Fine-grained access control for GridFTP using SecPAL

Proceedings - IEEE/ACM International Workshop on Grid Computing

Volumn , Issue , 2007, Pages 217-225

  Humphrey, Marty ^a   Park, Sang Min ^a   Feng, Jun ^a   Beekwilder, Norm ^a   Wasson, Glenn ^a   Hogg, Jason ^b   Lamacchia, Brian ^b   Dillaway, Blair ^b  

^a University of Virginia   (United States)

^b MICROSOFT   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CONTROL SYSTEMS; GRID COMPUTING; LINGUISTICS; PUBLIC POLICY; QUERY LANGUAGES; SECURITY OF DATA; SECURITY SYSTEMS;

ACCESS CONTROL POLICIES; ASSERTION LANGUAGES; AUTHORIZATION SYSTEMS; DATA ACCESSING; GRID ACCESS; GRID DATA; INTERNATIONAL CONFERENCES; SECURITY EXPERTS; SECURITY POLICIES; WIDE-RANGE;

ACCESS CONTROL;

EID: 47249126757     PISSN: 15505510     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/GRID.2007.4354136     Document Type: Conference Paper

References (25)

1. I. Foster, C. Kesselman, G. Tsudik, S. Tuecke. A Security Architecture for Computational Grids. Proc. 5th ACM Conference on Computer and Communications Security Conference, pp. 83-92, 1998.
2. R. Butler, D. Engert, I. Foster, C. Kesselman, S. Tuecke, J. Volmer, V. Welch. A National-Scale Authentication Infrastructure. IEEE Computer, 33(12):60-66, 2000.
3. Oasis Access Control TC, "XACML 2.0 Specification". 2005. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
4. Markus Lorch, Seth Proctor, Rebekah Lepro, Dennis Kafur and Sumit Shah, "First experiences using XACML for access control in distributed systems", In Proceedings of the 2003 ACM workshop on XML security , 2003.
5. Hommel, W., Using XACML for Privacy Control in SAML-based Identity Federations. In 9th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2005), Springer, September, 2005.
6. Peter Lamb, Robert Power, Gavin Walker, Michael Compton. Role-based access control for data service integration. Proceedings of the 3rd ACM workshop on Secure web services. Alexandria, VA, Nov 2006.
7. M.C. Tschantz, S. Krishnamurthi. Towards reasonability properties for access-control policy languages. 2006 Access Control Models and Technologies Symp. Lake Tahoe, CA.
8. W. Allcock, J. Bester, J. Bresnahan, A. Chervenak, L. Liming, and S. Tuecke, "GridFTP: Protocol extensions to ftp for the Grid," 2001. [Online]. Available: http://www-fp.mcs.anl.gov/dsl/GridFTP-Protocol-RFC-Draft. pdf
9. J. Feng, L. Cui, G. Wasson, and M. Humphrey. Toward Seamless Grid Data Access: Design and Implementation of GridFTP on .NET. 2005 Grid Workshop (Associated with Supercomputing 2005). Nov 2005. Seattle, WA.
10. B. Lampson, M. Abadi, M. Burrows, and E.Wobber. Authentication in distributed systems: theory and practice. ACM Trans. on Computer Systems, 10(4):265-310, 1992.
11. Moritz Y. Becker, Cedric Fournet, Andrew D. Gordon, SecPAL: Design and Semantics of a Decentralized Authorization Language Technical Report In Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF), 2007.
12. Blair Dillaway, A Unified Approach to Trust, Delegation, and Authorization in Large-Scale Grids, Technical Paper, Microsoft Corporation, September 2006.
13. V. Welch, I. Foster, T. Scavo, F. Siebenlist, and C. Catlett. Scaling TeraGrid access: A roadmap for attribute-based authorization for a large cyberinfrastructure (draft August 24). 2006. http://gridshib.globus.org/docs/tg- paper/TG-Attribute-Authz-Roadmap-draft-aug24.pdf
14. Foster, I., Kesselman, C., Pearlman, L., Tuecke, S., and Welch, V. The Community Authorization Service: Status and Future. In Proceedings of Computing in High Energy Physics 03 (CHEP '03), 2003.
15. Alfieri, R., et al. VOMS, an Authorization System for Virtual Organizations. First European Across Grid Conferences. Santiago de Compostela, Spain, Feb. 2003.
16. Lorch, M., Kafura, D., Fisk, I., Keahey, K., Carcassi, G., Freeman, T. Authorization and Account Management in the Open Science Grid. Proceedings of the Sixth International Workshop on Grid Computing (GRID'05)
17. Thompson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A. Certificate-based Access Control for Widely Distributed Resources. Proceedings of the Eighth USENIX Security Symposium (Security '99), Washington, D.C., August 23-26, 1999, pp 215-227.
18. Chadwick, D., and Otenko, O. The PERMIS X.509 role based privilege management infrastructure. Future Generation Computer Systems, 19(2):277-289, Feb 2003.
19. M. Humphrey and G. Wasson. The University of Virginia Campus Grid: Integrating Grid Technologies with the Campus Information Infrastructure. 2005 European Grid Conference (ECG 2005), Amsterdam, Feb 14-16, 2005.
20. V. Welch, R. Ananthakrishnan, F. Siebenlist, D. Chadwick, S. Meder, L. Pearlman. "Use of SAML for OGSI Authorization". Open Grid Forum Proposed Standard. GFD-E.066. March 26 2006. http://www.ogf.org/documents/GFD. 66.pdf
21. ITU-T Rec X.812 (1995) ISO/IEC 10181-3:1996, Security Frameworks for open systems: Access control framework.
22. B. Allcock, J. Bresnahan, R. Kettimuthu, M. Link, C. Dumitrescu, I. Raicu, and I. Foster, "The Globus striped GridFTP framework and server," 2005.
23. Marlena Erdos and Scott Cantor, "Shibboleth Architecture v5", Intemet2/MACE, May 2002
24. V. Welch, T. Barton, K. Keahey, and F. Siebenlist, "Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration," 4th Public Key Infrastructure R&D Workshop, 2005
25. Blair Dillaway, Jason Hogg, Security Policy Assertion Language (SecPAL) Specification, Version 1.0, 15 February 2007, http://research.microsoft.com/ projects/secpal/downloadSecP ALSpecification.aspx