Journal of Grid Computing

, Volume 11, Issue 1, pp 83–102 | Cite as

Nephele: Scalable Access Control for Federated File Services

  • Giorgos Margaritis
  • Andromachi Hatzieleftheriou
  • Stergios V. Anastasiadis


The integration of storage resources across different administrative domains can serve as building block for the development of efficient collaboration environments. In order to improve application portability across such environments, we target data sharing facilities that securely span multiple domains at the filesystem rather than the application level. We introduce the hypergroup as an heterogeneous two-layer construct, where the upper layer consists of administrative domains and the lower layer of users from each participating domain. We use public keys to uniquely identify users and domains, but rely on credentials to securely bind users and domains with hypergroups. Each domain is responsible for authenticating its local users across the federation, and employs access control lists to specify the rights of individual users and hypergroups over local storage resources. In comparison to existing systems, we show both analytically and experimentally reduced transfer cost of remote authorizations and improved scalability properties.


Security Access control Decentralization File services Distributed systems Analytical evaluation Performance measurements 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alam, M., Zhang, X., Khan, K.H., Ali, G.: xDAuth: a scalable and lightweight framework for cross domain access control and delegation. In: ACM Symposium on Access Control Models and Technologies. Innsbruck, Austria (2011)Google Scholar
  2. 2.
    Alfieri, R., Cecchini, R., Ciaschini, V., dell’ Agnello, L., Frohner, A., Lorentey, K., Spataro, F.: From Gridmap-file to VOMS: managing authorization in a Grid environment. Future Gener. Comput. Syst. (Elsevier) 21, 549–558 (2005)CrossRefGoogle Scholar
  3. 3.
    Ashley, P.: Authorization for a large heterogeneous multi-domain system. In: Australian Unix and Open Systems Group National Conference, pp. 159–169. Brisbane, Australia (1997)Google Scholar
  4. 4.
    Avetisyan, A.I., Campbell, R., Gupta, I., Heath, M.T., Ko, S.Y., Ganger, G.R., Kozuch, M.A., O’Hallaron, D., Kunze, M., Kwan, T.T., Lai, K., Lyons, M., Milojicic, D.S., Lee, H.Y., Soh, Y.C., Ming, N.K., Luke, J.Y., Namgoong, H.: Open cirrus: a global cloud computing testbed. Computer 43, 35–43 (2010)CrossRefGoogle Scholar
  5. 5.
    Bacon, J., Moody, K., Yao, W.: A model of oasis role-based access control and its support for active security. ACM Trans. Inf. Syst. Secur. 5(4), 492–540 (2002)CrossRefGoogle Scholar
  6. 6.
    Becker, M.Y., Fournet, C., Gordon, A.D.: Design and semantics of a decentralized authorization language. J. Comput. Secur. (IOS Press) 18(4), 619–665 (2010)Google Scholar
  7. 7.
    Belani, E., Vahdat, A., Anderson, T., Dahlin, M.: The CRISIS wide area security architecture. In: USENIX Security Symposium, pp. 15–30. San Antonio, TX (1998)Google Scholar
  8. 8.
    Birkenheuer, G., Brinkmann, A., Högqvist, M., Papaspyrou, A., Schott, B., Sommerfeld, D., Ziegler, W.: Infrastructure federation through virtualized delegation of resources and services. J. Grid Computing (Springer) 9(3), 355–377 (2011)CrossRefGoogle Scholar
  9. 9.
    Birrell, A.D., Lampson, B.W., Needham, R.M., Schroeder, M.D.: A global authentication service without global trust. In: IEEE Symposium on Security and Privacy, pp. 223–230. Oakland, CA (1986)Google Scholar
