12 research outputs found
Context-Driven, User-Centric Access Control for Smart Spaces
In this paper, we describe a user-centric access control process for devices and services in smart space environments. The M-Zones Access Control (MAC) Process is driven by context information relating to the activities of the users present in a smart space, and by user-defined policies reflecting these users' preferences. As well as dynamically assigning access rights in response to context changes, the process provides for automatic reconfiguration of resources in order to protect a user's privacy as other users enter/leave his/her vicinity. To illustrate the implementation of the process we discuss its realisation in a test bed emulating an office-based smart space
Negotiating Trust on the Grid
Grids support dynamically evolving collections of resources and users, usually spanning multiple administrative domains. The dynamic and crossorganizational aspects of Grids introduce challenging management and policy issues for controlling access to Grid resources. In this paper we show how to extend the Grid Security Infrastructure to provide better support for the dynamic and cross-organizational aspects of Grid activities, by adding facilities for dynamic establishment of trust between parties. We present the PeerTrust language for access control policies, which is based on guarded distributed logic programs, and show how to use PeerTrust to model common Grid trust needs
Uma interface para refinamento de pesquisas de polÃticas de segurança em ambientes de grid services
Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da Computação.A computação em grid (ou computação em grade) consiste em uma forma de computação distribuÃda onde o foco principal é o compartilhamento coordenado de recursos em larga escala e resolução de problemas em organizações virtuais dinâmicas e multi-institucionais. Porém, tal compartilhamento deve ser altamente controlado, para garantir a segurança dos recursos envolvidos. Este trabalho se baseia na especificação OGSA (Open Grid Service Architecture) proposta pelo GGF (Global Grid Forum), em particular no Globus Toolkit 3 que a implementa, e apresenta uma proposta de extensão ao módulo de monitoramento e descoberta de recursos (MDS), para filtrar os resultados retornados baseado nos atributos do usuário e nas polÃticas do recurso
Dynamic deployment of web services on the internet or grid
PhD ThesisThis thesis focuses on the area of dynamic Web Service deployment for grid and
Internet applications. It presents a new Dynamic Service Oriented Architecture
(DynaSOAr) that enables the deployment of Web Services at run-time in response to
consumer requests.
The service-oriented approach to grid and Internet computing is centred on two
parties: the service provider and the service consumer. This thesis investigates the
introduction of mobility into this service-oriented approach allowing for better use of
resources and improved quality of service. To this end, it examines the role of the
service provider and makes the case for a clear separation of its concerns into two
distinct roles: that of a Web Service Provider, whose responsibility is to receive and
direct consumer requests and supply service implementations, and a Host Provider,
whose role is to deploy services and process consumers' requests on available
resources. This separation of concerns breaks the implicit bond between a published
Web Service endpoint (network address) and the resource upon which the service is
deployed. It also allows the architecture to respond dynamically to changes in service
demand and the quality of service requirements. Clearly defined interfaces for each
role are presented, which form the infrastructure of DynaSOAr. The approach taken
is wholly based on Web Services.
The dynamic deployment of service code between separate roles, potentially running
in different administrative domains, raises a number of security issues which are
addressed. A DynaSOAr service invocation involves three parties: the requesting
Consumer, a Web Service Provider and a Host Provider; this tripartite relationship
requires a security model that allows the concerns of each party to be enforced for a
given invocation. This thesis, therefore, presents a Tripartite Security Model and an
architecture that allows the representation, propagation and enforcement of three
separate sets of constraints.
A prototype implementation of DynaSOAr is used to evaluate the claims made, and
the results show that a significant benefit in terms of round-trip execution time for
data-intensive applications is achieved. Additional benefits in terms of parallel
deployments to satisfy multiple concurrent requests are also shown
Evolving a secure grid-enabled, distributed data warehouse : a standards-based perspective
As digital data-collection has increased in scale and number, it becomes an important type of resource serving a wide community of researchers. Cross-institutional data-sharing and collaboration introduce a suitable approach to facilitate those research institutions that are suffering the lack of data and related IT infrastructures. Grid computing has become a widely adopted approach to enable cross-institutional resource-sharing and collaboration. It integrates a distributed and heterogeneous collection of locally managed users and resources. This project proposes a distributed data warehouse system, which uses Grid technology to enable data-access and integration, and collaborative operations across multi-distributed institutions in the context of HV/AIDS research. This study is based on wider research into OGSA-based Grid services architecture, comprising a data-analysis system which utilizes a data warehouse, data marts, and near-line operational database that are hosted by distributed institutions. Within this framework, specific patterns for collaboration, interoperability, resource virtualization and security are included. The heterogeneous and dynamic nature of the Grid environment introduces a number of security challenges. This study also concerns a set of particular security aspects, including PKI-based authentication, single sign-on, dynamic delegation, and attribute-based authorization. These mechanisms, as supported by the Globus Toolkit’s Grid Security Infrastructure, are used to enable interoperability and establish trust relationship between various security mechanisms and policies within different institutions; manage credentials; and ensure secure interactions