Grid Security and Trust Management Overview

Abstract Security is one of the most important aspects in all grid environments. Researchers and engineers developed many technologies and frameworks used to establish an environment, in which users can use grid capabilities in a secure manner. In traditional grid environments security is based on user authentication and authorization of user's actions on shared resources. However, this approach demands a pre-established trust relationship between the grid users and the resource providers. Security based on trust management enables dynamic creation of trust relationships between unknown parties. This article reviews various trust models designed for grid environments and lists their main characteristics and purpose in traditional and emerging grids

Privacy trust access control infrastructure using XACML

The use of personal, sensitive information, such as privileges and attributes, to gain access to computer resources in distributed environments raises an interesting paradox. On one hand, in order to make the services and resources accessible to legitimate users, access control infrastructure requires valid and provable service clients' identities or attributes to make decisions. On the other hand, the service clients may not be prepared to disclose their identity information or attributes to a remote party without determining in advance whether the service provider can be trusted with such sensitive information. Moreover, when clients give out personal information, they still are unsure of the extent of propagation and use of the information. This thesis describes an investigation of privacy preserving options in access control infrastructures, and proposes a security model to support the management of those options, based on extensible Access Control Markup Language (XACML) and Security Access Markup Language (SAML), both of which are OASIS security standards. Existing access control systems are typically unilateral in that the enterprise service provider assigns the access rights and makes the access control decisions, and there is no negotiation between the client and the service provider. As access control management systems lean towards being user-centric or federated, unilateral approaches can no longer adequately preserve the client's privacy, particularly where communicating parties have no pre-existing trust relationship. As a result, a unified approach that significantly improves privacy and confidentiality protection in distributed environments was considered. This resulted in the development of XACML Trust Management Authorization Infrastructure (XTMAI) designed to handle privacy and confidentiality mutually and simultaneously using the concept of Obligation of Trust (OoT) protocol. The OoT enables two or more transaction parties to exchange Notice of Obligations (NoB) (obligating constraints) as well as Signed Acceptance of Obligation (SAO), a proof of acceptance, as security assurances before exchange of sensitive resources.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Privacy trust access control infrastructure using XACML

The use of personal, sensitive information, such as privileges and attributes, to gain access to computer resources in distributed environments raises an interesting paradox. On one hand, in order to make the services and resources accessible to legitimate users, access control infrastructure requires valid and provable service clients' identities or attributes to make decisions. On the other hand, the service clients may not be prepared to disclose their identity information or attributes to a remote party without determining in advance whether the service provider can be trusted with such sensitive information. Moreover, when clients give out personal information, they still are unsure of the extent of propagation and use of the information. This thesis describes an investigation of privacy preserving options in access control infrastructures, and proposes a security model to support the management of those options, based on extensible Access Control Markup Language (XACML) and Security Access Markup Language (SAML), both of which are OASIS security standards. Existing access control systems are typically unilateral in that the enterprise service provider assigns the access rights and makes the access control decisions, and there is no negotiation between the client and the service provider. As access control management systems lean towards being user-centric or federated, unilateral approaches can no longer adequately preserve the client's privacy, particularly where communicating parties have no pre-existing trust relationship. As a result, a unified approach that significantly improves privacy and confidentiality protection in distributed environments was considered. This resulted in the development of XACML Trust Management Authorization Infrastructure (XTMAI) designed to handle privacy and confidentiality mutually and simultaneously using the concept of Obligation of Trust (OoT) protocol. The OoT enables two or more transaction parties to exchange Notice of Obligations (NoB) (obligating constraints) as well as Signed Acceptance of Obligation (SAO), a proof of acceptance, as security assurances before exchange of sensitive resources

Adaptive trust negotiation and access control for grids

Abstract — Access control in computational grids is typically provided by a combination of identity certificates and local accounts. This approach does not scale as the number of users and resources increase. Moreover, identity-based access control is not sufficient because users and resources may reside in different security domains and may not have pre-existing knowledge about one another. Trust negotiation is well-suited for Grid computing because it allows participants to establish mutual trust based on attributes other than identity. The Adaptive Trust Negotiation and Access Control (ATNAC) framework addresses the problem of access control in open systems by protecting itself from adversaries who may want to misuse, exhaust or deny service to resources. ATNAC is based on the GAA-API, which provides adaptive access control capturing dynamically changing system security requirements. The GAA-API utilizes TrustBuilder to establish a sufficient level of trust between the negotiating participants, based on the sensitivity of the access request and a suspicion level associated with the requester. A federated security context allows Grid participants to communicate their security appraisal and make judgments based on collective wisdom and the level of trust among them. We plan to apply ATNAC techniques to negotiation agreements in virtual organizations and P2P environments. I