SecPAL and GridFTP
نویسندگان
چکیده
Grid access control policy languages today are generally one of two extremes: either extremely simplistic, or overly complex and challenging for even security experts to use. In this paper, we explicitly identify requirements for an access control policy language for Grid data and then consider six specific data access use-cases that have been problematic in today’s Grids: attribute-based access, rolebased access, “role-deny” access, impersonation-based access, delegation-based access, and capability-based access. We evaluate the Security Policy Assertion Language (SecPAL) against those requirements, specifically in the context of these six use-cases involving GridFTP.NET. We find that while some of these six use-cases are individually possible via existing Grid authorization systems, we believe that SecPAL uniquely offers a single approach that meets the requirements of a Grid access control policy language, thereby creating support for a wide range of expanded scenarios for Grid data
منابع مشابه
High Assurance Policy-Based Key Management at Low Cost
Past decade has witnessed the availability of Trusted Platform Modules (TPM) on commodity computers. While the most common use of TPM appears to be BitLocker on Windows OS, server class motherboards have not yet enjoyed a similar TPM deployment base. Recent research and products show that the TPM can provide a level of trust on locally executing software. Nonetheless, TPMs haven’t been utilized...
متن کاملPerformance Evaluation of Data Transfer Protocol GridFTP for Grid Computing
In Grid computing, a data transfer protocol called GridFTP has been widely used for efficiently transferring a large volume of data. Currently, two versions of GridFTP protocols, GridFTP version 1 (GridFTP v1) and GridFTP version 2 (GridFTP v2), have been proposed in the GGF. GridFTP v2 supports several advanced features such as data streaming, dynamic resource allocation, and checksum transfer...
متن کاملGridFTP-APT: Automatic Parallelism Tuning Mechanism for GridFTP in Long-Fat Networks
In this paper, we propose an extension to GridFTP that optimizes its performance by dynamically adjusting the number of parallel TCP connections. GridFTP has been used as a data transfer protocol to effectively transfer a large volume of data in Grid computing. GridFTP supports a feature called parallel data transfer that improves throughput by establishing multiple TCP connections in parallel....
متن کاملA Case Study in Decentralized, Dynamic, Policy-Based, Authorization and Trust Management - Automated Software Distribution for Airplanes
We apply SecPAL, a logic-based policy language for decentralized authorization and trust management, to our case study of automated software distribution for airplanes. In contrast to established policy frameworks for authorization like XACML, SecPAL offers constructs to express trust relationships and delegation explicitly and to form chains of trusts. We use these constructs in our case study...
متن کاملTowards an Authorization Framework for App Security Checking
Apps don’t come with any guarantees that they are not malicious. This paper introduces a PhD project designing the authorization framework used for App Guarden. App Guarden is a new project that uses a flexible assurance framework based on distribution of evidence, attestation and checking algorithms to make explicit why an app isn’t dangerous and to allow users to describe how they want apps o...
متن کامل