Authors: Jing Jin, Gail-Joon Ahn
Addresses: Deutsche Bank Global Technology, 3000 Centre Greenway, Cary, NC 27617, USA. ' Laboratory of Security Engineering for Future Computing (SEFCOM), Arizona State University, P.O. Box 878809, Tempe, AZ 85287, USA
Abstract: In Grid-based collaborations, a number of data sharing services in Grid are established to provide a unified platform for dynamic discovery, access and replication of distributed data. Controlling access to Grid data in these services requires the ability to dynamically make authorisation decisions based on the data owners| policies and users| credentials across administrative domains. In this paper, we present a flexible policy-driven authorisation system, called RamarsAuthZ, for secure data sharing services in Grid systems. RamarsAuthZ adopts a flexible role-based approach with trust-aware feature to advocate originator control, delegation and dissemination control. A case study based on Globus data replication service (DRS) is presented to provide effective access control both at the service level and at the data level. Our system is flexible and interoperable with multiple Grid services with little reliance on static policy and attribute management.
Keywords: access control; grid computing; assured sharing; security; resource sharing; grid based collaboration; data sharing; authorisation; grid services; trust awareness.
International Journal of Information and Computer Security, 2011 Vol.4 No.3, pp.215 - 233
Published online: 19 May 2011 *Full-text access for editors Access for subscribers Purchase this article Comment on this article