An Access Control and Trust Management Framework for Loosely-Coupled Multidomain Environment

Multidomain environments where multiple organizations interoperate with each other are becoming a reality as can be seen in emerging Internet-based enterprise applications. Access control to ensure secure interoperation in such an environment is a crucial challenge. A multidomain environment can be categorized as tightly-coupled and loosely-coupled. The access control challenges in the loosely-coupled environment have not been studied adequately in the literature. In a loosely-coupled environment, different domains do not know each other before they interoperate. Therefore, traditional approaches based on users' identities cannot be applied directly. Motivated by this, researchers have developed several attribute-based authorization approaches to dynamically build trust between previously unknown domains. However, these approaches all focus on building trust between individual requesting users and the resource providing domain. We demonstrate that such approaches are inefficient when the requests are issued by a set of users assigned to a functional role in the organization. Moreover, preserving principle of security has long been recognized as a challenging problem when facilitating interoperations. Existing research work has mainly focused on solving this problem only in a tightly-coupled environment where a global policy is used to preserve the principle of security. In this thesis, we propose a role-based access control and trust management framework for loosely-coupled environments. In particular, we allow the users to specify the interoperation requests in terms of requested permissions and propose several role mapping algorithms to map the requested permissions into roles in the resource providing domain. Then, we propose a Simplify algorithm to simplify the distributed proof procedures when a set of requests are issued according to the functions of some roles in the requesting domain. Our experiments show that our Simplify algorithm significantly simplifies such procedures when the total number of credentials in the environment is sufficiently large, which is quite common in practical applications. Finally, we propose a novel policy integration approach using the special semantics of hybrid role hierarchy to preserve the principle of security. At the end of this dissertation a brief discussion of implemented prototype of our framework is present

Towards ensuring scalability, interoperability and efficient access control in a multi-domain grid-based environment

The application of grid computing has been hampered by three basic challenges: scalability, interoperability and efficient access control which need to be optimized before a full-scale adoption of grid computing can take place. To address these challenges, a novel architectural model was designed for a multi-domain grid based environment (built on three domains). It was modelled using the dynamic role-based access control. The architecture’s framework assumes that each domain has an independent local security monitoring unit and a central security monitoring unit that monitors security for the entire grid. The architecture was evaluated using the Grid Security Services Simulator, a meta-query language and Java Runtime Environment 1.7.0.5 for implementing the workflows that define the model’s task. In terms of scalability, the results show that as the number of grid nodes increases, the average turnaround time reduces, and thereby increases the number of service requesters (grid users) on the grid. Grid middleware integration across various domains as well as the appropriate handling of authentication and authorisation through a local security monitoring unit and a central security monitoring unit proved that the architecture is interoperable. Finally, a case study scenario used for access control across the domains shows the efficiency of the role based access control approach used for achieving appropriate access to resources. Based on the results obtained, the proposed framework has proved to be interoperable, scalable and efficiently suitable for enforcing access control within the parameters evaluated.Department of HE and Training approved lis

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

Towards ensuring scalability, interoperability and efficient access control in a triple-domain grid-based environment

Philosophiae Doctor - PhDThe high rate of grid computing adoption, both in academe and industry, has posed challenges regarding efficient access control, interoperability and scalability. Although several methods have been proposed to address these grid computing challenges, none has proven to be completely efficient and dependable. To tackle these challenges, a novel access control architecture framework, a triple-domain grid-based environment, modelled on role based access control, was developed. The architecture’s framework assumes three domains, each domain with an independent Local Security Monitoring Unit and a Central Security Monitoring Unit that monitors security for the entire grid.The architecture was evaluated and implemented using the G3S, grid security services simulator, meta-query language as “cross-domain” queries and Java Runtime Environment 1.7.0.5 for implementing the workflows that define the model’s task. The simulation results show that the developed architecture is reliable and efficient if measured against the observed parameters and entities. This proposed framework for access control also proved to be interoperable and scalable within the parameters tested

Anàlisi, disseny i implementació d'una eina de simulació per a l'estudi de la interoperabilitat mitjançant conversió d'atributs en entorns multi-domini

El present projecte part d'un estudi sobre el tractament de situacions d'emergència, on es considera que una infraestructura de comunicació, sobre aquest tipus d'escenaris, ha d'implementar la interoperabilitat i el control d'accés, entre els diferents elements que hi participen, utilitzant la conversió d'atributs. Per tal de materialitzar aquest estudi s'ha realitzat un anàlisi de les necessitats de l'aplicació i un disseny detallat dels mòduls que el formen. S'ha implementat d'aquesta manera una eina de simulació per entorns multi-domini. Finalment s'han realitzat un conjunt de proves per comprovar la seva fiabilitat respecte l'estudi original.El presente proyecto parte de un estudio sobre el tratamiento de situaciones de emergencia, donde se considera que una infraestructura de comunicación, sobre este tipo de escenarios, tiene que implementar la interoperabilidad y el control de acceso, entre los diferentes elementos que participan, utilizando la conversión de atributos. Con tal de materializar este estudio se ha realizado un análisis de las necesidades de la aplicación y un diseño detallado de los módulos que lo forman. Se ha implementado de esta manera una herramienta de simulación para entornos multi-dominio. Finalmente se han realizado un conjunto de pruebas para comprobar su fiabilidad respecto al estudio original.The present project departs from a study on the treatment of emergency situations, where it says that an infrastructure of communication, on this type of scenes, has to implement the interoperability and the control of access, between the different elements that take part on it, using the conversion of attributes. So to materialize this study there has been realized an analysis of the needs of the application and a detailed design of the modules that they form it. A tool of simulation for environments multi-domain has been implemented. Finally a set of tests have been realized to verify his reliability with regard to the original study

Towards Interoperable Research Infrastructures for Environmental and Earth Sciences

This open access book summarises the latest developments on data management in the EU H2020 ENVRIplus project, which brought together more than 20 environmental and Earth science research infrastructures into a single community. It provides readers with a systematic overview of the common challenges faced by research infrastructures and how a ‘reference model guided’ engineering approach can be used to achieve greater interoperability among such infrastructures in the environmental and earth sciences. The 20 contributions in this book are structured in 5 parts on the design, development, deployment, operation and use of research infrastructures. Part one provides an overview of the state of the art of research infrastructure and relevant e-Infrastructure technologies, part two discusses the reference model guided engineering approach, the third part presents the software and tools developed for common data management challenges, the fourth part demonstrates the software via several use cases, and the last part discusses the sustainability and future directions