An Authorisation Scenario for S-OGSA

The Semantic Grid initiative aims to exploit knowledge in the Grid to increase the automation, interoperability and flexibility of Grid middleware and applications. To bring a principled approach to developing Semantic Grid Systems, and to outline their core capabilities and behaviors, we have devised a reference Semantic Grid Architecture called S-OGSA. We present the implementation of an S-OGSA observant semantically-enabled Grid authorization scenario, which demonstrates two aspects: 1) the roles of different middleware components, be them semantic or non-semantic, and 2) the utility of explicit semantics for undertaking an essential activity in the Grid: resource access control

RelBAC: Relation Based Access Control

TheWeb 2.0, GRID applications and, more recently, semantic desktop applications are bringing the Web to a situation where more and more data and metadata are shared and made available to large user groups. In this context, metadata may be tags or complex graph structures such as file system or web directories, or (lightweight) ontologies. In turn, users can themselves be tagged by certain properties, and can be organized in complex directory structures, very much in the same way as data. Things are further complicated by the highly unpredictable and autonomous dynamics of data, users, permissions and access control rules. In this paper we propose a new access control model and a logic, called RelBAC (for Relation Based Access Control) which allows us to deal with this novel scenario. The key idea, which differentiates RelBAC from the state of the art, e.g., Role Based Access Control (RBAC), is that permissions are modeled as relations between users and data, while access control rules are their instantiations on specific sets of users and objects. As such, access control rules are assigned an arity which allows a fine tuning of which users can access which data, and can evolve independently, according to the desires of the policy manager(s). Furthermore, the formalization of the RelBAC model as an Entity-Relationship (ER) model allows for its direct translation into Description Logics (DL). In turn, this allows us to reason, possibly at run time, about access control policies

Semantic security: specification and enforcement of semantic policies for security-driven collaborations

Collaborative research can often have demands on finer-grained security that go beyond the authentication-only paradigm as typified by many e-Infrastructure/Grid based solutions. Supporting finer-grained access control is often essential for domains where the specification and subsequent enforcement of authorization policies is needed. The clinical domain is one area in particular where this is so. However it is the case that existing security authorization solutions are fragile, inflexible and difficult to establish and maintain. As a result they often do not meet the needs of real world collaborations where robustness and flexibility of policy specification and enforcement, and ease of maintenance are essential. In this paper we present results of the JISC funded Advanced Grid Authorisation through Semantic Technologies (AGAST) project (www.nesc.ac.uk/hub/projects/agast) and show how semantic-based approaches to security policy specification and enforcement can address many of the limitations with existing security solutions. These are demonstrated into the clinical trials domain through the MRC funded Virtual Organisations for Trials and Epidemiological Studies (VOTES) project (www.nesc.ac.uk/hub/projects/votes) and the epidemiological domain through the JISC funded SeeGEO project (www.nesc.ac.uk/hub/projects/seegeo)

Mobile Edge Computing Empowers Internet of Things

In this paper, we propose a Mobile Edge Internet of Things (MEIoT) architecture by leveraging the fiber-wireless access technology, the cloudlet concept, and the software defined networking framework. The MEIoT architecture brings computing and storage resources close to Internet of Things (IoT) devices in order to speed up IoT data sharing and analytics. Specifically, the IoT devices (belonging to the same user) are associated to a specific proxy Virtual Machine (VM) in the nearby cloudlet. The proxy VM stores and analyzes the IoT data (generated by its IoT devices) in real-time. Moreover, we introduce the semantic and social IoT technology in the context of MEIoT to solve the interoperability and inefficient access control problem in the IoT system. In addition, we propose two dynamic proxy VM migration methods to minimize the end-to-end delay between proxy VMs and their IoT devices and to minimize the total on-grid energy consumption of the cloudlets, respectively. Performance of the proposed methods are validated via extensive simulations

A high performance UCON and semantic-based authorization framework for grid computing

