MANAGEMENT OF SECURITY POLICIES IN VIRTUAL ORGANISATIONS

Benjamin Aziz, Alvaro Arenas, Ian Johnson, Matej Artač, Aleš Černivec, Philip Robinson

2010

Abstract

Grid-based virtual organisations facilitate the sharing of computational resources among users belonging to different organisations and working towards a computationally-intensive goal within some project. The selection, access, usage and release of such resources is usually controlled through the enforcement of security policies that express what is acceptable behaviour by the resources and their users at each stage. This process is complex to manage in large-scale Grid-based systems, therefore, a solution tackling the management of VO policies is desirable. In this paper, we propose one such solution that provides policy management capabilities at each phase of the VO lifecycle. We discuss full aspects of the solution starting from the context and requirements analysis, use cases, design, implementation and finally, qualitative and quantitative evaluation.

References

  1. Arenas, A. E., Aziz, B., and Silaghi, G. C. (2008). Reputation Management in Grid-based Virtual Organisations. In SECRYPT 2008, International Conference on Security and Cryptography, pages 538-545.
  2. Bettini, C., Jajodia, S., Wang, X., and Wijesekera, D. (2002). Obligation Monitoring in Policy Management. In POLICY 7802: 3rd International Workshop on Policies for Distributed Systems and Networks. IEEE Computer Society.
  3. Chadwick, D. W., Zhao, G., Otenko, S., Laborde, R., Su, L., and Nguyen, T.-A. (2008). PERMIS: A Modular Authorization Infrastructure. Concurrency and Computation: Practice and Experience, 20(11):1341-1357.
  4. Chakrabarti, A. (2007). Grid Computing Security. Springer.
  5. Coppola, M., Jégou, Y., Matthews, B., Morin, C., Prieto, L. P., Sánchez, O. D., Yang, E., and Yu, H. (2008). Virtual Organization Support within a Grid-wide Operating System. IEEE Internet Computing, 12(2):20- 28.
  6. Costa, P., Napper, J., Pierre, G., and van Steen, M. (2009). Autonomous resource selection for decentralized utility computing. In 29th International Conference on Distributed Computing Systems (ICDCS).
  7. Foster, I. T., Kesselman, C., and Tuecke, S. (2001). The Anatomy of the Grid - Enabling Scalable Virtual Organizations. International Journal of High Performance Computing Applications, 15(3):200-222.
  8. Mazzoleni, P., Crispo, B., Sivasubramanian, S., and Bertino, E. (2009). Efficient Integration of FineGrained Access Control and Resource Brokering in Grid. The Journal of Supercomputing, 49(1):108-126.
  9. Morin, C., Jégou, Y., Gallard, J., and Riteau, P. (2009). Clouds, A New Playground for the XtreemOS Grid Operating System. Parallel Processing Letters (PPL), 19(3):435-449.
  10. Nagaratnam, N., Janson, P., Dayka, J., Nadalin, A., Siebenlist, F., Welch, V., Tuecke, S., and Foster, I. (2003). Security Architecture for Open Grid Services. OGF Document.
  11. Park, J. and Sandhu, R. (2004). The UCONabc Usage Control Model. ACM Transactions on Information and System Security, 7(1):128-174.
  12. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. (1996). Role-based access control models. Computer, 29(2):38-47.
  13. Shu, C., Yang, E., and Arenas, A. (2009). Detecting Conflicts in ABAC Policies with Rule-Reduction and Binary-Search Techniques. In Policy 2009: IEEE International Symposium on Policies for Distributed Systems and Networks. IEEE Computer Society.
  14. Turkmen, F. and Crispo, B. (2008). Performance Evaluation of XACML PDP Implementations. In SWS 2008: ACM Workshop on Secure Web Services, pages 37-44. ACM.
  15. Wasson, G. and Humphrey, M. (2003). Toward explicit policy management for virtual organizations. In POLICY 7803: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks. IEEE Computer Society.
Download


Paper Citation


in Harvard Style

Aziz B., Arenas A., Johnson I., Artač M., Černivec A. and Robinson P. (2010). MANAGEMENT OF SECURITY POLICIES IN VIRTUAL ORGANISATIONS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 467-477. DOI: 10.5220/0002959404670477


in Bibtex Style

@conference{secrypt10,
author={Benjamin Aziz and Alvaro Arenas and Ian Johnson and Matej Artač and Aleš Černivec and Philip Robinson},
title={MANAGEMENT OF SECURITY POLICIES IN VIRTUAL ORGANISATIONS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={467-477},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002959404670477},
isbn={978-989-8425-18-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - MANAGEMENT OF SECURITY POLICIES IN VIRTUAL ORGANISATIONS
SN - 978-989-8425-18-8
AU - Aziz B.
AU - Arenas A.
AU - Johnson I.
AU - Artač M.
AU - Černivec A.
AU - Robinson P.
PY - 2010
SP - 467
EP - 477
DO - 10.5220/0002959404670477