Computational Issues in Secure Interoperation
IEEE Transactions on Software Engineering
Providing Security and Interoperation of HeterogeneousSystems
Distributed and Parallel Databases - Security of data and transaction processing
Certificate chain discovery in SPKI?SDSI
Journal of Computer Security
Distributed credential chain discovery in trust management
Journal of Computer Security
A Unified Scheme for Resource Protection in Automated Trust Negotiation
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Oblivious signature-based envelope
Proceedings of the twenty-second annual symposium on Principles of distributed computing
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Automated trust establishment in open systems
Automated trust establishment in open systems
Security Policy Reconciliation in Distributed Computing Environments
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Secure Interoperation in a Multidomain Environment Employing RBAC Policies
IEEE Transactions on Knowledge and Data Engineering
Secure collaboration in mediator-free environments
Proceedings of the 12th ACM conference on Computer and communications security
Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy
Proceedings of the eleventh ACM symposium on Access control models and technologies
Attribute-Based Access Control with Hidden Policies and Hidden Credentials
IEEE Transactions on Computers
Proceedings of the 3rd ACM workshop on Secure web services
CROWN-ST: A Security and Trustworthiness Architecture for CROWN
E-SCIENCE '06 Proceedings of the Second IEEE International Conference on e-Science and Grid Computing
Information Sciences: an International Journal
Protocols for secure computations
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
GOLD infrastructure for virtual organizations
Concurrency and Computation: Practice & Experience - UK e-Science All Hands Meeting 2006
On Formalizing and Normalizing Role-Based Access Control Systems
The Computer Journal
Leveraging PKI in SAML 2.0 Federation for Enhanced Discovery Service
SAINT '09 Proceedings of the 2009 Ninth Annual International Symposium on Applications and the Internet
Protecting privacy during on-line trust negotiation
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Using SAML-based VOMS for authorization within web services-based UNICORE grids
Euro-Par'07 Proceedings of the 2007 conference on Parallel processing
Towards a grid platform enabling dynamic virtual organisations for business applications
iTrust'05 Proceedings of the Third international conference on Trust Management
A new design of wearable token system for mobile device security
IEEE Transactions on Consumer Electronics
Federated ID: The challenge of federated identity management
Network Security
Collaborative virtual geographic environments: A case study of air pollution simulation
Information Sciences: an International Journal
Flexible secure inter-domain interoperability through attribute conversion
Information Sciences: an International Journal
CyberGuarder: A virtualization security assurance architecture for green cloud computing
Future Generation Computer Systems
Future Generation Computer Systems
Extensible access control markup language integrated with Semantic Web technologies
Information Sciences: an International Journal
Behavior modeling and automated verification of Web services
Information Sciences: an International Journal
Hi-index | 0.07 |
Nowadays, various promising paradigms of distributed computing over the Internet, such as Grids, P2P and Clouds, have emerged for resource sharing and collaboration. To enable resources sharing and collaboration across different domains in an open computing environment, virtual organizations (VOs) often need to be established dynamically. However, the dynamic and autonomous characteristics of participating domains pose great challenges to the security of virtual organizations. In this paper, we propose a secure collaboration service, called PEACE-VO, for dynamic virtual organizations management. The federation approach based on role mapping has extensively been used to build virtual organizations over multiple domains. However, there is a serious issue of potential policy conflicts with this approach, which brings a security threat to the participating domains. To address this issue, we first depict concepts of implicit conflicts and explicit conflicts that may exist in virtual organization collaboration policies. Then, we propose a fully distributed algorithm to detect potential policy conflicts. With this algorithm participating domains do not have to disclose their full local privacy policies, and is able to withhold malicious internal attacks. Finally, we present the system architecture of PEACE-VO and design two protocols for VO management and authorization. PEACE-VO services and protocols have successfully been implemented in the CROWN test bed. Comprehensive experimental study demonstrates that our approach is scalable and efficient.