|Monday, March 2|
|11:00 am - 12:30 pm|
Usage Control for Next Generation Grids (2/2)
Alvaro Arenas (STFC RAL, UK); Lorenzo Blasi (HP, Italy); Giovanni Cortese (Interplay, Italy); Bruno Crispo (VUA, Netherlands, and Univ. Trento, Italy); Fabio Martinelli (CNR, Italy); Philippe Massonet
Usage control is an authorisation framework that extends traditional access control by controlling data access as well as usage. This tutorial presents how to model and implement usage control for Grids. The tutorial comprises five parts: an introduction to the usage control model; an OGSA-based architecture for usage control; usage control policies in XACML; an alternative policy language for usage control in Grids; and two case studies showing the application of usage control in Grid systems.
The â€œUsage Control for Next Generation Gridsâ€? tutorial consists of the following six talks:
Usage Control for Grids.
The usage control model (UCON) is a new access control paradigm proposed by Park and Sandhu that encompasses and extends different existing models. Its main novelty, in addition to the unification view, is based on continuity of usage monitoring and mutability of attributes. This talk introduces the usage control model and highlights the challenges in controlling resource usage in Grid systems.
An Architecture for Usage Control in Grids.
This talk describes an OGSA-based architecture for implementing usage control for Grids. The architecture has been developed in the EU GridTrust project, extending the current Grid Security Infrastructure (GSI) to deal with usage control.
Usage Control Policies in XACML.
XACML is the standard language for access control in distributed systems. This talk presents how XACML has been extended and used for the specific purpose of expressing and supporting usage control in Grid applications. Particular emphasis will be given to performance and scalability issues. Furthermore, the talk will address the issue of the interaction of scheduling with access control.
Usage Control in Action: Controlling Service Usage in a Grid-Based Content Management System.
This talk presents a case study of the application of usage control based on XACML. The case study is a grid-based content management system that supports a distributed organization in the execution of collaborative projects, aiming at the production of a complex â€˜digitalâ€™ product. The production process is structured along a workflow such as a software production process or a web / content publishing process.
PolPA: A Usage Control Policy Language for Grids.
Policies languages as XACML cannot express the full potentiality of usage control models such as UCON. This talk shows an alternative policy language, PolPA, that has been designed specifically for expressing usage control policies and has been tailored for dealing with Grids. Since it is based on Process Algebras, PolPA is very expressive and allows to encode all the core models that have been defined by Park and Sandhu. This talk also describes a reference architecture to enforce PolPA in Grid systems.
Usage Control in Action: Controlling Resource Usage in a Grid-Based Supply Chain.
This talk presents a case study of the application of usage control based on PolPA. The case study is a transportation supply chain which exploits Grid services for optimizing both the delivery and cost of each customer order. Each transporter uses a Grid-based computing service to re-optimize the routes of its vehiclesâ€™ fleet after the addition of each new transportation task. Transporters submit their routing jobs to a Grid portal supported by their association. Local usage control policies allow computational service providers to protect their resources and other transportersâ€™ data.
â€¢ â€œA Model for Usage Control in GRID Systemsâ€?, F. Martinelli and P. Mori. In Proceeding of Grid-STP 2007, International Workshop on Security, Trust and Privacy in Grid Systems at SecureComm 2007. IEEE Computer Society, (2007), IEEE Catalog Number: 07EX168, ISBN: 1-4244-0975-6.
â€¢ "XACML Policy Integration Algorithms.", P. Mazzoleni, B. Crispo, S. Sivasubramanian, E. Bertino: , ACM Transactions on Information and System Security (TISSEC), vol.11 n.1, February, 2008.
â€¢ â€œEfficient Integration of Fine-Grained Access Control and Resource Brokering in Gridâ€?. P. Mazzoleni, B. Crispo, S. Sivasubramanian, E. Bertino, The Journal of Supercomputing, Springer Netherlands, October 2008.
â€¢ â€œA Secure Environment for Grid-Based Supply Chainsâ€?, L.Blasi, A.Arenas, B.Aziz, P.Mori, U.Rovati, B.Crispo, F.Martinelli, P.Massonet. Published in: Collaboration and the Knowledge Economy: Issues, Applications, Case Studies, P. and M. Cunningham (Eds), IOS Press, 2008 Amsterdam, ISBN 978-1-58603-924-0.
1. Usage Control for Grids (25 minutes).
2. An Architecture for Usage Control in Grids (20 minutes).
3. Usage Control Policies in XACML (45 minutes).
4. Usage Control in Action: Controlling Service Usage in a Grid-Based Content Management System (20 minutes).
5. PolPA: A Usage Control Policy Language for Grids (45 minutes).
6. Usage Control in Action: Controlling Resource Usage in a Grid-Based Supply Chain (25 minutes).
| Slides: 1. Introduction|
| Slides: 2. GridTrust Architecture|
| Slides: 3. Distributed knowledge management case study|
| Slides: 4. Computational usage control|
| Slides: 5. Supply chain case study|