Authorization infrastructures are an important and integral part of grid computing which facilitate access control functions to protect resources.This paper presents an authorization framework that combines the usage control (UCON) model with semantic web technology.To our knowledge, an authorization framework that combines both the UCON and semantic web technology in one framework has not yet been previously proposed.As the UCON model combines traditional access control, trust management and digital rights management in a grid authorization infrastructure, its adoption enhances the capability of the authorization. However, UCON-based authorization presents a problem in controlling the policy granularity and minimizing the authorization overhead due to complexity in the policies inherited from the UCON model.The growing number of users and resources in the grid makes this problem even worse.We use the semantic web technology to provide a way to automatically manage the rules in the policies, hence keeping the granularity under control. To minimize the authorization overhead, a new mechanism to reduce the number of policy checks is proposed in this paper. Our simulation result shows that the proposed mechanism provides a 63% reduction in rule checking compared to previous methods

Towards a Semantic Grid Computing Platform for Disaster Management in Built Environment

Current disaster management procedures rely primarily on heuristics which result in their strategies being very cautious and sub-optimum in terms of saving life, minimising damage and returning the building to its normal function. Also effective disaster management demands decentralized, dynamic, flexible, short term and across domain resource sharing, which is not well supported by existing distributing computing infrastructres. The paper proposes a conceptual framework for emergency management in the built environment, using Semantic Grid as an integrating platform for different technologies. The framework supports a distributed network of specialists in built environment, including structural engineers, building technologists, decision analysts etc. It brings together the necessary technology threads, including the Semantic Web (to provide a framework for shared definitions of terms, resources and relationships), Web Services (to provide dynamic discovery and integration) and Grid Computing (for enhanced computational power, high speed access, collaboration and security control) to support rapid formation of virtual teams for disaster management. The proposed framework also make an extensive use of modelling and simulation (both numerical and using visualisations), data mining (to find resources in legacy data sets) and visualisation. It also include a variety of hardware instruments with access to real time data. Furthermore the whole framework is centred on collaborative working by the virtual team. Although focus of this paper is on disaster management, many aspects of the discussed Grid and Visualisation technologies will be useful for any other forms of collaboration. Conclusions are drawn about the possible future impact on the built environment

Managing semantic Grid metadata in S-OGSA

Grid resources such as data, services, and equipment, are increasingly being annotated with descriptive metadata that facilitates their discovery and their use in the context of Virtual Organizations (VO). Making such growing body of metadata explicit and available to Grid services is key to the success of the VO paradigm. In this paper we present a model and management architecture for Semantic Bindings, i.e., firstclass Grid entities that encapsulate metadata on the Grid and make it available through predictable access patterns. The model is at the core of the S-OGSA reference architecture for the Semantic Grid

A Semantic Grid Oriented to E-Tourism

With increasing complexity of tourism business models and tasks, there is a clear need of the next generation e-Tourism infrastructure to support flexible automation, integration, computation, storage, and collaboration. Currently several enabling technologies such as semantic Web, Web service, agent and grid computing have been applied in the different e-Tourism applications, however there is no a unified framework to be able to integrate all of them. So this paper presents a promising e-Tourism framework based on emerging semantic grid, in which a number of key design issues are discussed including architecture, ontologies structure, semantic reconciliation, service and resource discovery, role based authorization and intelligent agent. The paper finally provides the implementation of the framework.Comment: 12 PAGES, 7 Figure

The Semantic Grid: A future e-Science infrastructure

e-Science offers a promising vision of how computer and communication technology can support and enhance the scientific process. It does this by enabling scientists to generate, analyse, share and discuss their insights, experiments and results in an effective manner. The underlying computer infrastructure that provides these facilities is commonly referred to as the Grid. At this time, there are a number of grid applications being developed and there is a whole raft of computer technologies that provide fragments of the necessary functionality. However there is currently a major gap between these endeavours and the vision of e-Science in which there is a high degree of easy-to-use and seamless automation and in which there are flexible collaborations and computations on a global scale. To bridge this practice–aspiration divide, this paper presents a research agenda whose aim is to move from the current state of the art in e-Science infrastructure, to the future infrastructure that is needed to support the full richness of the e-Science vision. Here the future e-Science research infrastructure is termed the Semantic Grid (Semantic Grid to Grid is meant to connote a similar relationship to the one that exists between the Semantic Web and the Web). In particular, we present a conceptual architecture for the Semantic Grid. This architecture adopts a service-oriented perspective in which distinct stakeholders in the scientific process, represented as software agents, provide services to one another, under various service level agreements, in various forms of marketplace. We then focus predominantly on the issues concerned with the way that knowledge is acquired and used in such environments since we believe this is the key differentiator between current grid endeavours and those envisioned for the Semantic Grid