  10. 10.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: IEEE Symposium on Security and Privacy, pp. 164–173. Oakland, CA (1996)Google Scholar
  11. 11.
    Cannon, S., Chan, S., Olson, D., Tull, C., Welch, V., Pearlman, L.: Using CAS to manage role-based VO sub-groups. In: Intl Conference on Computing in High Energy and Nuclear Physics. La Jolla, CA (2003)Google Scholar
  12. 12.
    Cantor, S.: Shibboleth architecture: protocols and profiles. Internet2/MACE (2005). Accessed 10 Sept 2005
  13. 13.
    Chadwick, D.W., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. In: ACM Symposium on Access control Models and Technologies, pp. 135–140. Monterey, CA (2002)Google Scholar
  14. 14.
    Clarke, D., Elien, J.E., Ellison, C., Fredette, M., Morcos, A., Rivest, R.L.: Certificate chain discovery in SPKI/SDSI. J. Comput. Secur. (IOS Press) 9, 285–322 (2001)Google Scholar
  15. 15.
    Crampton, J., Loizou, G.: Administrative scope: a foundation for role-based administrative models. ACM Trans. Inf. Syst. Secur. 6(2), 201–231 (2003)CrossRefGoogle Scholar
  16. 16.
    Dekker, M., Crampton, J., Etalle, S.: RBAC administration in distributed systems. In: ACM Symposium on Access Control Models and Technologies, pp. 93–101. Estes Park, CO (2008)Google Scholar
  17. 17.
    Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational Grids. In: ACM Conference on Computer and Communication Security, pp. 83–92. San Francisco, CA (1998)Google Scholar
  18. 18.
    Freudenthal, E., Pesin, T., Port, L., Keenan, E., Karamcheti, V.: dRBAC: distributed role-based access control for dynamic coalition environments. In: IEEE Intl Conference on Distributed Computing Systems, pp. 411–420. Vienna, Austria (2002)Google Scholar
  19. 19.
    Galvin, J.M.: Public key distribution with secure DNS. In: USENIX Security Symposium, pp. 16–25. San Jose, CA (1996)Google Scholar
  20. 20.
    The Globus Alliance: GT 4.0.7 CAS Developer’s Guide (2008)Google Scholar
  21. 21.
    The Globus Alliance: GT 4.0.7 GridFTP Developer’s Guide (2008)Google Scholar
  22. 22.
    Goghlan, B., Walsh, J., Childs, S., Quigley, G., O’Callaghan, D., Pierantoni, G., Ryan, J., Simon, N., Rochford, K.: The back-end of a two-layer model for a federated national datastore for academic research VOs that integrates EGEE data management. J. Grid Computing 8(2), 341–364 (2010)CrossRefGoogle Scholar
  23. 23.
    Hayton, R.J., Bacon, J.M., Moody, K.: Access control in an open distributed environment. In: IEEE Symposium on Privacy and Security, pp. 3–14. Oakland, CA (1998)Google Scholar
  24. 24.
    Hemmes, J., Thain, D.: Cacheable decentralized groups for Grid resource access control. In: IEEE/ACM Intl Conference on Grid Computing, pp. 192–199. Las Vegas, NV (2006)Google Scholar
  25. 25.
    Ioannidis, S., Bellovin, S.M., Ioannidis, J., Keromytis, A.D., Smith, J.M.: Design and implementation of virtual private services. In: IEEE Intl Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 269–274. Linz, Austria (2003)Google Scholar
  26. 26.
    Jaeger, T.: Operating System Security. Synthesis Lectures on Information Security, Privacy and Trust. Morgan & Claypool (2008)Google Scholar
  27. 27.
    Jie, W., Arshad, J., Townend, P., Lei, Z.: A review of Grid authentication and authorization technologies and support for federated access control. ACM Comput. Surv. 43(2), 12:1–12:26 (2011)CrossRefGoogle Scholar
  28. 28.
