IIT Home Page CNR Home Page

On Usage Control for GRID Systems

This paper introduces a formal model, an architecture and a prototype implementation for usage control on GRID systems. The usage control model (UCON) is a new access control paradigm proposed by Park and Sandhu that encompasses and extends several existing models (e.g. MAC, DAC, Bell-Lapadula, RBAC, etc). Its main novelty is based on continuity of the access monitoring and mutability of attributes of subjects and objects. We identified this model as a perfect candidate for managing access/usage control in GRID systems due to their peculiarities, where continuity of control is a central issue. Here we adapt the original UCON model to develop a full model for usage control in GRID systems. We use as policy specification language a process description language and show how this is suitable to model the usage policy models of the original UCON model. We also describe a possible architecture to implement the usage control model. Moreover, we describe a prototype implementation for usage control of GRID computational services, and we show how our language can be used to define a security policy that regulates the usage of network communications to protect the local computational service from the applications that are executed on behalf of remote GRID users.


2008

Authors: F. Martinelli, P. Mori
IIT authors:

Type: Rapporti tecnici, manuali, carte geologiche e tematiche e prodotti multimediali
Field of reference: Information Technology and Communication Systems
Rapporti tecnici IIT 2008-TR-001
Activity: Architetture, protocolli e meccanismi di sicurezza per sistemi e servizi distribuiti