Role-Based Secure Inter-operation and Resource Usage Management in Mobile Grid Systems

  • Antonios Gouglidis
  • Ioannis Mavridis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6633)

Abstract

Dynamic inter-domain collaborations and resource sharing comprise two key characteristics of mobile Grid systems. However, inter-domain collaborations have proven to be vulnerable to conflicts that can lead to privilege escalation. These conflicts are detectable in inter-operation policies, and occur due to cross-domain role relationships. In addition, resource sharing requires to be enhanced with resource usage management in virtual organizations where mobile nodes act as resource providers. In this case the enforcement of resource usage policies and quality of service policies are required to be supported due to the limited capabilities of the devices. Yet, the ANSI INCITS 359-2004 standard RBAC model provides neither any policy conflict resolution mechanism among domains, nor any resource usage management functionality. In this paper, we propose the domRBAC model for access control in mobile Grid systems at a low administrative overhead. The domRBAC is defined as an extension of the standardized RBAC by incorporating additional functionality to cope with requirements posed by the aforementioned systems. As a result, domRBAC facilitates collaborations among domains under secure inter-operation, and provides support for resource usage management in the context of multi-domain computing environments, where mobile nodes operate as first-class entities.

Keywords

mobile Grid role based access control (RBAC) secure inter-operation resource usage management cross-domain authorization 

References

  1. 1.
    Alfieri, R., Cecchini, R.L., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., Lõrentey, K., Spataro, F.: VOMS, an authorization system for virtual organizations. In: Fernández Rivera, F., Bubak, M., Gómez Tato, A., Doallo, R. (eds.) Across Grids 2003. LNCS, vol. 2970, pp. 33–40. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    American National Standard Institute, I.: Ansi incits 359-2004, role based access control (2004)Google Scholar
  3. 3.
    Benantar, M.: Access Control Systems: Security, Identity Management and Trust Models. Springer-Verlag New York, Inc., New York (2005)Google Scholar
  4. 4.
    Chadwick, D.: Authorisation in grid computing. Information Security Technical Report 10(1), 33–40 (2005)Google Scholar
  5. 5.
    Chadwick, D., Otenko, A., Ball, E.: Role-based access control with x. 509 attribute certificates. IEEE Internet Computing 7(2), 62–69 (2003)CrossRefGoogle Scholar
  6. 6.
    Chen, L., Crampton, J.: Inter-domain role mapping and least privilege. In: SACMAT 2007: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 157–162. ACM, New York (2007)CrossRefGoogle Scholar
  7. 7.
    Chu, D.C., Humphrey, M.: Mobile ogsi.net: Grid computing on mobile devices. In: IEEE/ACM International Workshop on Grid Computing, pp. 182–191 (2004)Google Scholar
  8. 8.
    Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House, Inc., Norwood (2003)Google Scholar
  9. 9.
    Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications 15(3), 200 (2001)CrossRefGoogle Scholar
  10. 10.
    Gong, L., Qian, X.: Computational issues in secure interoperation. IEEE Trans. Softw. Eng. 22(1), 43–52 (1996)CrossRefGoogle Scholar
  11. 11.
    Gouglidis, A., Mavridis, I.: On the definition of access control requirements for grid and cloud computing systems. In: Doulamis, A., Mambretti, J., Tomkos, I., Varvarigou, T. (eds.) GridNets 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 25, pp. 19–26. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    ISO/IEC-13568: Information technology z - formal specification notation - syntax, type system and semantics, international Standard (2002)Google Scholar
  13. 13.
    Jonathan, L., Gross, J.Y. (eds.): Handbook of Graph Theory (Discrete Mathematics and Its Applications), 1st edn. CRC, Boca Raton (2003)Google Scholar
  14. 14.
    Neumann, G., Strembeck, M.: An approach to engineer and enforce context constraints in an rbac environment. In: SACMAT 2003: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 65–79. ACM, New York (2003)CrossRefGoogle Scholar
  15. 15.
    Park, J., Sandhu, R.: The ucon abc usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)CrossRefGoogle Scholar
  16. 16.
    Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks., pp. 50–59. IEEE, Los Alamitos (2002)CrossRefGoogle Scholar
  17. 17.
    Phan, T., Huang, L., Dulan, C.: Challenge: integrating mobile wireless devices into the computational grid. In: Proceedings of the 8th Annual International Conference on Mobile Computing and Networking, p. 278. ACM, New York (2002)Google Scholar
  18. 18.
    Racz, P., Burgos, J., Inacio, N., Morariu, C., Olmedo, V., Villagra, V., Aguiar, R., Stiller, B.: Mobility and qos support for a commercial mobile grid in akogrimo. In: 16th IST on Mobile and Wireless Communications Summit, pp. 1–5 (2007)Google Scholar
  19. 19.
    Sandhu, R., Park, J.: Usage control: A vision for next generation access control. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17–31. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)Google Scholar
  21. 21.
    Shafiq, B., Joshi, J.B.D., Bertino, E., Ghafoor, A.: Secure interoperation in a multidomain environment employing rbac policies. IEEE Trans. on Knowl. and Data Eng. 17(11), 1557–1577 (2005)CrossRefGoogle Scholar
  22. 22.
    Shehab, M., Bertino, E., Ghafoor, A.: Serat: Secure role mapping technique for decentralized secure interoperability. In: SACMAT 2005: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 159–167. ACM, New York (2005)CrossRefGoogle Scholar
  23. 23.
    Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based authorization policy in a pki environment. ACM Transactions on Information and System Security (TISSEC) 6(4), 566–588 (2003)CrossRefGoogle Scholar
  24. 24.
    Tolone, W., Ahn, G.J., Pai, T., Hong, S.P.: Access control in collaborative systems. ACM Comput. Surv. 37(1), 29–41 (2005)CrossRefGoogle Scholar
  25. 25.
    Waldburger, M., Stiller, B.: Regulatory issues for mobile grid computing in the european union. In: 17th European Regional ITS Conference, Amsterdam, The Netherlands, pp. 1–9 (2006)Google Scholar
  26. 26.
    Zhang, G., Parashar, M.: Dynamic context-aware access control for grid applications. In: Proceedings of the Fourth International Workshop on Grid Computing 2003, pp. 101–108. IEEE, Los Alamitos (2004)Google Scholar
  27. 27.
    Zhang, X., Nakae, M., Covington, M., Sandhu, R.: A usage-based authorization framework for collaborative computing systems. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, pp. 180–189. ACM, New York (2006)CrossRefGoogle Scholar
  28. 28.
    Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Toward a usage-based security framework for collaborative computing systems. ACM Trans. Inf. Syst. Secur. 11(1), 1–36 (2008)MATHCrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Antonios Gouglidis
    • 1
  • Ioannis Mavridis
    • 1
  1. 1.Department of Applied InformaticsUniversity of MacedoniaThessalonikiGreece

Personalised recommendations