Efficient integration of fine-grained access control and resource brokering in grid

Authors:
P. Mazzoleni;B. Crispo;S. Sivasubramanian;E. Bertino
Affiliations:
IBM--T.J. Watson, Armonk, USA;University of Trento, Trento, Italy;Amazon.com, Seattle, USA;Department of Computer Science and CERIAS, Purdue University, West Lafayette, USA
Venue:
The Journal of Supercomputing
Year:
2009

Citing 11
Cited 1

A security architecture for computational grids

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
The grid: blueprint for a new computing infrastructure

The grid: blueprint for a new computing infrastructure
On specifying security policies for web documents with an XML-based language

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Beowulf Cluster Computing with Windows

Beowulf Cluster Computing with Windows
A taxonomy and survey of grid resource management systems for distributed computing

Software—Practice & Experience
A National-Scale Authentication Infrastructure

Computer
Integrating Trust into Grid Resource Management Systems

ICPP '02 Proceedings of the 2002 International Conference on Parallel Processing
Certificate-based authorization policy in a PKI environment

ACM Transactions on Information and System Security (TISSEC)
The PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments

GRID '03 Proceedings of the 4th International Workshop on Grid Computing
BOINC: A System for Public-Resource Computing and Storage

GRID '04 Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing
‘R-What?’ Development of a role-based access control policy-writing tool for e-Scientists: Research Articles

Software—Practice & Experience - Grid Security

Negotiation strategies considering market, time and behavior functions for resource allocation in computational grid

The Journal of Supercomputing

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present a novel resource brokering service for grid systems which considers authorization policies of the grid nodes in the process of selecting the resources to be assigned to a request. We argue such an integration is needed to avoid scheduling requests onto resources the policies of which do not authorize their execution. Our service, implemented in Globus as a part of Monitoring and Discovery Service (MDS), is based on the concept of fine-grained access control (FGAC) which enables participating grid nodes to specify fine-grained policies concerning the conditions under which grid clients can access their resources. Since the process of evaluating authorization policies, in addition to checking the resource requirements, can be a potential bottleneck for a large scale grid, we also analyze the problem of the efficient evaluation of FGAC policies. In this context, we present GroupByRule, a novel method for policy organization and compare its performance with other strategies.