ACM SIGAda Ada Letters
Authorization and Attribute Certificates for Widely Distributed Access Control
WETICE '98 Proceedings of the 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Certificate-based authorization policy in a PKI environment
ACM Transactions on Information and System Security (TISSEC)
Towards Supporting Fine-Grained Access Control for Grid Resources
FTDCS '04 Proceedings of the 10th IEEE International Workshop on Future Trends of Distributed Computing Systems
Performance Comparison of Security Mechanisms for Grid Services
GRID '04 Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing
A Multipolicy Authorization Framework for Grid Security
NCA '06 Proceedings of the Fifth IEEE International Symposium on Network Computing and Applications
Grid Computing Security
Grid Computing Security: A Taxonomy
IEEE Security and Privacy
Design of a Structured Fine-Grained Access Control Mechanism for Authorizing Grid Resources
CSEWORKSHOPS '08 Proceedings of the 2008 11th IEEE International Conference on Computational Science and Engineering - Workshops
Lazy XML Parsing/Serialization Based on Literal and DOM Hybrid Representation
ICWS '08 Proceedings of the 2008 IEEE International Conference on Web Services
Hybrid Parallelism for XML SAX Parsing
ICWS '08 Proceedings of the 2008 IEEE International Conference on Web Services
From gridmap-file to VOMS: managing authorization in a Grid environment
Future Generation Computer Systems - Special issue: High-speed networks and services for data-intensive grids: The DataTAG project
New Efficient Tree-Building Algorithms for Creating HCM Decision Tree in a Grid Authorization System
NETAPPS '10 Proceedings of the 2010 Second International Conference on Network Applications, Protocols and Services
ICDCIT'10 Proceedings of the 6th international conference on Distributed Computing and Internet Technology
Concurrent HCM for authorizing grid resources
ICDCIT'12 Proceedings of the 8th international conference on Distributed Computing and Internet Technology
Hi-index | 0.00 |
The heterogeneous and dynamic nature of a grid environment demands a scalable authorization system. This brings out the need for a fast fine-grained access control mechanism for authorizing grid resources. Existing grid authorization systems adopt inefficient mechanisms for storing resources' security policies. This leads to a large number of repetitions in checking security rules. One of the efficient mechanisms that handle these repetitions is the Hierarchical Clustering Mechanism (HCM). HCM reduces the redundancy in checking security rules compared to the Brute Force Approach (BFA) as well as the Primitive Clustering Mechanism (PCM). Further enhancement is done to HCM to increase the scalability of the authorization process. However, HCM is not totally free of repetitions and cannot easily describe the OR-based security policies. A novel Grid Authorization Graph (GAG) is proposed to overcome HCM limitations. GAG introduces special types of edges named ''Correspondence Edge''/''Discrepancy Edge'' which can be used to entirely eliminate the redundancy and handle the cases where a set of security rules are mutually exclusive. Comparative studies are made in a simulated environment using the Grid Authorization Simulator (GAS) developed by the authors. It simulates the authorization process of the existing mechanisms like BFA, PCM, HCM and the proposed novel GAG. It also enables a comparative analysis to be done between these approaches.