    Jøsan, A., Zomai, M.A., Suriadi, S.: Usability and privacy in identity management architectures. In: Australasian Information Security Workshop: Privacy Enhancing Technologies, pp. 143–152. Ballarat, Australia (2007)Google Scholar
  29. 29.
    Kaijser, P., Parker, T., Pinkas, D.: Sesame: The solution to security for open distributed systems. Comput. Commun. 17(7), 501–518 (1994)CrossRefGoogle Scholar
  30. 30.
    Kaminsky, M., Savvides, G., Mazières, D., Kaashoek, M.F.: Decentralized user authenication in a global file system. In: ACM Symposium on Operating Systems Principles, pp. 60–73. Bolton Landing (2003)Google Scholar
  31. 31.
    Keromytis, A.D., Smith, J.M.: Requirements for scalabale access control and security management architectures. ACM T. Internet Techn. 7(2), 1–22 (2007)Google Scholar
  32. 32.
    Kurmus, A., Gupta, M., Pletka, R., Cachin, C., Haas, R.: A comparison of secure multi-tenancy architectures for filesystem storage clouds. In: ACM/IFIP/USENIX International Middleware Conference. Lisboa, Portugal (2011)Google Scholar
  33. 33.
    Lcmaps. Accessed 6 Apr 2012
  34. 34.
    Leung, A.W., Miller, E.L., Jones, S.: Scalable security for petascale parallel file systems. In: ACM/IEEE Conference on Supercomputing (SC), pp. 1–12. Reno, NV (2007)Google Scholar
  35. 35.
    Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: IEEE Symposium on Security and Privacy, pp. 114–130. Berkeley, CA (2002)Google Scholar
  36. 36.
    Li, Q., Zhang, X., Xu, M., Wu, J.: Towards secure dynamic collaborations with group-based RBAC model. Comput. Secur. (Springer) 28, 260–275 (2009)CrossRefGoogle Scholar
  37. 37.
    Mazières, D., Kaminsky, M., Kaashoek, M.F., Witchel, E.: Separating key management from file system security. In: ACM Symposium on Operating Systems Principles, pp. 124–139. Kiawah Island, SC (1999)Google Scholar
  38. 38.
    ITU-T X.509 Recommendation: Information technology—open systems interconnection—the directory: Public-key and attribute certificate frameworks. International Telecommunication Union, Geneva, Switzerland (2005)Google Scholar
  39. 39.
    ITU-T X.903 Recommendation: Information processing—open distributed processing—reference model: Architecture. International Telecommunication Union, Geneva, Switzerland (1996)Google Scholar
  40. 40.
    Miltchev, S., Prevelakis, V., Ioannidis, S., Ioannidis, J., Keromytis, A.D., Smith, J.M.: Secure and flexible global file sharing. In: USENIX Annual Technical Conference, Freenix Track, pp. 168–178. San Antonio, TX (2003)Google Scholar
  41. 41.
    Miltchev, S., Smith, J.M., Prevelakis, V., Keromytis, A., Ioannidis, S.: Decentralized access control in distributed file sysems. ACM Comput. Surv. 40(3), 10:1–10:30 (2008)CrossRefGoogle Scholar
  42. 42.
    Murri, R., Kunszt, P.Z., Maffioletti, S., Tschopp, V.: GridCertLib: a single sign-on solution for Grid web applications and portals. J. Grid Computing (Springer) 9(4), 441–453 (2011)CrossRefGoogle Scholar
  43. 43.
    Neuman, B.C.: Proxy-based authorization and accounting for distributed systems. In: IEEE Intl Conf on Distributed Computing Systems, pp. 283–291. Pittsburgh, PA (1993)Google Scholar
  44. 44.
    Neuman, B.C., Ts’o, T.: Kerberos: an authentication service for computer networks. IEEE Commun. Mag. 32(9), 33–38 (1994)CrossRefGoogle Scholar
  45. 45.
    Oh, S., Sandhu, R., Zhang, X.: An effective role administration model using organization structure. ACM Trans. Inf. Syst. Secur. 9(2), 113–137 (2006)CrossRefGoogle Scholar
  46. 46.
