Grid infrastructures provide an environment for high performance computing by combining heterogeneous, widely distributed computational resources into a single cohesive computing infrastructure. One of the key goals of grid computing infrastructure is to provide an environment where users can share resources across heterogeneous domains. In such an infrastructure security is the major concern. ...

In most systems, authorization is speciied using some low-level system-speciic mechanisms, e.g. protection bits, capabilities and access control lists. We argue that authorization is an independent semantic concept that must be separated from implementation mechanisms and given a precise semantics. We propose a logical approach to representing and evaluating authorization. Speciically, we intro...

We introduce a framework for the automated synthesis of security-sensitive distributed applications. The central idea is to provide the programmer with a high-level declarative language for specifying the system and the intended security properties, abstracting away from any cryptographic details. A compiler takes as input such high-level specifications and automatically produces the correspond...

While there are several efforts underway to provide security for the Service Oriented Architecture (SOA), there is no specification or standard defined to provide authorization services for the SOA. The SOA comprises of Web services and business process workflows built using Web services. Based on our analysis of existing authorization frameworks and policy specification models for the SOA, we ...

With fast development of network computing and storage technologies, it became more and more convenient to share and spread digital resources through kinds of network services, however without protection and constraint of copyright, digital content can be illegally copied, altered and distributed, which could cause revenue loss to commercial digital resource providers, to solve this problem, di...

Many security-sensitive programs manage resources on behalf of mutually distrusting clients. To control access to resources, authorization hooks are placed before operations on those resources. Moreover, manual hook placements by programmers are often incomplete or incorrect, leading to insecure programs. We advocate an approach that automatically identifies the set of program locations to plac...

Authorization is a crucial process in current information systems. Nowadays, many of the current authorization systems do not provide methods to describe the semantics of the underlying information model which they are protecting. This fact can lead to mismatch problems between the semantics of the authorization model and the semantics of the underlying data and resources being protected. In or...

Many workflow management systems have been developed to enhance the performance of workflow executions. The authorization policies deployed in the system may restrict the task executions. The common authorization constraints include role constraints, Separation of Duty (SoD), Binding of Duty (BoD) and temporal constraints. This paper presents the methods to check the feasibility of these constr...

The Authorization Interoperability activity was initiated in 2006 to foster interoperability between middleware and authorization infrastructures deployed in the Open Science Grid (OSG) and the Enabling Grids for E-sciencE (EGEE) projects. This activity delivered a common authorization protocol and a set of libraries that implement that protocol. In addition, a set of the most common Grid gatew...

Grid computing is a system that coordinates distributed resources using standards, open, general purpose protocols and interfaces to provide nontrivial quality of services. Usage Control model (UCON) is a new emerging authorization framework that combined features of traditional access control, trust management and digital right management in one abstraction. Adoption of UCON improved the fine-...