Abstract

In Grid-based collaborations, a number of data sharing services in Grid are established to provide a unified platform for dynamic discovery, access and replication of distributed data. Controlling access to Grid data in these services requires the ability to dynamically make authorisation decisions based on the data owners' policies and users' credentials across administrative domains. In this paper, we present a flexible policy-driven authorisation system, called RamarsAuthZ, for secure data sharing services in Grid systems. RamarsAuthZ adopts a flexible role-based approach with trust-aware feature to advocate originator control, delegation and dissemination control. A case study based on Globus data replication service (DRS) is presented to provide effective access control both at the service level and at the data level. Our system is flexible and interoperable with multiple Grid services with little reliance on static policy and attribute management.

Original languageEnglish (US)
Pages (from-to)215-233
Number of pages19
JournalInternational Journal of Information and Computer Security
Volume4
Issue number3
DOIs
StatePublished - May 2011

Fingerprint

Access control

Keywords

  • Access control
  • Assured sharing
  • Grid systems
  • Security

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture

Cite this

Assured resource sharing in Grid environments. / Jin, Jing; Ahn, Gail-Joon.

In: International Journal of Information and Computer Security, Vol. 4, No. 3, 05.2011, p. 215-233.

Research output: Contribution to journalArticle

@article{5b90d94b1c634653a73d8e5123b289f5,
title = "Assured resource sharing in Grid environments",
abstract = "In Grid-based collaborations, a number of data sharing services in Grid are established to provide a unified platform for dynamic discovery, access and replication of distributed data. Controlling access to Grid data in these services requires the ability to dynamically make authorisation decisions based on the data owners' policies and users' credentials across administrative domains. In this paper, we present a flexible policy-driven authorisation system, called RamarsAuthZ, for secure data sharing services in Grid systems. RamarsAuthZ adopts a flexible role-based approach with trust-aware feature to advocate originator control, delegation and dissemination control. A case study based on Globus data replication service (DRS) is presented to provide effective access control both at the service level and at the data level. Our system is flexible and interoperable with multiple Grid services with little reliance on static policy and attribute management.",
keywords = "Access control, Assured sharing, Grid systems, Security",
author = "Jing Jin and Gail-Joon Ahn",
year = "2011",
month = "5",
doi = "10.1504/IJICS.2011.040181",
language = "English (US)",
volume = "4",
pages = "215--233",
journal = "International Journal of Information and Computer Security",
issn = "1744-1765",
publisher = "Inderscience Enterprises Ltd",
number = "3",

}

TY - JOUR

T1 - Assured resource sharing in Grid environments

AU - Jin, Jing

AU - Ahn, Gail-Joon

PY - 2011/5

Y1 - 2011/5

N2 - In Grid-based collaborations, a number of data sharing services in Grid are established to provide a unified platform for dynamic discovery, access and replication of distributed data. Controlling access to Grid data in these services requires the ability to dynamically make authorisation decisions based on the data owners' policies and users' credentials across administrative domains. In this paper, we present a flexible policy-driven authorisation system, called RamarsAuthZ, for secure data sharing services in Grid systems. RamarsAuthZ adopts a flexible role-based approach with trust-aware feature to advocate originator control, delegation and dissemination control. A case study based on Globus data replication service (DRS) is presented to provide effective access control both at the service level and at the data level. Our system is flexible and interoperable with multiple Grid services with little reliance on static policy and attribute management.

AB - In Grid-based collaborations, a number of data sharing services in Grid are established to provide a unified platform for dynamic discovery, access and replication of distributed data. Controlling access to Grid data in these services requires the ability to dynamically make authorisation decisions based on the data owners' policies and users' credentials across administrative domains. In this paper, we present a flexible policy-driven authorisation system, called RamarsAuthZ, for secure data sharing services in Grid systems. RamarsAuthZ adopts a flexible role-based approach with trust-aware feature to advocate originator control, delegation and dissemination control. A case study based on Globus data replication service (DRS) is presented to provide effective access control both at the service level and at the data level. Our system is flexible and interoperable with multiple Grid services with little reliance on static policy and attribute management.

KW - Access control

KW - Assured sharing

KW - Grid systems

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=79957796361&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79957796361&partnerID=8YFLogxK

U2 - 10.1504/IJICS.2011.040181

DO - 10.1504/IJICS.2011.040181

M3 - Article

AN - SCOPUS:79957796361

VL - 4

SP - 215

EP - 233

JO - International Journal of Information and Computer Security

JF - International Journal of Information and Computer Security

SN - 1744-1765

IS - 3

ER -