Privacy-preserving attribute-based access control for grid computing Online publication date: Sat, 09-May-2015
by Sang M. Park; Soon M. Chung
International Journal of Grid and Utility Computing (IJGUC), Vol. 5, No. 4, 2014
Abstract: In Attribute-Based Access Control (ABAC), access is granted based on the attributes of the requesting user. ABAC is a highly flexible and scalable access control scheme which can deal with diverse security requirements in a grid computing environment. However, in ABAC the user attributes published by the identity providers for authorisation decision may cause some privacy violation. We developed an attribute release control mechanism to publish an optimal set of user attributes that are essential to access a desired resource (or service), while exposing the least amount of sensitive user information. To facilitate the selection of an optimal set of user attributes, we also developed a Web service, named Security Policy Publication Service (SPPS), which retrieves the access condition from the access control policies in eXtensible Access Control Markup Language (XACML) and converts it into a Disjunctive Normal Form (DNF) of user attributes. For the implementation of our privacy-preserving ABAC, we used the Globus Toolkit and modified the Shibboleth Identity Provider and GridShib. Our performance analysis shows that the overhead of the proposed system is very small.
Online publication date: Sat, 09-May-2015
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Grid and Utility Computing (IJGUC):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email email@example.com