Dynamic, context-aware, least-privilege grid delegation

Proceedings - IEEE/ACM International Workshop on Grid Computing

Volumn , Issue , 2007, Pages 209-216

  Ahsant, Mehran ^a   Basney, Jim ^b   Johnsson, Lennart ^a  

^a Parallelldatorcentrum   (Sweden)

^b UNIVERSITY OF ILLINOIS AT URBANA CHAMPAIGN   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

DECISION MAKING; MECHANISMS; PROBLEM SOLVING;

ADMINISTRATIVE DOMAINS; CONTEXT-AWARE; DELEGATION MECHANISMS; DISTRIBUTED ENVIRONMENTS; DYNAMIC ENVIRONMENTS; GLOBUS TOOLKIT (GT); GRID DELEGATION; GRID SECURITY; INTERNATIONAL CONFERENCES; JUST IN TIME (JIT); LARGE SCALES; LEAST PRIVILEGE; ON-DEMAND; ORGANIZATIONAL TASKS; SHARED RESOURCES;

GRID COMPUTING;

EID: 47249133315     PISSN: 15505510     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/GRID.2007.4354135     Document Type: Conference Paper

References (27)

1. M. Ahsant, J. Basney, O. Mulmo, A. J. Lee, and L. Johnsson, 'Toward an on-demand restricted delegation mechanism for grids." in Proceedings of the 7th IEEE/ACM International Conference on Grid Computing. IEEE Press, Sep. 2006, pp. 152-159.
2. M. Ahsant, J. Basney, and O. Mulmo, "Grid delegation protocol." in Proceedings of the Workshop on Grid Security Practice and Experience, vol. YCS-2004-380. Oxford, UK, July 2004, pp. 81-91.
3. N. Nagaratnam, P. Janson, J. Dayka, A. Nadalin, F. Siebenlist, V. Welch, I. Foster, , and S. Tuecke, "The security architecture for open grid services, open grid services security architecture." http://forge. gridforum.org/projects/ogsa-wg, 2006.
4. D. W. Chadwick, "Delegation issuing service for x.509," in Proceedings of the 4th Annual PKI R&D Workshop. USA: NIST Technical Publication, IR 7224, April 2005, pp. 66-77.
5. R. K. Thomas and R. S. Sandhu, "Towards a task-based paradigm for flexible and adaptable access control in distributed applications," in NSPW '92-93: Proceedings on the 1992-1993 workshop on New security paradigms. New York, NY, USA: ACM Press, 1993, pp. 138-142.
6. D. Bell and L. L. Padula, "Secure computer systems: Unified exposition and multics interpretation," MITRE Corporation, Bedford, MA, Tech. Rep., March 1976.
7. H. M. Gladney, "Access control for large collections," ACM Trans. Inf. Syst., vol. 15, no. 2, pp. 154-194, 1997.
8. M. A. Harrison, W. L. Ruzzo, and J. D. Ullman, "Protection in operating systems," Commun. ACM, vol. 19, no. 8, pp. 461-471, 1976.
9. L. Kagal, "Rei : A Policy Language for the Me-Centric Project," HP Labs, Tech. Rep., September 2002, http://www.hpl.hp.com/techreports/2002/ HPL-2002-270.html.
10. L. Kagal, T. Finin, and A. Joshi, "A Policy Language for A Pervasive Computing Environment," in IEEE 4th International Workshop on Policies for Distributed Systems and Networks, June 2003.
11. L. Kagal, "A Policy-Based Approach to Governing Autonomous Behavior in Distributed Environments," Ph.D. dissertation, University of Maryland Baltimore County, Baltimore MD 21250, September 2004.
12. WS-Trust, "Web service trust language." IBM, Microsoft, RSA andVeriSign, May 2004. [Online], Available: http://www-106.ibm.com/ developerworks/webservices/library/specification/ws-trust/
13. S. Tuecke, V. Welch, D. Engen, L. Pearlman, and M. Thompson, "Internet x.509 public key infrastructure (pki) proxy certificate profile." RFC 3820 (Proposed Standard), jun 2004. [Online], Available: http://www.ietf.org/rfc/rfc3820.txt
14. D. F.Snelling, S. van den Berghe, and V. Qian, "Explicit trust delegation: Security for dynamic grids." FUJITSU Sci.Tech.Journal, vol. 40, pp. 282-294, 2004.
15. V. Welch, I. Foster, K. C. M. O., P. L., T. S., G. J., and M. S. S. F., "X.509 proxy certificate for dynamic delegation." in Proceedings of the 3rd Annual PKI Workshop, Gaithersburg MD, USA, April 2004, pp. 20-25.
16. L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke, "A community authorization service for group collaboration," in POLICY '02: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02). Washington, DC, USA: IEEE Computer Society, 2002, p. 50.
17. R. Alfieri, R. Cecchini, V. Ciaschini, L. dell'Agnello, A. Frohner, A. Gianoli, K. Lorentey, and F. Spataro, "Voms, an authorization system for virtual organizations." in European Across Grids Conference, 2003, pp. 33-40.
18. M. R. Thompson, A. Essiari, and S. Mudumbai, "Certificate-based authorization policy in a pki environment," ACM Trans. Inf. Syst. Secur., vol. 6, no. 4, pp. 566-588, 2003.
19. D. W. Chadwick, A. Otenko, and E. Ball, "Role-based access control with x.509 attribute certificates," IEEE Internet Computing, vol. 7, no. 2, pp. 62-69, 2003.
20. M. Lorch, D. B. Adams, D. Kafura, M. S. R. Koneni, A. Rathi, and S. Shah, "The prima system for privilege management, authorization and enforcement in grid environments," in GRID '03: Proceedings of the Fourth International Workshop on Grid Computing. Washington, DC, USA: IEEE Computer Society, 2003, p. 109.
21. O. TC, "extensible access control markup language (xacml) version 2.0," February 2005. [Online]. Available: http://docs.oasis-open.org/xacml/ 2.0/
22. R. Sandhu, "Rationale for the rbac96 family of access control models," in RBAC '95: Proceedings of the first ACM Workshop on Role-based access control. New York, NY, USA: ACM Press, 1996, p. 9.
23. R. K. Thomas, "Team-based access control (tmac): a primitive for applying role-based access controls in collaborative environments," in RBAC '97: Proceedings of the second ACM workshop on Role-based access control. New York, NY, USA: ACM Press, 1997, pp. 13-19.
24. C. K. Georgiadis, I. Mavridis, G. Pangalos, and R. K. Thomas, "Flexible team-based access control using contexts." in SACMAT, 2001, pp. 21-27.
25. R. K. Thomas and R. S. Sandhu, "Task-based authorization controls (tbac): A family of models for active and enterprise-oriented autorization management," in Proceedings of the IFIP TCII WGI 1.3 Eleventh International Conference on Database Securty XI. London, UK, UK: Chapman & Hall, Ltd., 1998, pp. 166-181.
26. W. Yao, K. Moody, and J. Bacon, "A model of oasis role-based access control and its support for active security," in SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies. New York, NY, USA: ACM Press, 2001, pp. 171-181.
27. T. Yu, M. Winslett, and K.E.Seamons, "Automated trust negotiation over the internet." in The 6th World Multiconference on Systemics. Cybernetics and Informatics, Orlando, FL, July 2002.