Abstract
Dynamic inter-domain collaborations and resource sharing comprise two key characteristics of mobile Grid systems. However, inter-domain collaborations have proven to be vulnerable to conflicts that can lead to privilege escalation. These conflicts are detectable in inter-operation policies, and occur due to cross-domain role relationships. In addition, resource sharing requires to be enhanced with resource usage management in virtual organizations where mobile nodes act as resource providers. In this case the enforcement of resource usage policies and quality of service policies are required to be supported due to the limited capabilities of the devices. Yet, the ANSI INCITS 359-2004 standard RBAC model provides neither any policy conflict resolution mechanism among domains, nor any resource usage management functionality. In this paper, we propose the domRBAC model for access control in mobile Grid systems at a low administrative overhead. The domRBAC is defined as an extension of the standardized RBAC by incorporating additional functionality to cope with requirements posed by the aforementioned systems. As a result, domRBAC facilitates collaborations among domains under secure inter-operation, and provides support for resource usage management in the context of multi-domain computing environments, where mobile nodes operate as first-class entities.
Chapter PDF
Similar content being viewed by others
Keywords
References
Alfieri, R., Cecchini, R.L., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., Lõrentey, K., Spataro, F.: VOMS, an authorization system for virtual organizations. In: Fernández Rivera, F., Bubak, M., Gómez Tato, A., Doallo, R. (eds.) Across Grids 2003. LNCS, vol. 2970, pp. 33–40. Springer, Heidelberg (2004)
American National Standard Institute, I.: Ansi incits 359-2004, role based access control (2004)
Benantar, M.: Access Control Systems: Security, Identity Management and Trust Models. Springer-Verlag New York, Inc., New York (2005)
Chadwick, D.: Authorisation in grid computing. Information Security Technical Report 10(1), 33–40 (2005)
Chadwick, D., Otenko, A., Ball, E.: Role-based access control with x. 509 attribute certificates. IEEE Internet Computing 7(2), 62–69 (2003)
Chen, L., Crampton, J.: Inter-domain role mapping and least privilege. In: SACMAT 2007: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 157–162. ACM, New York (2007)
Chu, D.C., Humphrey, M.: Mobile ogsi.net: Grid computing on mobile devices. In: IEEE/ACM International Workshop on Grid Computing, pp. 182–191 (2004)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House, Inc., Norwood (2003)
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications 15(3), 200 (2001)
Gong, L., Qian, X.: Computational issues in secure interoperation. IEEE Trans. Softw. Eng. 22(1), 43–52 (1996)
Gouglidis, A., Mavridis, I.: On the definition of access control requirements for grid and cloud computing systems. In: Doulamis, A., Mambretti, J., Tomkos, I., Varvarigou, T. (eds.) GridNets 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 25, pp. 19–26. Springer, Heidelberg (2010)
ISO/IEC-13568: Information technology z - formal specification notation - syntax, type system and semantics, international Standard (2002)
Jonathan, L., Gross, J.Y. (eds.): Handbook of Graph Theory (Discrete Mathematics and Its Applications), 1st edn. CRC, Boca Raton (2003)
Neumann, G., Strembeck, M.: An approach to engineer and enforce context constraints in an rbac environment. In: SACMAT 2003: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 65–79. ACM, New York (2003)
Park, J., Sandhu, R.: The ucon abc usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)
Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks., pp. 50–59. IEEE, Los Alamitos (2002)
Phan, T., Huang, L., Dulan, C.: Challenge: integrating mobile wireless devices into the computational grid. In: Proceedings of the 8th Annual International Conference on Mobile Computing and Networking, p. 278. ACM, New York (2002)
Racz, P., Burgos, J., Inacio, N., Morariu, C., Olmedo, V., Villagra, V., Aguiar, R., Stiller, B.: Mobility and qos support for a commercial mobile grid in akogrimo. In: 16th IST on Mobile and Wireless Communications Summit, pp. 1–5 (2007)
Sandhu, R., Park, J.: Usage control: A vision for next generation access control. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17–31. Springer, Heidelberg (2003)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Shafiq, B., Joshi, J.B.D., Bertino, E., Ghafoor, A.: Secure interoperation in a multidomain environment employing rbac policies. IEEE Trans. on Knowl. and Data Eng. 17(11), 1557–1577 (2005)
Shehab, M., Bertino, E., Ghafoor, A.: Serat: Secure role mapping technique for decentralized secure interoperability. In: SACMAT 2005: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 159–167. ACM, New York (2005)
Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based authorization policy in a pki environment. ACM Transactions on Information and System Security (TISSEC) 6(4), 566–588 (2003)
Tolone, W., Ahn, G.J., Pai, T., Hong, S.P.: Access control in collaborative systems. ACM Comput. Surv. 37(1), 29–41 (2005)
Waldburger, M., Stiller, B.: Regulatory issues for mobile grid computing in the european union. In: 17th European Regional ITS Conference, Amsterdam, The Netherlands, pp. 1–9 (2006)
Zhang, G., Parashar, M.: Dynamic context-aware access control for grid applications. In: Proceedings of the Fourth International Workshop on Grid Computing 2003, pp. 101–108. IEEE, Los Alamitos (2004)
Zhang, X., Nakae, M., Covington, M., Sandhu, R.: A usage-based authorization framework for collaborative computing systems. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, pp. 180–189. ACM, New York (2006)
Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Toward a usage-based security framework for collaborative computing systems. ACM Trans. Inf. Syst. Secur. 11(1), 1–36 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Gouglidis, A., Mavridis, I. (2011). Role-Based Secure Inter-operation and Resource Usage Management in Mobile Grid Systems. In: Ardagna, C.A., Zhou, J. (eds) Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication. WISTP 2011. Lecture Notes in Computer Science, vol 6633. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21040-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-21040-2_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21039-6
Online ISBN: 978-3-642-21040-2
eBook Packages: Computer ScienceComputer Science (R0)