This thesis reasons on usage control in Data Grids, by presenting
models, architectures and specifications. This work is a step
toward a continuous monitoring and control of the data access and
usage in a Data Grid. First, the thesis presents a background on
Grids, security, and security for Grids, by making an abstraction
to the current Grid implementations. We argue that usage control
in Data Grids should be considered as a process composed
by two black boxes. We analysed the requirements for Grid security,
and propose a distributed usage control model suitable for
Grids and distributed systems alike. Then, we apply such model
to a Data Grid abstraction, and present a usage control architecture
for Data Grids that uses the functional components of the
currents Grids. We also present an abstract specification for an
enforcing mechanism for usage control policies. To do so, we use
a formal requirement engineering methodology with a bottom-up
approach, that proves that the specification is sound and complete.
With the methodology, we show formally that such abstract specification
can enforce all the different typologies of usage control
policies. Finally, we consider how existing prototypes can fit in
the proposed architecture, and the advantages derived from using
Semantic Grid techologies for the specification of policies subjects
and objects
