Managing role-based access control policies for grid databases in OGSA-DAI using CAS

被引：11

作者：

Pereira A.L. ^{[1
]}

Muppavarapu V. ^{[1
]}

Chung S.M. ^{[1
]}

机构：

[1] Department of Computer Science and Engineering, Wright State University, Dayton

来源：

Journal of Grid Computing | 2007年 / 5卷 / 01期

关键词：

Community Authorization Service (CAS); Grid databases; Open Grid Services Architecture - Data Access and Integration (OGSA-DAI); Role-based access control (RBAC); Virtual organization (VO);

D O I：

10.1007/s10723-006-9054-4

中图分类号：

学科分类号：

摘要：

In this paper, we present a role-based access control method for accessing databases through the Open Grid Services Architecture - Data Access and Integration (OGSA-DAI) framework. OGSA-DAI is an efficient Grid-enabled middleware implementation of interfaces and services to access and control data sources and sinks. However, in OGSA-DAI, access control causes substantial administration overhead for resource providers in virtual organizations (VOs) because each of them has to manage a role-map file containing authorization information for individual Grid users. To solve this problem, we used the Community Authorization Service (CAS) provided by the Globus Toolkit to support the role-based access control (RBAC) within OGSA-DAI. CAS uses the Security Assertion Markup Language (SAML). Our method shows that CAS can support a wide range of security policies using role-privileges, role hierarchies, and constraints. The resource providers need to maintain only the mapping information from VO roles to local database roles and the local policies in the role-map files, so that the number of entries in the role-map file is reduced dramatically. Also, unnecessary authentication, mapping and connections can be avoided by denying invalid requests at the VO level. Thus, our access control method provides increased manageability for a large number of users and reduces day-to-day administration tasks of the resource providers, while they maintain the ultimate authority over their resources. Performance analysis shows that our method adds very little overhead to the existing security infrastructure of OGSA-DAI. © Springer Science + Business Media B.V. 2006.

引用

页码：65 / 81

页数：16

共 24 条

[1]

Foster I., Kesselman C., Tuecke S., The anatomy of the Grid: Enabling scalable virtual organizations, Int. J. Supercomput. Appl. High Perform. Comput., 15, 3, pp. 200-222, (2001)

[2]

Foster I., Kesselman C., Nick J.M., Tuecke S., Grid services for distributed system integration, IEEE Computer, 35, 6, pp. 37-46, (2002)

[3]

Camarinha-Matos L.M., Afsarmanesh H., A roadmap for strategic research on virtual organizations, Proceedings of the 4th IFIP Working Conference on Virtual Enterprises, pp. 33-46, (2003)

[4]

Arenas A.E., Djordjevic I., Dimitrakos T., Titkov L., Et al., Toward web services profiles for trust and security in virtual organizations, Proceedings of the 6th IFIP Working Conference on Virtual Enterprises, pp. 26-28, (2005)

[5]

Wasson G., Humphrey M., Policy and enforcement in virtual organizations, Proceedings of the 4th International Workshop on Grid Computing, pp. 125-132, (2003)

[6]

Wasson G., Humphrey M., Towards explicit policy management for virtual organizations, Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 173-182, (2003)

[7]

Malaika S., Eisenberg A., Melton J., Standards for databases on the Grid, ACM SIGMOD Record, 32, 3, pp. 92-100, (2003)

[8]

Ferraiolo D., Kuhn R., Role-based access control, Proceedings of the 15th National Computer Security Conference, (1992)

[9]

Sandhu R.S., Coyne E.J., Feinstein H.L., Youman C.E., Role-based access control models, IEEE Computer, 29, 2, pp. 38-47, (1996)

[10]

Ramaswamy C., Sandhu R.S., Role-based access control features in commercial database management systems, Proceedings of the 21st National Information Systems Security Conference, (1998)

← 1 2 3 →