    Osborn, S., Guo, Y.: Modeling users in role-based access control. In: ACM Workshop on Role-based Access Control, pp. 31–37. Berlin, Germany (2000)Google Scholar
  47. 47.
    Pawlowski, B., Noveck, D., Robinson, D., Thurlow, R.: The NFS version 4 protocol. In: SANE Intl System Administration and Networking Conference. Maastricht, Netherlands (2000)Google Scholar
  48. 48.
    Pearlman, L., Welch, V., Foster, I., Kesselman, C.: A community authorization service for group collaboration. In: Intl Workshop on Policies for Distributed Systems and Networks, pp. 50–59. Monterey, CA (2002)Google Scholar
  49. 49.
    Pereira, A.L., Muppavarapu, V., Chung, S.M.: Managing role-based access control policies for Grid databases in OGSA-DAI using CAS. J. Grid Computing (Springer) 5(1), 65–81 (2007)CrossRefGoogle Scholar
  50. 50.
    Popa, R.A., Lorch, J.R., Molnar, D., Wang, H.J., Zhuang, L.: Enabling security in cloud storage SLAs with CloudProof. In: USENIX Annual Technical Conference, pp. 355–368. Portland, OR (2011)Google Scholar
  51. 51.
    Ragouzis, N., Hughes, J., Philpott, R., Maler, E., Madsen, P., Scavo, T.: Security Assertion Markup Language (SAML) V2.0 Technical Overview. Organization for the Advancement of Structured Information Standards (OASIS) (2007)Google Scholar
  52. 52.
    Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975)CrossRefGoogle Scholar
  53. 53.
    Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur. 2(1), 105–135 (1999)CrossRefGoogle Scholar
  54. 54.
    Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: ACM Workshop on Role-based Access Control, pp. 47–63. Berlin, Germany (2000)Google Scholar
  55. 55.
    Sandhu, R.S., Coyne, E.J.: Role-based access control models. Computer (IEEE) 29(2), 38–47 (1996)CrossRefGoogle Scholar
  56. 56.
    Satyanarayanan, M.: Integrating security in a large distributed system. ACM Trans. Comput. Syst. 7(3), 247–280 (1989)CrossRefGoogle Scholar
  57. 57.
    Shands, D., Yee, R., Jacobs, J., Sebes, E.J.: Secure Virtual Enclaves: supporting coalition use of distributed application technologies. ACM Trans. Inf. Syst. Secur. 4, 103–133 (2000)CrossRefGoogle Scholar
  58. 58.
    Stribling, J., Sovran, Y., Zhang, I., Pretzer, X., Li, J., Kaashoek, M.F., Morris, R.: Flexible, wide-area storage for distributed systems with wheelfs. In: USENIX Symposium on Networked Systems Design and Implementation, pp. 43–58. Boston, MA (2009)Google Scholar
  59. 59.
    Taiani, F., Hiltunen, M., Schlichting, R.: The impact of web service integration on Grid performance. In: IEEE Intl Symp on High Performance Distributed Computing, pp. 14–23. Research Triangle Park, NC (2005)Google Scholar
  60. 60.
    Thompson, M.R., Essiari, A., Mudumbai, S.: Certificate-based authorization policy in a PKI environment. ACM Trans. Inf. Syst. Secur. 6(4), 566–588 (2003)CrossRefGoogle Scholar
  61. 61.
    Tolone, W., Ahn, G.J., Pai, T.: Access control in collaborative systems. ACM Comput. Surv. 37(1), 29–41 (2005)CrossRefGoogle Scholar
  62. 62.
    Trostle, J.T., Neuman, B.C.: A flexible distributed authorization protocol. In: Symposium on Network and Distributed System Security (Internet Society), pp. 43–52. Internet Society, San Diego (1996)CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media B.V. 2012

Authors and Affiliations

  • Giorgos Margaritis
    • 1
  • Andromachi Hatzieleftheriou
    • 1
  • Stergios V. Anastasiadis
    • 1
  1. 1.Department of Computer ScienceUniversity of IoanninaIoanninaGreece

Personalised recommendations