Integrating security in a large distributed system
ACM Transactions on Computer Systems (TOCS)
Role-Based Access Control Models
Computer
A security architecture for computational grids
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Modeling users in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Secure virtual enclaves: Supporting coalition use of distributed application technologies
ACM Transactions on Information and System Security (TISSEC)
ACM SIGAda Ada Letters
Certificate chain discovery in SPKI?SDSI
Journal of Computer Security
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
Administrative scope: A foundation for role-based administrative models
ACM Transactions on Information and System Security (TISSEC)
A flexible distributed authorization protocol
SNDSS '96 Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS '96)
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Design and Implementation of Virtual Private Services
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Decentralized user authentication in a global file system
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Certificate-based authorization policy in a PKI environment
ACM Transactions on Information and System Security (TISSEC)
Access control in collaborative systems
ACM Computing Surveys (CSUR)
An effective role administration model using organization structure
ACM Transactions on Information and System Security (TISSEC)
Requirements for scalable access control and security management architectures
ACM Transactions on Internet Technology (TOIT)
The CRISIS wide area security architecture
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Public Key distribution with secure DNS
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Usability and privacy in identity management architectures
ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
The impact of Web service integration on grid performance
HPDC '05 Proceedings of the High Performance Distributed Computing, 2005. HPDC-14. Proceedings. 14th IEEE International Symposium
Scalable security for petascale parallel file systems
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
RBAC administration in distributed systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Decentralized access control in distributed file systems
ACM Computing Surveys (CSUR)
Operating System Security
Cacheable Decentralized Groups for Grid Resource Access Control
GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
Flexible, wide-area storage for distributed systems with WheelFS
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
From gridmap-file to VOMS: managing authorization in a Grid environment
Future Generation Computer Systems - Special issue: High-speed networks and services for data-intensive grids: The DataTAG project
SecPAL: Design and semantics of a decentralized authorization language
Journal of Computer Security - Digital Identity Management (DIM 2007)
ACM Computing Surveys (CSUR)
Decentralized trust management
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
xDAuth: a scalable and lightweight framework for cross domain access control and delegation
Proceedings of the 16th ACM symposium on Access control models and technologies
Enabling security in cloud storage SLAs with CloudProof
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
Infrastructure Federation Through Virtualized Delegation of Resources and Services
Journal of Grid Computing
GridCertLib: A Single Sign-on Solution for Grid Web Applications and Portals
Journal of Grid Computing
A comparison of secure multi-tenancy architectures for filesystem storage clouds
Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware
III: Security applications: SESAME: The solution to security for open distributed systems
Computer Communications
Kerberos: an authentication service for computer networks
IEEE Communications Magazine
Hi-index | 0.00 |
The integration of storage resources across different administrative domains can serve as building block for the development of efficient collaboration environments. In order to improve application portability across such environments, we target data sharing facilities that securely span multiple domains at the filesystem rather than the application level. We introduce the hypergroup as an heterogeneous two-layer construct, where the upper layer consists of administrative domains and the lower layer of users from each participating domain. We use public keys to uniquely identify users and domains, but rely on credentials to securely bind users and domains with hypergroups. Each domain is responsible for authenticating its local users across the federation, and employs access control lists to specify the rights of individual users and hypergroups over local storage resources. In comparison to existing systems, we show both analytically and experimentally reduced transfer cost of remote authorizations and improved scalability properties.