Advertisement

Usage Control, Risk and Trust

  • Leanid Krautsevich
  • Aliaksandr Lazouski
  • Fabio Martinelli
  • Paolo Mori
  • Artsiom Yautsiukhin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6264)

Abstract

In this paper we describe our general framework for usage control (UCON) enforcement on GRID systems. It allows both GRID services level enforcement of UCON as well as fine-grained one at the level of local GRID node resources. In addition, next to the classical checks for usage control: checks of conditions, authorizations, and obligations, the framework also includes trust and risk management functionalities. Indeed, we show how trust and risk issues naturally arise when considering usage control in GRID systems and services and how our architecture is flexible enough to accommodate both notions in a pretty uniform way.

Keywords

Security Policy Grid Service Resource Provider Usage Control Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Alfieri, R., Cecchini, R., Ciaschini, V., dell Agnello, L., Frohner, A., Gianoli, A., Lorentey, K., Spataro, F.: VOMS: An authorisation system for virtual organizations. In: Proceedings of 1st European Across Grid Conference (2003)Google Scholar
  2. 2.
    Aziz, A.B., Foley, A.S., Herbert, A.J., Swart, A.G.: Reconfiguring role based access control policies using risk semantics. Journal of High Speed Networks 15(3), 261–273 (2006)Google Scholar
  3. 3.
    Chadwick, D., Otenko, A.: The PERMIS X.509 role-based privilege management infrastructure. In: Seventh ACM Symposium on Access Control Models and Technologies, pp. 135–140. ACM Press, New York (2002)CrossRefGoogle Scholar
  4. 4.
    Colombo, M., Lazouski, A., Martinelli, F., Mori, P.: Controlling the usage of grid services. International Journal of Computational Science (2010)Google Scholar
  5. 5.
    Colombo, M., Martinelli, F., Mori, P., Petrocchi, M., Vaccarelli, A.: Fine grained access control with trust and reputation management for globus. In: Meersman, R., Tari, Z. (eds.) OTM 2007, Part II. LNCS, vol. 4804, pp. 1505–1515. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Colombo, M., Martinelli, F., Mori, P., Vaccarelli, A.: Extending the globus architecture with role-based trust management. In: Moreno Díaz, R., Pichler, F., Quesada Arencibia, A. (eds.) EUROCAST 2007. LNCS, vol. 4739, pp. 448–456. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Diep, N.N., Hung, L.X., Zhung, Y., Lee, S., Lee, Y.-K., Lee, H.: Enforcing access control using risk assessment. In: ECUMN ’07: Proceedings of the Fourth European Conference on Universal Multiservice Networks, Washington, DC, USA, pp. 419–424. IEEE Computer Society, Los Alamitos (2007)CrossRefGoogle Scholar
  8. 8.
    Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J., Moody, K.: Using trust and risk in role-based access control policies. In: Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, pp. 156–162. ACM, New York (2004)Google Scholar
  9. 9.
    Foster, I.: The anatomy of the grid: Enabling scalable virtual organizations. In: Sakellariou, R., Keane, J.A., Gurd, J.R., Freeman, L. (eds.) Euro-Par 2001. LNCS, vol. 2150, p. 1. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Foster, I.: Globus toolkit version 4: Software for service-oriented systems. In: Jin, H., Reed, D., Jiang, W. (eds.) NPC 2005. LNCS, vol. 3779, pp. 2–13. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Foster, I., Kesselman, C., Nick, J., Tuecke, S.: The physiology of the grid: An open grid service architecture for distributed system integration. Globus Project (2002), http://www.globus.org/research/papers/ogsa.pdf
  12. 12.
    Foster, I., Kesselman, C., Pearlman, L., Tuecke, S., Welch, V.: A community authorization service for group collaboration. In: Proceedings of the 3rd IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY 2002), pp. 50–59 (2002)Google Scholar
  13. 13.
    Foster, I., Kishimoto, H., Savva, A., Berry, D., Djaoui, A., Grimshaw, A., Horn, B., Maciel, F., Siebenlist, F., Subramaniam, R., Treadwell, J., Reich, J.V.: The open grid service architecture (ogsa), version 1.5. Open Grid Forum Document Series: GFD-I.080 (2006), http://www.ogf.org/documents/GFD.80.pdf
