The Community for Technology Leaders
2013 IEEE International Conference on Services Computing (2005)
Orlando, Florida
July 11, 2005 to July 15, 2005
ISBN: 0-7695-2408-7
pp: 77-86
Swaminathan Sivasubramanian , Department of Computer Science Vrije Universiteit, Amsterdam
Elisa Bertino , Department of Computer Science and CERIAS Purdue University, USA
Pietro Mazzoleni , Department of Computer Science University of Milan,Italy
Bruno Crispo , Department of Computer Science Vrije Universiteit, Amsterdam
<p>In this paper, we present a scalable authorization service, based on the concept of fine-grained access control (FGAC), for large-scale Grid infrastructures that span multiple independent domains. FGAC enables participating resource owners to specify fine-grained policies concerning which user can access can their resources under which mode. We argue that such an authorization service must be integrated with the resource broker service to avoid scheduling requests onto resources which do not authorize the user request. For this reason, we develop a novel resource broker service that integrates access control with resource scheduling. In our system, both resource owners and users define their resource access and usage policies. The resource broker schedules a user request only within the set of resources whose policies match the user credentials (and vice-versa).</p> <p>Since this process of evaluating authorization policies of resources and user, in addition to checking the resource requirement, can be a potential bottleneck for a large scale Grid, we also analyze the problem of efficient evaluation of FGAC policies. In this context, we present a novel method for policy organization and compare its performance with other strategies. Preliminary results show that the proposed method can significantly enhance performance.</p>
Swaminathan Sivasubramanian, Elisa Bertino, Pietro Mazzoleni, Bruno Crispo, "Efficient Integration of Fine-grained Access Control in Large-scale Grid Services", 2013 IEEE International Conference on Services Computing, vol. 01, no. , pp. 77-86, 2005, doi:10.1109/SCC.2005.49
110 ms
(Ver 3.1 (10032016))