IIT Home Page CNR Home Page

Fine Grained Access Control for Computational Services

Abstract: Grid environment concerns the sharing of a large set of resources among entities that belong to Virtual Organizations. To this aim, the environment instantiates interactions among entities that belong to distinct administrative domains, that are potentially unknown, and among which no trust relationships exist a priori. For instance, a grid user that provides a computational service, executes unknown applications on its local computational resources on behalf on unknown grid users. In this context, the environment must provide an adequate support to guarantee security in these interactions. To improve the security of the grid environment, this paper proposes to adopt a continuous usage control model to monitor accesses to grid computational services, i.e. to monitor the behaviour of the applications executed on these services on behalf of grid users. This approach requires the definition of a security policy that describes the admitted application behaviour, and the integration in the grid security infrastructure of a component that monitors the application behaviour and that enforces this security policy. This paper also presents the architecture of the prototype of computational service monitor we have developed, along with some performance figures and its integration into the Globus framework.


2006

Authors: Martinelli F., Mori P., Vaccarelli A.
IIT authors:

Type: Rapporti tecnici, manuali, carte geologiche e tematiche e prodotti multimediali
Field of reference: Information Technology and Communication Systems
Rapporti tecnici IIT - 2006-TR-06