  14. 14.
    Han, Y., Hori, Y., Sakurai, K.: Security policy pre-evaluation towards risk analysis. In: Proceedings of the 2008 International Conference on Information Security and Assurance (ISA 2008), Washington, DC, USA, pp. 415–420. IEEE Computer Society, Los Alamitos (2008)CrossRefGoogle Scholar
  15. 15.
    Krautsevich, L., Lazouski, A., Martinelli, F., Yautsiukhin, A.: Risk-aware usage decision making in highly dynamic systems. In: Proceedings of the Fifth International Conference on Internet Monitoring and Protection, Barcelona, Spain (May 2010)Google Scholar
  16. 16.
    Krautsevich, L., Lazouski, A., Martinelli, F., Yautsiukhin, A.: Risk-based usage control for service oriented architecture. In: Proceedings of the 18th Euromicro Conference on Parallel, Distributed and Network-Based Processing. IEEE Computer Society Press, Los Alamitos (2010)Google Scholar
  17. 17.
    Lazouski, A., Martinelli, F., Mori, P.: A survey of usage control in computer security. Computer Science Review (4), 81–99 (2010)Google Scholar
  18. 18.
    Li, N., Mitchell, J., Winsborough, W.: Design of a role-based trust management framework. In: Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  19. 19.
    Li, Y., Sun, H., Chen, Z., Ren, J., Luo, H.: Using trust and risk in access control for grid environment. In: Proceedings of the 2008 International Conference on Security Technology, Washington, DC, USA, pp. 13–16. IEEE Computer Society, Los Alamitos (2008)CrossRefGoogle Scholar
  20. 20.
    Martinelli, F., Mori, P.: On usage control for grid systems. Future Generation Computer Systems 26(7), 1032–1042 (2010)CrossRefGoogle Scholar
  21. 21.
    Martinelli, F., Mori, P., Vaccarelli, A.: Towards continuous usage control on grid computational services. In: ICAS-ICNS ’05: Proceedings of the Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services, p. 82. IEEE Computer Society, Los Alamitos (2005)CrossRefGoogle Scholar
  22. 22.
    McGraw, R.W.: Risk-adaptable access control (radac), http://csrc.nist.gov/news_events/privilege-management-workshop/radac-Paper0001.pdf (September 16, 2009)
  23. 23.
    Nagaratnam, N., Janson, P., Dayka, J., Nadalin, A., Siebenlist, F., Welch, V., Foster, I., Tuecke, S.: Security architecture for open grid services. Global Grid Forum Recommendation (2003)Google Scholar
  24. 24.
    Ni, Q., Bertino, E., Lobo, J.: Risk-based access control systems built on fuzzy inferences. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 250–260. ACM Press, New York (2010)Google Scholar
  25. 25.
    Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Transactions on Information and System Security (TISSEC) 7(1), 128–174 (2004)CrossRefGoogle Scholar
  26. 26.
    Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based authorization policy in a pki environment. ACM Transactions on Information and System Security (TISSEC) 6(4), 566–588 (2003)CrossRefGoogle Scholar
  27. 27.
    Winsborough, W., Mitchell, J.: Distributed credential chain discovery in trust management. Journal of Computer Security 11(1), 36–86 (2003)Google Scholar
  28. 28.
    Zhang, L., Brodsky, A., Jajodia, S.: Toward information sharing: Benefit and risk access control (barac). In: Proceedings of the 7th International Workshop on Policies for Distributed Systems and Networks, Washington, DC, USA, pp. 45–53. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  29. 29.
    Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Toward a usage-based security framework for collaborative computing systems. ACM Transactions on Information and System Security (TISSEC) (2008)Google Scholar
  30. 30.
    Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Transactions on Information and System Security (TISSEC) 8(4), 351–387 (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Leanid Krautsevich
    • 1
    • 2
  • Aliaksandr Lazouski
    • 1
    • 2
  • Fabio Martinelli
    • 2
  • Paolo Mori
    • 2
  • Artsiom Yautsiukhin
    • 2
  1. 1.Department of Computer ScienceUniversity of PisaItaly
  2. 2.Istituto di Informatica e TelematicaConsiglio Nazionale delle RicercheItaly

Personalised recommendations