© University of Kent - Contact | Feedback | Legal | FOI | Cookies
Advanced Security for Virtual Organizations: The Pros and Cons of Centralized vs Decentralized Security Models
R O Sinnott, D W Chadwick, T Doherty, D Martin, A Stell, G Stewart, L Su, and J Watt
In Proceedings of the 8th IEEE International Symposium on Cluster Computing and the Grid (CCGrid 08), pages 182-196, Ecole Normale Superieure de Lyon, Lyon, France, May 2008. Institute of Electrical and Electronics Engineers [doi].Abstract
Grids allow for collaborative e-Research to be undertaken, often across institutional and national boundaries. Typically this is through the establishment of virtual organizations (VOs) where policies on access and usage of resources across partner sites are defined and subsequently enforced. For many VOs, these agreements have been lightweight and erred on the side of flexibility with minimal constraints on the kinds of jobs a user is allowed to run or the amount of resources that can be consumed. For many new domains such as e-Health, such flexibility is simply not tenable. Instead, precise definitions of what jobs can be run, and what data can be accessed by who need to be defined and enforced by sites. The role based access control model (RBAC) provides a well researched paradigm for controlling access to large scale dynamic VOs. However, the standard RBAC model assumes a single domain with centralised role management. When RBAC is applied to VOs, it does not specify how or where roles should be defined or made known to the distributed resource sites (who are always deemed to be autonomous to make access control decisions). Two main possibilities exist based on either a centralized or decentralized approach to VO role management. We present the advantages and disadvantages of the centralized and decentralized role models and describe how we have implemented them in a range of security focused e-Research domains at the National e-Science Centre (NeSC) at the University of Glasgow.
Download publication 265 kbytes (PDF)Bibtex Record
@inproceedings{2835,
author = {R O Sinnott and D W Chadwick and T Doherty and D Martin and A Stell and G Stewart and L Su and J Watt},
title = {{A}dvanced {S}ecurity for {V}irtual {O}rganizations: {T}he {P}ros and {C}ons of {C}entralized vs {D}ecentralized {S}ecurity {M}odels},
month = {May},
year = {2008},
pages = {182-196},
keywords = {determinacy analysis, Craig interpolants},
note = {},
doi = {10.1109/CCGRID.2008.67},
url = {http://www.cs.kent.ac.uk/pubs/2008/2835},
publication_type = {inproceedings},
submission_id = {17292_1225727513},
booktitle = {Proceedings of the 8th IEEE International Symposium on Cluster Computing and the Grid (CCGrid 08) },
address = {Ecole Normale Superieure de Lyon, Lyon, France},
publisher = {Institute of Electrical and Electronics Engineers},
}