. Nakae, M.J. Covington, R. Sandhu: Toward a usage-based security framework for collaborative computing systems, ACM Trans. Inf. Syst. Secur. 11(1), 1–36 (2008)

    Article  MATH  Google Scholar 

  39. F. Martinelli, P. Mori, A. Vaccarelli: Towards continuous usage control on grid computational services, Proc. of Int. Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services 2005 (IEEE Computer Society, 2005) p. 82

    Google Scholar 

  40. H. Koshutanski, F. Martinelli, P. Mori, A. Vaccarelli: Fine-grained and history-based access control with trust management for autonomic grid services, Proc. of Int. Conference on Autonomic and Autonomous Systems (2006)

    Google Scholar 

  41. GridTrust project: http://www.gridtrust.eu/

  42. F. Martinelli, P. Mori, A. Vaccarelli: Fine grained access control for computational services. Tech. Rep. TR-06/2006, Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa (2006)

    Google Scholar 

  43. F. Martinelli, P. Mori: A model for usage control in grid systems, Proc. 1st Int. Workshop on Security, Trust and Privacy in Grid Systems (GRID-STP07) (2007)

    Google Scholar 

  44. X. Zhang, F. Parisi-Presicce, R. Sandhu, J. Park: Formal model and policy specification of usage control, ACM Trans. Inf. Syst. Secur. 8(4), 351–387 (2005)

    Article  Google Scholar 

  45. X. Zhang, M. Nakae, M. Covington, J.R. Sandhu: A usage-based authorization framework for collaborative computing systems, SACMAT (2006) pp. 180–189

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Via. G. Moruzzi 1, Pisa, Italy

    Maurizio Colombo, Fabio Martinelli & Paolo Mori

  2. Dipartimento di Informatica, Università di Pisa, Largo B. Pontecorvo 3, Pisa, Italy

    Aliaksandr Lazouski

Authors
  1. Maurizio Colombo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aliaksandr Lazouski
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fabio Martinelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Paolo Mori
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Technical University of Crete, 73132, Chania, Crete, Greece

    Peter Stavroulakis

  2. Dept. Computer Science, San Jose State University, One Washington Square, 95192, San Jose, CA, USA

    Mark Stamp

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Colombo, M., Lazouski, A., Martinelli, F., Mori, P. (2010). Access and Usage Control in Grid Systems. In: Stavroulakis, P., Stamp, M. (eds) Handbook of Information and Communication Security. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04117-4_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04117-4_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04116-7

  • Online ISBN: 978-3-642-04117-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation