Enhancing grid security by fine-grained behavioral control and negotiation-based authorization

Nowadays, Grid has become a leading technology in distributed computing. Grid poses a seamless sharing of heterogeneous computational resources belonging to different domains and conducts efficient collaborations between Grid users. The core Grid functionality defines computational services which allocate computational resources and execute applications submitted by Grid users. The vast models of collaborations and openness of Grid system require a secure, scalable, flexible and expressive authorization model to protect these computational services and Grid resources. Most of the existing authorization models for Grid have granularity to manage access to service invocations while behavioral monitoring of applications executed by these services remains a responsibility of a resource provider. The resource provider executes an application under a local account, and acknowledges all permissions granted to this account to the application. Such approach poses serious security threats to breach system functionality since applications submitted by users could be malicious. We propose a flexible and expressive policy-driven credential-based authorization system to protect Grid computational services against a malicious behavior of applications submitted for the execution. We split an authorization process into two levels: a coarse-grained level that manages access to a computational service; and a fine-grained level that monitors the behavior of applications executed by the computational service. Our framework guarantees that users authorized on a coarse-grained level behave as expected on the fine-grained level. Credentials obtained on the coarse-grained level reflect on fine-grained access decisions. The framework defines trust negotiations on coarse-grained level to overcome scalability problem, and preserves privacy of credentials and security policies of, both, Grid users and providers. Our authorization system was implemented to control access to the Globus Computational GRAM service. A comprehensive performance evaluation shows the practical scope of the proposed system.

TIRIAC: A trust-driven risk-aware access control framework for Grid environments

The infrastructure provided by a Grid enables researchers to collaboratively solve various research problems through sharing their resources and establishing virtual organizations (VOs). However, the distributed and dynamic nature of a Grid VO is a challenge for access control systems. All users in a VO have responsibilities which correspond to their rights. While they should be able to make use of all VO resources, irresponsibility and permission misuse (insider attack) impose costs and losses on the affected resources. Hence, the history of users’ behavior and the possibility of misuse need to be considered in the resource providers’ risk management process. In this paper, we propose the TIRIAC framework for Grid access control. TIRIAC is the first trust-driven risk-aware access control framework which uses obligations to seamlessly monitor users and mitigate risks. In the TIRIAC framework, trust evaluation and risk management are added to the base Grid access control services. Thereafter, site administrators can explicitly specify users’ responsibilities in form of obligations alongside access control rules. In addition, obligation-specific policies can be specified to mitigate risks according to their severity. We study the adoption of our framework by the European Grid Infrastructure (EGI), and demonstrate its superiority in comparison with the related work using multiple criteria. Moreover, we evaluate the performance of the framework and demonstrate its scalability in simulation experiments.     

Secure resource sharing on cross-organization collaboration using a novel trust method

A virtual enterprise (VE) consists of a network of independent, geographically dispersed administrative business domains that collaborate with each other by sharing business processes and resources across enterprises to provide a value-added service to customers. Therefore, the success of a VE relies on full information transparency and appropriate resource sharing, making security and trust among subjects significant issues. Trust evaluation to ensure information security is most complicated in a VE involving cross-organization collaboration. This study presents a virtual enterprise access control (VEAC) model to enable resource sharing for collaborative operations in the VE. A scenario for authentication and authorization in the life cycle of a VE is then described to identify the main activities for controlling access. Also developed herein is a trust evaluation method based on the VEAC model to improve its security while safeguarding sensitive resources to support collaborative activities. The trust evaluation method involves two trust evaluation sub-models, one to evaluate the level of trust between two virtual enterprise roles, and another to measure the level of trust between two projects. The two sub-models support each other to make resource-sharing decisions, and are developed based on the concepts of direct, indirect, and negative trust factors. Finally, an example of measuring the trust between two subjects is demonstrated after introducing the two sub-models. The VEAC-based trust evaluation method enables the following: (1) secure resource sharing across projects and enterprises, (2) collaborative operation among participating workers, (3) increased information transparency and (4) lowered information delay in VEs.     

网格环境下基于信任度的资源访问控制研究

首先给出了网格计算中访问控制的特点和需求。现有的访问控制技术以及分布式授权模型,均不能满足网格计算中对访问控制的需求。通过建立实体间的信任关系,在CAS基础上,提出了基于信任度的访问控制机制。为了提高资源的利用率,提出了Ticket机制。最后给出模拟实验结果,验证有效性。     

网格信任评价审计及控制

客观地评价资源是信任模型有效的基础,而评价的主观性则使其难以实现,审计成为维护评价客观性的重要方法。针对信任评价,提出了一个带有审计功能的评价模型,通过采集调度数据、标准化、距离计算、异常评价发现和评价修正等步骤,实现评价的审计和对评价的控制。讨论了审计周期,给出了审计算法。实验表明,所提出的方法对用户信任评价的审计是有效的,发现了评价中存在的问题并在后来的评价中加以修正,同时促进了系统的稳定性和吞吐量。     

An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system

Many efforts in the area of computer security have been drawn to attribute-based access control (ABAC). Compared to other adopted models, ABAC provides more granularity, scalability, and flexibility. This makes it a valuable access control system candidate for securing platforms and environments used for coordination and cooperation among organizations and communities, especially over open networks such as the Internet. On the other hand, the basic ABAC model lacks provisions for context, trust and privacy issues, all of which are becoming increasingly critical, particularly in high performance distributed collaboration environments. This paper presents an extended access control model based on attributes associated with objects and subjects. It incorporates trust and privacy issues in order to make access control decisions sensitive to the cross-organizational collaboration context. Several aspects of the proposed model are implemented and illustrated by a case study that shows realistic ABAC policies in the domain of distributed multiple organizations crisis management systems. Furthermore, the paper shows a collaborative graphical tool that enables the actors in the emergency management system to make better decisions. The prototype shows how it guarantees the privacy of object’s attributes, taking into account the trust of the subjects. This tool incorporates a decision engine that relies on attribute based policies and dynamic trust and privacy evaluation. The resulting platform demonstrates the integration of the ABAC model, the evolving context, and the attributes of actors and resources.     

基于SIM900A模块的远程门禁控制系统的设计与实现

本文主要是基于SIMCOM公司的SIM900A模块设计的远程门禁控制系统。通过对系统的设置,使用户可以不受地理位置的限制,在任何有手机信号的地方都能实现对门的开锁上锁。同时,系统利用AT指令完成自动收发短信功能,实现了对意外开关门情况的自动报警功能和设备余额不足的提醒功能。远程门禁控制系统作为GSM在机要安防方面的一个创新设计,在实际应用中得到了比较满意的效果。     

一种基于信任度的网格计算资源分配模型

针对网格计算资源管理中的资源分配问题,提出了在资源分配过程中加入安全控制和负载均衡的设计思想,使整个网格计算系统具有比较高的运行效率和安全性。     

A practical mandatory access control model for XML databases

A practical mandatory access control (MAC) model for XML databases is presented in this paper. The label type and label access policy can be defined according to the requirements of different applications. In order to preserve the integrity of data in XML databases, a constraint between a read-access rule and a write-access rule in label access policy is introduced. Rules for label assignment and propagation are presented to alleviate the workload of label assignments. Furthermore, a solution for resolving conflicts in label assignments is proposed. Rules for update-related operations, rules for exceptional privileges of ordinary users and the administrator are also proposed to preserve the security of operations in XML databases. The MAC model, we proposed in this study, has been implemented in an XML database. Test results demonstrated that our approach provides rational and scalable performance.     

网格系统的服务质量保障与控制综述

针对类型多样的异构资源、动态协作的复杂网格环境,需要有效的服务质量（QoS）控制机制保障网格应用的需求,网格QoS需引入新的概念和机制,实现QoS需求的描述与映射、动态资源聚合与共享及任务间协作,灵活有效地进行网格应用流的聚合、区分和控制.在此基础上,介绍了网格QoS目前的研究情况,分析了网格QoS控制的特点、难点及其基本需求.结合实际研究,对网格QoS控制的关键技术——网格QoS管理、控制策略、资源预留、自适应控制、QoS协商进行了较深入的剖析,同时讨论了QoS评价的问题.最后总结了网格QoS的基本研究目标和未来的研究方向.     

