Skip to main content
SpringerLink
Log in

A theorem on grid access control

  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

The current grid security research is mainly focused on the authentication of grid systems. A problem to be solved by grid systems is to ensure consistent access control. This problem is complicated because the hosts in a grid computing environment usually span multiple autonomous administrative domains. This paper presents a grid access control model, based on asynchronous automata theory and the classic Bell-LaPadula model. This model is useful to formally study the confidentiality and integrity problems in a grid computing environment. A theorem is proved, which gives the necessary and sufficient conditions to a grid to maintain confidentiality. These conditions are the formalized descriptions of local (node) relations or relationship between grid subjects and node subjects.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Czajkowski K, Foster I, Karonis Net al. A resource management architecture for metacomputing systems. InProc. IPPS/SPDP '98 Workshop on Job Scheduling Strategies for Parallel Processing, 1998.

  2. Ferrari A, Knabe F, Humphrey Met al. A flexible security system for metacomputing environments.High Performance Computing and Networking Europe, Apr., 1999.

  3. Foster I, Kesselman C, Tsudik G, Tuecke S. A security architecture for computational grids. InProc. 5th ACM Conference on Computer and Communications Security, NY, 1998, pp.83–92.

  4. Gheorghiu G, Ryutov T, Neuman B C. Authorization for metacomputing application. InProc. the 7th IEEE International Symposium on High Performance Distributed Computing, July 28–31, 1998.

  5. International Standard, Evaluation Criteria for IT Security Part 1: Introduction and General Model ISO/IEC 15408-1, First Edition, Dec., 1999.

  6. Lin T Y. Bell-LaPadula axioms: A ‘new’ paradigm for an ‘old’ model. InProc. 1992 ACM SIGSAC New Security Paradigms Workshop, 1992, pp.82–93.

  7. Lynch N A. Distributed Algorithms. Morgan Kaufmann, 1997.

  8. Pearlman L, Welch V, Foster Iet al. A community authorization service for group collaboration. InProc. IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2001.

  9. Sandhu R S. Lattice-based access control models.IEEE Computer, 1993, 26(11): 9–19.

    Google Scholar 

  10. Sundaram B, Chapman B M. Policy engine: A framework for authorization, accounting policy specification and evaluation in grids. InProc. GRID 2001, 2001, pp.145–153.

  11. Trusted Computer System Evaluation Criteria.DOD-5200.28-STD, U.S. Department of Defense, Dec. 1985.

  12. Tuecke S. Grid security infrastructure (GSI) roadmap.Grid Forum Draft, GSI Working Group, Oct. 2000.

  13. Waldhart N A. The army secure operating system.1990 IEEE Computer Society Symposium on Research in Security and Privacy, 1990, pp.50–60.

  14. Xu Z, Bu G. A grid access control theorem and its proof. Vega Grid Technical Report, VGP-4, Jan. 2003, Institute of Computing Technology, the Chinese Academy of Sciences, Jan., 2003.

  15. Xu Z, Li W. The research on VEGA grid architecture.Journal of Computer Research and Development, Aug., 2002, 39(8): 923–929 (in Chinese)

    Google Scholar 

  16. Xu Z, Sun N, Meng D, Li W. Cluster and grid superservers: The Dawning experience in China. InProc. the 3rd IEEE Int. Conf. Cluster Computing, 2001.

Download references

Author information

Authors and Affiliations

  1. Institute of Computing Technology, The Chinese Academy of Sciences, 100080, Beijing, P.R. China

    ZhiWei Xu & GuanYing Bu

Authors
  1. ZhiWei Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. GuanYing Bu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to ZhiWei Xu.

Additional information

This work is supported in part by the Nationa. Natural Science Foundation of China (Grant No.69925205), the National High Technology Research and Development 863 Program of China (Grant No.2002AA104310), and the Chinese Academy of Sciences Oversea Distinguished Scholars Fund (Grant No.20014010).

XU ZhiWei received his Ph.D. degree from University of Southern California, USA. He is a professor and deputy director of the Institute of Computing Technology, the Chinese Academy of Sciences. His research interests are grid and cluster computing, high performance computer architecture and secure operating system.

BU GuanYing received his Ph.D. degree from Institute of Computing Technology, the Chinese Academy of Sciences. His research interests are grid computing and its theoretical model.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Xu, Z., Bu, G. A theorem on grid access control. J. Comput. Sci. & Technol. 18, 515–522 (2003). https://doi.org/10.1007/BF02948926

Download citation

  • Received:

  • Issue Date:

  • DOI: https://doi.org/10.1007/BF02948926

Keywords

Search

Navigation