A Novel VO-Based Access Control Model for Grid

  • Weizhong Qiang
  • Hai Jin
  • Xuanhua Shi
  • Deqing Zou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3251)


As an important aspect of grid security, access control model gets more and more attention. Entities in virtual organizations (VOs) must establish a dynamic, secure and cooperative trust mechanism. This paper analyses the cross-organization, dynamic, cooperative and multilevel characteristics of access control problem in grid, and proposes a novel VO-based access control framework. The multilevel access control model is introduced for multilevel requirements and delegation concept is also introduced for permission delegation across organizations.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. International Journal of High Performance Computing Applications 15(3), 200–222 (2001)CrossRefGoogle Scholar
  2. 2.
    Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A Security Architecture for Computational Grids. In: Proceedings of the 5th ACM Conference on Computer and Communications Security, San Francisco, CA, USA, pp. 83–92 (1998)Google Scholar
  3. 3.
    Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2) (February 1996)Google Scholar
  4. 4.
    Ferraiolo, D.F., Sandhu, R., et al.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)CrossRefGoogle Scholar
  5. 5.
    Thomas, R.K.: Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In: Proceedings of the 2nd ACM workshop on Role-based access control, Fairfax, VA, USA, October 1997, pp. 13–19 (1997)Google Scholar
  6. 6.
    Wang, W.: Team-and-Role-Based Organizational Context and Access Control for Cooperative Hypermedia Environments. In: Proceeding of ACM Hypertext 1999, Darmstadt, Germany, pp. 37–46 (1999)Google Scholar
  7. 7.
    Thomas, R.K., Sandhu, R.S.: Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. In: Proceedings of the IFIP WG11.3 Workshop on Database Security, Lake Tahoe, California (August 1997)Google Scholar
  8. 8.
    Atluri, V., Huang, W.K.: An authorization model for workflow. In: Proceeding of the Fourth European Symposium on Research in Computer Security, September 1996, pp. 44–64 (1996)Google Scholar
  9. 9.
    Cohen, E., Thomas, R.K., Winsborough, W., Shands, D.: Models for coalition-based access control (CBAC). In: Proceedings of the seventh ACM symposium on Access control models and technologies, Monterey, CA, USA (June 2002)Google Scholar
  10. 10.
    Thompson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate- based Access Control for Widely Distributed Resources. In: Proceedings of the Eighth Usenix Security Symposium (August 1999)Google Scholar
  11. 11.
    Chadwick, D., Otenko, A.: The Permis X.509 Role Based Privilege Management Infrastructure. In: Proceedings of SACMAT 2002 Conference, pp. 135–140. ACM Press, New York (2002)Google Scholar
  12. 12.
    Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A Community Authorization Service for Group Collaboration. In: Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks (2002)Google Scholar
  13. 13.
    Keahey, K., Welch, V., Lang, S., Liu, B., Meder, S.: Fine-Grain Authorization Policies in the GRID: Design and Implementation. In: Proceedings of the 1st International Workshop on Middleware for Grid Computing (2003)Google Scholar
  14. 14.
    Ramakrishnan, L., et al.: An Authorization Framework for a Grid Based Component Architecture. In: Proc. of the 3rd International Workshop on Grid Computing (2002)Google Scholar
  15. 15.
    Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Meder, S., Pearlman, L., Tuecke, S.: Security for grid services. In: Proceedings of 12th International Symposium on High Performance Distributed Computing (HPDC-12), IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  16. 16.
    Sandhu, R., Bhamidipati, V., Coyne, E., Ganta, S., Youman, C.: The ARBAC 1997 model for role-based administration of roles: preliminary description and outline. In: Proceedings of the 2nd ACM workshop on Role-based access control, October 1997, pp. 41–50 (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Weizhong Qiang
    • 1
  • Hai Jin
    • 1
  • Xuanhua Shi
    • 1
  • Deqing Zou
    • 1
  1. 1.Cluster and Grid Computing LabHuazhong University of Science and TechnologyWuhanChina

Personalised recommendations