期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2009
卷号:9
期号:3
页码:12-19
出版社:International Journal of Computer Science and Network Security
摘要:Recently, there arose a necessity to distribute computing applications frequently across grids. Ever more these applications depend on services like data transfer or data portal services and submission of jobs. Owing to the fact that the distribution of services and resources in wide-area networks are heterogeneous, dynamic, and multi-domain, security is of vital significance in grid computing. Authorization and access control; the significant aspects of security, have attracted increased attention in grid computing. Role Based Access Control (RBAC) is an emerging access control mechanism in grid computing. RBAC was afforded in the Globus toolkit with the support of Community Authorization Service (CAS) and this CAS was employed by several researchers in providing access control. The major problem with the CAS is that the user credentials are revealed to the virtual organization (VO) thereby leaving them in jeopardy. Moreover, once the user credentials are hacked, both the user and VO resources become vulnerable. In this paper, we have proposed a novel architecture for Role Based Access Control in Grid computing where user credential and security are regarded as a prime concerns while sharing data and computational resources in a grid problem. The evaluation mechanism detailed in this paper is highly resistant for both the users as well as for the VO resources. In the proposed mechanism, the user credentials are not revealed to the VOs, thus protecting the users from hacking possibilities. Since the hacking possibilities of user credentials are reduced the proposed system also prevents VO resources being hacked by some adversary users of the organization. This makes our model more efficient when compared to other models.
关键词:Grid computing; Grid security; Authorization and Access Control; Role Based Access Control (RBAC); Community Authorization Server (CAS); Virtual Organization (VO); User credentials