Abstract
Authorization infrastructures are an important and integral part of grid computing which facilitate access control functions to protect resources. This paper presents an authorization framework that combines the usage control (UCON) model with semantic web technology. To our knowledge, an authorization framework that combines both the UCON and semantic web technology in one framework has not yet been previously proposed. As the UCON model combines traditional access control, trust management and digital rights management in a grid authorization infrastructure, its adoption enhances the capability of the authorization. However, UCON-based authorization presents a problem in controlling the policy granularity and minimizing the authorization overhead due to complexity in the policies inherited from the UCON model. The growing number of users and resources in the grid makes this problem even worse. We use the semantic web technology to provide a way to automatically manage the rules in the policies, hence keeping the granularity under control. To minimize the authorization overhead, a new mechanism to reduce the number of policy checks is proposed in this paper. Our simulation result shows that the proposed mechanism provides a 63% reduction in rule checking compared to previous methods.
Highlights
Grid computing is concerned with geographically distributed computers composed of heterogeneous resources that are owned, shared and coordinated by multiple administrative domains to provide nontrivial quality of services (Foster & Kesselman, 2004)
From the results presented above in Figure 10, we can realize that the maximum number of checking authorization rules for the grid authorization graph (GAG) is equal to the number of authorization rules existing in the system
We have proposed a new solution for facilitating federated grid authorization
Summary
Grid computing is concerned with geographically distributed computers composed of heterogeneous resources that are owned, shared and coordinated by multiple administrative domains to provide nontrivial quality of services (Foster & Kesselman, 2004). The requirement for fine-grained authorization and high performance makes grid authorization a major challenge. The mutability of the users’ and resources’ attributes and the continuity of the access monitoring in the UCON model provide a fine-grained authorization for the grid. UCON-based grid authorization presents a problem in controlling the granularity of grid resources’ security policies. In order to provide dynamic and continuous monitoring, many parameters must be used to describe the users and resources in the grid authorization; a very high level of data granularity is required. The large number of users and resources in a grid makes it impossible for humans to control the granularity of grid security policies manually. A new grid authorization framework that stores the UCON-based grid security policies in the form of ontology is presented. To minimize the authorization overhead caused by the complex rule checking in the policies inherited from the UCON model, a new irrelevant rule elimination procedure based on the dependence rules model is used in the framework
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
