Strumenti Utente

Strumenti Sito


dm:abstract.lazouski

Grid is a computational environment where heterogeneous resources are virtualized and outsourced to multiple users across the Internet. The in- creasing popularity of the resources visualization is explained by the emerg- ing suitability of such technology for automated execution of heavy parts of business and research processes. Efficient and flexible model for access and usage control over computational Grid resources is a prominent challenge. This talk will outline the novel access and usage control model providing the fine-grained and continuous control over computational Grid resources. The approach takes into account peculiarities of Grid: service-oriented archi- tecture, long-lived interactions, heterogeneity and distribution of resources, openness and high dynamics. We tackle the access and usage control problem by Usage CONtrol (UCON) model, introduced by R. Sandhu and J. Park. UCON is an attribute-based access control model where an access decision is formed by evaluating autho- rization and condition predicates, and fulfillment of obligation actions. Con- tinuous control and mutability of attributes are main novelties of the UCON model regarding traditional access control model. UCON assumes that at- tributes might change during execution of granted access rights. Continuous control means that an access decision is made not only before allowing access a service, but also when the access is in progress, i.e. the requestor executes access rights. Access and usage control over Grid services is considered on three levels of abstraction: policy, enforcement and implementation. The policy level intro- duces security policies designed to specify the desired granularity of control: coarse-grained policies that manages access and usage of Grid services, and fine-grained policies that monitor the usage of underlying resources allocated for a particular Grid service instance. The enforcement level presents the architecture of the state-full reference monitor designed to enforce security policies on coarse- and fine-grained levels of control. The implementation level presents a proof-of-concept realization of our access and usage control model in Globus Toolkit.

dm/abstract.lazouski.txt · Ultima modifica: 11/01/2011 alle 07:30 (13 anni fa) da Fosca Giannotti