P2P网络中一种可信访问控制模型

信任模型强调成员以及数据的可信性,通过对网络中的不端行为进行通告和限制,为用户能够更加合理地使用网络提供保证。提出了一个基于相似度加权推荐的全局信任模型（GSTrust）。在模型中,信任值的请求者使用推荐者和自己之间的节点评分行为相似度加权推荐意见,以节点评价行为的相似度加权其推荐度计算全局信任值,并提出了基于群组的激励机制作为信任模型的有效补充,仿真实验证明了模型的有效性。     

网格环境下的G-R-TRBAC访问控制模型

针对网格复杂的访问控制需求,对现有的任务-角色访问控制模型进行改进,建立了角色-任务&角色的网格访问控制（G-R_TRBAC）模型。该模型在网格环境虚拟组织域间使用基于角色的访问控制策略(RBAC)结合证书管理系统,网格环境虚拟组织域内则是经过改进的任务-角色访问控制模型,满足了网格访问控制的多域性和动态性。     

TruSMS: A trustworthy SMS spam control system based on trust management

The fast growth of mobile networks has greatly enriched our life by disseminating information and providing communications at any time and anywhere. However, at the same time, when people gather and exchange useful information, they also receive unwanted data and contents, such as spam and unsolicited commercial advertisements. SMS (Short Message Service) spam is one typical example of unwanted contents, which has caused a serious problem to mobile users by intruding their devices, occupying device memories and irritating the users. More critically, some of these fraudulent messages deceive users and cause them incalculable loss. SMS spam control has become a crucial issue that impacts the further success of mobile networks. A number of researches have been conducted to control unwanted contents or traffic, some are based on trust and reputation mechanisms. But the literature still lacks an effective solution for SMS spam control. In this paper, we present the design and implementation of an SMS spam control system named TruSMS based on trust management. It can control SMS spam from its source to destinations according to trust evaluation by analyzing spam detection behaviors and SMS traffic data. We evaluate TruSMS performance under a variety of intrusions and attacks with a prototype system implementation. The result shows that TruSMS is effective with regard to accuracy, efficiency and robustness, which imply its trustworthiness.     

A Bee Colony based optimization approach for simultaneous job scheduling and data replication in grid environments

This paper presents a novel Bee Colony based optimization algorithm, named Job Data Scheduling using Bee Colony (JDS-BC). JDS-BC consists of two collaborating mechanisms to efficiently schedule jobs onto computational nodes and replicate datafiles on storage nodes in a system so that the two independent, and in many cases conflicting, objectives (i.e., makespan and total datafile transfer time) of such heterogeneous systems are concurrently minimized. Three benchmarks – varying from small- to large-sized instances – are used to test the performance of JDS-BC. Results are compared against other algorithms to show JDS-BC's superiority under different operating scenarios. These results also provide invaluable insights into data-centric job scheduling for grid environments.     

一种基于多域安全信任的访问控制模型

访问控制是一种可同时服务于用户与资源的安全机制。安全域通过使用访问控制机制为用户访问资源提供方便,同时亦对用户行为进行监视与控制。然而,由于P2P网络缺乏集中控制,现有的访问控制技术无法对P2P网络的网络节点进行控制,特别是网络中节点行为缺乏指导和约束。基于当前P2P网络访问控制中存在的不足,提出一种基于多域安全信任的访问控制模型：MDTBAC。MDTBAC模型通过扩展多级安全机制来实现访问控制,将信任算法计算所得的节点信任度作为访问级别划分标准,根据各个节点的信任度来分配相应的访问控制级别,不同的访问控制级别拥有不同的权限。     

Knowledge sharing in virtual enterprises via an ontology-based access control approach

Collaborating throughout a product life cycle via virtual enterprise (VE) is one of the most promising strategies for enhancing global competitiveness. Efficient and secure knowledge sharing is critical to the success of a VE. This study presents a novel approach, model and technology for knowledge access control and sharing across enterprises. First, this study proposes an ontology-based knowledge sharing model and a multiple-layer knowledge representation framework on which a knowledge access control model for knowledge sharing in a VE is proposed. In the proposed model, user authorizations permitting access to knowledge in a VE are classified into two levels: (1) basic privileges and (2) extended privileges. The former is evaluated from four dimensions, i.e. who, what, when and where, while the latter is determined by considering how three domain ontologies, i.e., product, organization and activity, are related. This study then develops a knowledge access control policy (KACP) language model which is used to identify the knowledge access control and sharing rules of a VE and all its enterprise members. The knowledge access control model proposed in this study can facilitate VE Knowledge management and sharing across enterprises, enhance knowledge sharing security and flexibility and regulate knowledge sharing to expeditiously reflect changes in the business environment.     

