A security architecture for computational grids
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
UNICORE: uniform access to supercomputing as an element of electronic commerce
Future Generation Computer Systems - Special issue on metacomputing
The globus project: a status report
Future Generation Computer Systems - Special issue on metacomputing
Communicating sequential processes
Communications of the ACM
Fine-Grain Authorization for Resource Management in the Grid Environment
GRID '02 Proceedings of the Third International Workshop on Grid Computing
The PERMIS X.509 role based privilege management infrastructure
Future Generation Computer Systems - Special section: Selected papers from the TERENA networking conference 2002
Distributed credential chain discovery in trust management
Journal of Computer Security
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Certificate-based authorization policy in a PKI environment
ACM Transactions on Information and System Security (TISSEC)
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Comparison of Advanced Authorisation Infrastructures for Grid Computing
HPCS '05 Proceedings of the 19th International Symposium on High Performance Computing Systems and Applications
The Anatomy of the Grid: Enabling Scalable Virtual Organizations
International Journal of High Performance Computing Applications
Grid computing in Europe: from research to deployment
ACSW Frontiers '05 Proceedings of the 2005 Australasian workshop on Grid computing and e-research - Volume 44
Towards Continuous Usage Control on Grid Computational Services
ICAS-ICNS '05 Proceedings of the Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services
Formal model and policy specification of usage control
ACM Transactions on Information and System Security (TISSEC)
A usage-based authorization framework for collaborative computing systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Fine-grained and History-based Access Control with Trust Management for Autonomic Grid Services
ICAS '06 Proceedings of the International Conference on Autonomic and Autonomous Systems
From gridmap-file to VOMS: managing authorization in a Grid environment
Future Generation Computer Systems - Special issue: High-speed networks and services for data-intensive grids: The DataTAG project
Fine grained access control with trust and reputation management for globus
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Globus toolkit version 4: software for service-oriented systems
NPC'05 Proceedings of the 2005 IFIP international conference on Network and Parallel Computing
Editorial: Special section: Security, trust and privacy in Grid systems
Future Generation Computer Systems
Semantic-based authorization architecture for Grid
Future Generation Computer Systems
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Enforcing UCON policies on the enterprise service bus
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems: Part II
A secure broadcasting cryptosystem and its application to grid computing
Future Generation Computer Systems
Gate automata-driven run-time enforcement
Computers & Mathematics with Applications
A distributed authorization system with mobile usage control policies
EUROCAST'11 Proceedings of the 13th international conference on Computer Aided Systems Theory - Volume Part I
Data usage control enforcement in distributed systems
Proceedings of the third ACM conference on Data and application security and privacy
Hi-index | 0.00 |
This paper introduces a formal model, an architecture and a prototype implementation for usage control on GRID systems. The usage control model (UCON) is a new access control paradigm proposed by Park and Sandhu that encompasses and extends several existing models (e.g. MAC, DAC, Bell-Lapadula, RBAC, etc.). Its main novelty is based on continuity of the access monitoring and mutability of attributes of subjects and objects. We identified this model as a perfect candidate for managing access/usage control in GRID systems due to their peculiarities, where continuity of control is a central issue. Here we adapt the original UCON model to develop a full model for usage control in GRID systems. We use as policy specification language a process description language and show how this is suitable to model the usage policy models of the original UCON model. We also describe a possible architecture to implement the usage control model. Moreover, we describe a prototype implementation for usage control of GRID computational services, and we show how our language can be used to define a security policy that regulates the usage of network communications to protect the local computational service from the applications that are executed on behalf of remote GRID users.