An Access Control Model for a Grid Environment Employing Security-as-a-Service Approach
There is a continuous effort at addressing security challenges of large scale service oriented computing (SOC) infrastructures like grids. A lot of research efforts towards development of authentication and authorization models for grid systems have been made because existing grid security solutions do not satisfy some desirable access control requirements of distributed services; such as support for multiple security policies. However, most of these security models are domain and/or application specific. Domain/application-specific approach to providing security solution is a duplication of effort, which also increases the cost of developing and maintaining applications. This paper presents the design of an access control model for grid-based system that employs security as a service (SecaaS) approach. By SecaaS approach, each atomic access control function (such as authentication, authorization) will be provided as a reusable service that can be published and subscribed to by different grid entities. In this approach, each admin domain will no longer need to have its own domain-specific access control logic built into it. Whenever an access control service is required the domain administrator subscribes to this service from SecaaS. This approach has a number of benefits, including making changes to security policies dynamically on the fly.
KeywordsAccess Control Administrative Domain Grid Computing Security Service provider
- 1.Jacob, B., Brown, M., Fukui, K. and Trivedi, N.. Introduction to Grid Computing, IBM Corporation, Ibm.com/redbooks , 2005.Google Scholar
- 2.Magoules, F., Pan, J., Tan, K. and Kumar, A.. Introduction to Grid computing, London, CRC Press, Chapman and Hall Book, 2009.Google Scholar
- 3.Sotomayor and Childers. Globus Toolkit 4: programming Java Services, san Francisco, Morgan Kaufmann Publisher, 2006.Google Scholar
- 4.Singh, S., Singh, K., & Kaur, H. Design and Evaluation of policy-based Authorization Model for large Scale Distributed Systems, IJCSNS International Journal of Computer Science and Network Security, 2009, Vol. 9 No. 11, pg 49-55Google Scholar
- 5.Jie, W., Arshad, J., Sinnott, R., Townend, P & Lei, Z. A Review of Grid Authentication and Authorization Technologies and Support for Federated Access Control, ACM Computing Survey, vol.43, no 2, Article 12, January 2011.Google Scholar
- 6.Singh, S. & Bawa, S. A Privacy, Trust and Policy based Authorization Framework for services in Distributed Environment, International Journal of Computer Science, 2007, Vol 2 , No. 2.Google Scholar
- 7.Zhao, S., Aggarwal, A. & Kent, R.D. PKI-Based Authentication Mechanisms in Grid Systems, International Conference on Networking, Architectures and Storage, IEEE Computer Society, 2007.Google Scholar
- 8.Singh , S. & Bawa, S. Design of a framework for Handling Security Issues in Grids, IEEE 9th International conference on Information Technology, 2006.Google Scholar
- 9.Hartman, B., Flinn, D.J., Benznosov, K. & kawamote, S. Mastering Web Services Security, Canada, Wiley Publishing, Inc, 2003.Google Scholar
- 10.Ekabua, O.O & Adigun M.O. GUISET LogOn: Design and Implementation of GUISET-driven Authorization framework, Proceedings of Cloud computing 2010. The first International Conference on Loud Computing, Grids and Virtualization.Google Scholar
- 11.Lang, B.O , Foster , I., Siebenlist, F., Ananthakrishnan, R.,& Freeman, T. A Multipolicy Authorization Framework for Grid Security, 2008. http://www.mcs.anl.gov/uploads/cels/papers, Retrieved on 23-05-2011.
- 12.Squicciarini, A.C., Bhargav-Spantzel, A., Bertino E., & Czeksis, A.B. Auth-SL – A System for the Specification Enforcement of Quality-Based Authentication policies, ICICS, 2007, pg 386-397Google Scholar
- 13.Bertino, E., Martino, L.D., Paci, F. & Squicciarini, A.C. Security for Web Services and Service- oriented Architectures, London, Springer, 2010.Google Scholar
- 14.Moses, T. Extensible Access Control Markup Language (XACML), (OASIS Standard, 2005). Available online at http://docs.oasis- open.org/xacml/2.0/; Accessed 12th June, 2012.