Efficient migration access control for mobile agents

The speed and convenience of the Internet has facilitated dynamic development in electronic commerce in recent years. E-commerce technologies and applications are widely studied by expert researchers. Mobile agent is considered to have high potential in e-commerce; it has been attracting wide attention in recent years. Mobile agent has high autonomy and mobility; it can move unbridled in different runtime environments carrying out assigned tasks while automatically detecting its current environment and responding accordingly. The above qualities make mobile agent very suitable for use in e-commerce. The Internet is an open environment, but transfer of confidential data should be conducted only over a secure environment. So, to transfer information over the Internet, a secure Internet environment is absolutely essential. Therefore, the security of present Internet environment must be improved. During its execution, a mobile agent needs to roam around on the Internet between different servers, and it may come in contact with other mobile agents or hosts; it may also need to interact with them. So, a mobile agent might come to harm when it meets a malicious host, and the confidentiality of data could also be compromised. To tackle the above problems, this paper proposes a security scheme for mobile agents. It is designed to ensure the safety of mobile agents on the Internet, and it also has access control and key management to ensure security and data confidentiality. Volker and Mehrdad [R. Volker, J.S. Mehrdad, Access Control and Key Management for Mobile Agents, “Computer Graphics”, Vol. 22, No. 4, August 1998, pp. 457–461] have already proposed an access control and key management scheme for mobile agents, but it needs large amount of space. So, this paper proposes a new scheme that uses the concepts of Chinese Remainder Theorem [F.H. Kuo, V.R.L. Shen, T.S. Chen, F. Lai, A Cryptographic Key Assignment Scheme for Dynamic Access Control in a User Hierarchy, “IEE Proceeding on Computers & Digital Techniques”, Vol. 146, No. 5, Sept. 1999, pp. 235–240., T.S. Chen, Y.F. Chung, Hierarchical Access Control Based on Chinese Remainder Theorem and Symmetric Algorithm, ”Computers & Security”, Vol. 21, No. 6, 2002, pp. 565–570., U.P. Lei, S.C. Wang, A Study of the Security of Mambo et al.'s Proxy Signature Scheme Based on the Discrete Logarithm Problem, June 2004], hierarchical structure and Superkey [S.G. Akl, P.D. Taylor, Cryptographic Solution to a Problem of Access Control in a Hierarchy, “ACM Transactions on Computer Systems”, Vol. 1, No. 3, August 1983, pp. 239–248]. A security and performance analysis of the proposed scheme shows that the scheme effectively protects mobile agents.     

Denial of service attacks and defenses in decentralized trust management

Trust management is an approach to scalable and flexible access control in decentralized systems. In trust management, a server often needs to evaluate a chain of credentials submitted by a client; this requires the server to perform multiple expensive digital signature verifications. In this paper, we study low-bandwidth Denial-of-Service (DoS) attacks that exploit the existence of trust management systems to deplete server resources. Although the threat of DoS attacks has been studied for some application-level protocols such as authentication protocols, we show that it is especially destructive for trust management systems. Exploiting the delegation feature in trust management languages, an attacker can forge a long credential chain to force a server to consume a large amount of computing resource. Using game theory as an analytic tool, we demonstrate that unprotected trust management servers will easily fall prey to a witty attacker who moves smartly. We report our empirical study of existing trust management systems, which manifests the gravity of this threat. We also propose a defense technique using credential caching, and show that it is effective in the presence of intelligent attackers. A preliminary version of this paper was presented at the Second IEEE International Conference on Security and Privacy in Communication Networks, Baltimore, MD, USA, August 2006.