Abstract
This paper reasons on usage control in Data Grids. We adapt the UCON abc usage control framework for the case of distributed systems with multiple authoritative points. We call it the distributed usage control model. Then, we present an architecture implementing such model. In doing so, we use the functional components of the current Grids. Finally, we show a simple way for controlling the policy granularity using Semantic Grid technologies for the specification of policy subjects and objects.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Antonioletti, M., Berry, D., Chervenak, A., Kunszt, P., Luniewski, A., Laws, S., Morgan, M.: Ogsa data architecture v0.6.6. Technical report, Open Grid Forum (2007), http://forge.gridforum.org/sf/go/doc13635?nav=1
Aziz, B., Arenas, A., Martinelli, F., Matteucci, I., Mori, P.: Controlling usage in business process workflows through fine-grained security policies. In: Springer (ed.) 5th International Conference on Trust, Privacy& Security in Digital Business (2008)
Chadwick, D.: Functional components of grid service provider authorisation service middleware. Technical report, Open Grid Forum (2008), http://forge.gridforum.org/sf/go/doc15171?nav=1
Corcho, Ó., Alper, P., Kotsiopoulos, I., Missier, P., Bechhofer, S., Goble, C.A.: An overview of s-ogsa: A reference semantic grid architecture. J. Web Sem. 4(2), 102–115 (2006)
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed nist standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) (3), 224–274 (2001)
Frohner, A., Kunszt, P.Z., Brito da Rocha, R., Laure, E.: Security of distributed data management. Technical Report EGEE-TR-2006-003. EGEE-TR-2006-DATASEC (2006)
Group, T.S.R.M.W.: An internet attribute certificate profile for authorization (2008), http://sdm.lbl.gov/srm-wg/doc/SRM.v2.2.pdf http://sdm.lbl.gov/srm-wg/doc/SRM.v.2.2.pdf
HealthGrid: Healthgrid white paper. Technical Report HealthGrid-White_Paper-Draft_v.1.1-5, HealthGrid (2004)
Hilty, M., Pretschner, A., Schaefer, C., Walter, T.: Usage control requirements in mobile and ubiquitous computing applications. In: ICSNC 2006: Proceedings of the International Conference on Systems and Networks Communication, p. 27. IEEE Computer Society, Los Alamitos (2006)
Martinelli, F., Mori, P.: A Model for Usage Control in GRID systems. In: Grid-STP 2007, International Conference on Security, Trust and Privacy in Grid Systems. IEEE Computer Society, Los Alamitos (2007)
Martinelli, F., Mori, P., Vaccarelli, A.: Towards continuous usage control on grid computational services. In: ICAS/ICNS, p. 82 (2005)
Moore, R., Jagatheesan, A., Rajasekar, A., Wan, M., Schroeder, W.: Data Grid Management Systems. In: Proceedings of the 21st IEEE/NASA Conference on Mass Storage Systems and Technologies, Maryland, USA (2004)
OASIS: Oasis extensible access control markup language (xacml) tc (2005), http://www.oasis-open.org/committees/xacml
Park, J., Sandhu, R.: The UCON\(_{\textup{abc}}\) Usage Control Model. ACM Transactions on Information and System Security 7(1), 128–174 (2004)
Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Communications of the ACM (2006)
Pretschner, A., Massacci, F., Hilty, M.: Usage control in service-oriented architectures. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds.) TrustBus 2007. LNCS, vol. 4657, pp. 83–93. Springer, Heidelberg (2007)
Sandhu, R.S., Park, J.: Usage control: A vision for next generation access control. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17–31. Springer, Heidelberg (2003)
Stagni, F., Arenas, A.E., Aziz, B.: On usage control in data grids. Technical Report TR-0154, Institute on Knowledge and Data Management, CoreGRID - Network of Excellence (2008)
Sufi, S., Matthews, B.M.: The cclrc scientific metadata model: a metadata model for the exploitation of scientific studies and associated data. In: Knowledge and Data Management in Grids (2005), http://epubs.cclrc.ac.uk/work-details?w=34195
team, E.J.: Egee global security architecture for web and legacy services. deliverable EGEE-JRA3-TEC-487004-DJRA3.1-v1-1, EGEE JRA3 (2004)
Venturi, V., Stagni, F., Gianoli, A., Ceccanti, A., Ciaschini, V.: Virtual organization management across middleware boundaries. In: E-SCIENCE 2007: Proceedings of the Third IEEE International Conference on e-Science and Grid Computing, pp. 545–552. IEEE Computer Society, Washington (2007), http://dx.doi.org/10.1109/E-SCIENCE.2007.84
Venugopal, S., Buyya, R., Ramamohanarao, K.: A taxonomy of data grids for distributed data sharing, management, and processing. ACM Comput. Surv. 38(1), 3 (2006), http://dx.doi.acm.org/10.1145/1132952.1132955
Xu, M., Jiang, X., Sandhu, R., Zhang, X.: Towards a vmm-based usage control framework for os kernel integrity protection. In: SACMAT 2007: Proceedings of the 12th ACM symposium on Access control models and technologies, pp. 71–80. ACM, New York (2007), http://doi.acm.org/10.1145/1266840.1266852
Yao, D.: An ad hoc trust inference model for flexible and controlled information sharing. In: Security and Management, pp. 555–561 (2008)
Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Toward a usage-based security framework for collaborative computing systems. ACM Trans. Inf. Syst. Secur. 11(1), 1–36 (2008), http://doi.acm.org/10.1145/1330295.1330298
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal Model and Policy Specification of Usage Control. ACM Transactions on Information and System Security 8(4), 351–387 (2005), http://doi.acm.org/10.1145/1108906.1108908
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Stagni, F., Arenas, A., Aziz, B., Martinelli, F. (2009). On Usage Control in Data Grids. In: Ferrari, E., Li, N., Bertino, E., Karabulut, Y. (eds) Trust Management III. IFIPTM 2009. IFIP Advances in Information and Communication Technology, vol 300. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02056-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-02056-8_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02055-1
Online ISBN: 978-3-642-02056-8
eBook Packages: Computer ScienceComputer Science (R0)