Skip to main content
SpringerLink
Log in

Authorization Mechanisms for Virtual Organizations in Distributed Computing Systems

  • Conference paper
Information Security and Privacy (ACISP 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3108))

Included in the following conference series:

Abstract

With the rapid development of the global information infrastructure, the use of virtual organization (VO) is gaining increasing importance as a model for building large-scale business information systems. The notion of VO is significant in that it could serve as a basic framework for implementing geographically distributed, cross-organizational application systems in a highly flexible manner. VO is generally composed of participants from different organizations driven by specific tasks. In order to control both participation and access to shared resources, authorization is essential in VO. However, authorization in VO is challenging because of the dynamic and distributed nature of VO; thus requiring mechanisms that are efficient, scalable and being able to handle complex access control policies. This paper analyzes the requirement of authorization services for VO and proposes the use of threshold scheme as a basic mechanism for implementing authorization services in large scale distributed computing systems. While pointing out the desirable features of threshold schemes for complex authorization policies, the paper also discusses the practical limitations of threshold schemes in such an environment. The main contribution of this paper is that it suggests a practical approach for deploying threshold closure, an optimal form of threshold schemes, for implementing authorization of VO. In essence, we suggest segregating the policy and mechanism aspects of threshold closure so that complex policies may be specified using threshold closure which are implemented conveniently using existing authentication-based enforcement mechanisms available in traditional security infrastructure.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: enabling scalable virtual organizations. Int. J. Supercomputer Applications 15(3), 200–222 (2001)

    Article  Google Scholar 

  2. Lam, K.Y., Zhao, X.B., Chung, S.L., Gu, M., Sun, J.G.: Enhancing Grid Security Infrastructure to Support Mobile Computing Nodes. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. K.Y. Lam, X.B. Zhao, S.L. Chung, M. Gu, J.G. Sun, vol. 2908, pp. 42–54. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  3. Dengue fever prevention and control. Weekly Epidemiological Record 77(6), 41–48 (August 2002)

    Google Scholar 

  4. Overview of the Grid Security Infrastructure at http://www-fp.globus.org/security/overview.html

  5. Zhou, J.Y., Lam, K.Y.: Securing digital signatures for non-repudiation. Journal of Computer Communications 22(8), 710–716 (1999)

    Article  Google Scholar 

  6. Keahey, K., Welch, V.: Fine-Grain Authorization for Resource Management in the Grid Environment. In: Parashar, M. (ed.) GRID 2002. LNCS, vol. 2536, pp. 199–206. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A Community Authorization Service for Group Collaboration. In: Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks (2002)

    Google Scholar 

  8. Nagaraj, S.V.: Access control in distributed object systems: problems with access control lists. In: Enabling Technologies: Infrastructure for Collaborative Enterprises, 2001. WET ICE 2001. Proceedings. Tenth IEEE International Workshops (2001)

    Google Scholar 

  9. Zhang, C.R., Lam, K.Y., Jajodia, S.: Scalable threshold closure. Theoretical Computer Science 226, 185–206 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  10. Shamir, A.: How to share a secret. Communications of the ACM, Vol 22(11), 612–613 (1979)

    Article  MATH  MathSciNet  Google Scholar 

  11. Benaloh, J.C., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, Heidelberg (1990)

    Google Scholar 

  12. Ito, M., Saito, A., Nishizeki, T.: Secret sharing scheme realizing general access structure. In: Globecom 1987, Tokyo, Japan, pp. 99–102 (1987)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Comp Sci & Telecom Engrg, Jiangsu University, Zhenjiang, PR, China

    Xi-Bin Zhao

  2. School of Software, Tsinghua University, Beijing, PR China

    Kwok-Yan Lam, Ming Gu & Jia-Guang Sun

  3. School of Business Administration, The Open University of Hong Kong,  

    Siu-Leung Chung

Authors
  1. Xi-Bin Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kwok-Yan Lam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Siu-Leung Chung
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ming Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jia-Guang Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Centre for Advanced Computing - Algorithms and Cryptography Department of Computing, Macquarie University, Australia

    Huaxiong Wang

  2. Department of Computing, Macquarie University, NSW 2109, Sydney, Australia

    Josef Pieprzyk

  3. Macquarie University, Sydney, Australia

    Vijay Varadharajan

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhao, XB., Lam, KY., Chung, SL., Gu, M., Sun, JG. (2004). Authorization Mechanisms for Virtual Organizations in Distributed Computing Systems. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds) Information Security and Privacy. ACISP 2004. Lecture Notes in Computer Science, vol 3108. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-27800-9_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-27800-9_36

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22379-5

  • Online ISBN: 978-3-540-27800-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation