21,157 research outputs found
Towards trusted volunteer grid environments
Intensive experiences show and confirm that grid environments can be
considered as the most promising way to solve several kinds of problems
relating either to cooperative work especially where involved collaborators are
dispersed geographically or to some very greedy applications which require
enough power of computing or/and storage. Such environments can be classified
into two categories; first, dedicated grids where the federated computers are
solely devoted to a specific work through its end. Second, Volunteer grids
where federated computers are not completely devoted to a specific work but
instead they can be randomly and intermittently used, at the same time, for any
other purpose or they can be connected or disconnected at will by their owners
without any prior notification. Each category of grids includes surely several
advantages and disadvantages; nevertheless, we think that volunteer grids are
very promising and more convenient especially to build a general multipurpose
distributed scalable environment. Unfortunately, the big challenge of such
environments is, however, security and trust. Indeed, owing to the fact that
every federated computer in such an environment can randomly be used at the
same time by several users or can be disconnected suddenly, several security
problems will automatically arise. In this paper, we propose a novel solution
based on identity federation, agent technology and the dynamic enforcement of
access control policies that lead to the design and implementation of trusted
volunteer grid environments.Comment: 9 Pages, IJCNC Journal 201
Dynamic deployment of context-aware access control policies for constrained security devices
Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages
Management and Service-aware Networking Architectures (MANA) for Future Internet Position Paper: System Functions, Capabilities and Requirements
Future Internet (FI) research and development threads have recently been gaining momentum all over the world and as such the international race to create a new generation Internet is in full swing: GENI, Asia Future Internet, Future Internet Forum Korea, European Union Future Internet Assembly (FIA). This is a position paper identifying the research orientation with a time horizon of 10 years, together with the key challenges for the capabilities in the Management and Service-aware Networking Architectures (MANA) part of the Future Internet (FI) allowing for parallel and federated Internet(s)
- …