This seminar will describe approaches proposed for access and usage control in Grid systems. Nowadays Grid has become a leading service-oriented technology in distributed computing. Grid poses a seamless sharing of heterogeneous computational resources belonging to different domains and conducts efficient collaborations between Grid users.
First part of the seminar addresses the security challenges in Grid and describes the standard security infrastructure provided by the Globus Toolkit, the most used middleware to establish Grid. A short overview of well-known access control frameworks that have been integrated in Globus will be given: CAS, PERMIS, Akenti, Shibboleth, VOMS, Cardea and PRIMA.
Then, we will describe our approach on enhancing Grid security with the Usage Control (UCON) model proposed by R.Sandhu et al along with an implementation of UCON in GRID. We split an authorization process in two levels: a coarse-grained level that manages access to services; and a fine-grained level that monitors the behavior of applications executed by the Grid computational service. The framework defines trust negotiations on coarse-grained level to overcome scalability problem of the Grid. We propose an operational policy language (POLPA) to define security policy as well as introduce a XACML language enhanced with continuous usage control to write policies. Our authorization system was implemented to control access to and usage of the Globus Computational GRAM service. Further, we discuss the integration of usage control with risk assessment, analysis of usage control policies and applicability of usage control on the network level.