An Implementation of Role-Base Trust Management Extended with Weights on Mobile Devices

AbstractThis paper describes the implementation of a library for the management and evaluation of Role-based Trust Management (RT) credentials and policies written in RTML, also extended with weights, in mobile devices. In particular, it describes the implementation of the library in J2ME. It is worth noticing, that RTML credentials are XML-like documents and thus the capability of porting these features on mobile devices makes the overall framework very interoperable with other RT frameworks (as for GRID systems). As policy language, we use actually a variant of RTML, whose policies are added with weights and are able to express quantitative experience-based notions of trust. It allow also to encode certain reputation and recommendation models. The obtained results show how the implementation on mobile devices is feasible and the running time acceptable for several applications

Access and Usage Control in Grid

Grid is a computational environment where heterogeneous resources are virtualized and outsourced to multiple users across the Internet. The increasing popularity of the resources visualization is explained by the emerging suitability of such technology for automated execution of heavy parts of business and research processes. Efficient and flexible framework for the access and usage control over Grid resources is a prominent challenge. The primary objective of this thesis is to design the novel access and usage control model providing the fine-grained and continuous control over computational Grid resources. The approach takes into account peculiarities of Grid: service-oriented architecture, long-lived interactions, heterogeneity and distribution of resources, openness and high dynamics. We tackle the access and usage control problem in Grid by Usage CONtrol (UCON) model, which presents the continuity of control and mutability of authorization information used to make access decisions. Authorization information is formed by attributes of the resource requestor, the resource provider and the environment where the system operates. Our access and usage control model is considered on three levels of abstraction: policy, enforcement and implementation. The policy level introduces security policies designed to specify the desired granularity of control: coarse-grained policies that manages access and usage of Grid services, and fine-grained policies that monitor the usage of underlying resources allocated for a particular Grid service instance. We introduce U-XACML and exploit POLPA policy languages to specify and formalize security policies. Next, the policy level presents attribute management models. Trust negotiations are applied to collect a set of attributes needed to produce access decisions. In case of mutable attributes, a risk-aware access and usage control model is given to approximate the continuous control and timely acquisition of fresh attribute values. The enforcement level presents the architecture of the state-full reference monitor designed to enforce security policies on coarse- and fine-grained levels of control. The implementation level presents a proof-of-concept realization of our access and usage control model in Globus Toolkit, the most widely used middleware to setup computational Grids