Research On Access Control And Trust Model In Grid Environment

Grid is a set of application services which make geographically widely distributed computation resources, storage resources, network resources, software resources, information resources and so forth serve users like a supercomputer. Because of its magnificent future and great development potential, Grid technologies attract great concerns of academic field. However, there are many key unsolved issues in Grid technologies, and Grid security is one of them. Only after the Grid system may offer safe and reliable services will it be extensively built and used. GSI, the grid security infrastructure mainly oriented to security authentication and communications, pays insufficient attention to the access control. Grid system consists of various resources, and the resources have some features of dynamic change, geographical dispersion and heterogeneous systems, which will hinder the development of grid application to such extent and trigger security challenges of the grid computing. So some key issues of access control and trust management in grid environments are researched in this thesis and our work mainly include:The traditional security mechanisms are mainly concerned about the security of the provider of resources and miss the protection of the access requesters. Nevertheless, the requesters are concerned about not only the availability of the resources, but also the potential risks that they are running in grid environments. To solve this problem, we develop An Entity-Behavior Trust Model based on the Subjective Logic to adapt the grid environments. The EB-GTM discriminates the trust relationships among entities between the same autonomous domains and different domains. By handling these two kinds of trust relationships with the subjective logic theory, the EB-GTM supplies security protection to both the providers and the requesters of resources, avoid vicious attacks in the dynamic and uncertain grid environment, and support the access control of the unknown entities as well.We propose a Dynamic Role and Context-Based Access Control model (RCBAC) which extends the traditional RBAC with context constraints to solve the security issues in grid application. The RCBAC provide authorization with dynamic granularity and real-time permissions. The authorizations of the traditional access control models depend on a central database and identity of subjects. The RCBAC mechanisms dynamically grant and adapt permissions to users based on a set of contextual information collected from the application environments, besides retaining the advantages of RBAC model. Although context constraints potentially add a great deal of complexity to access control policies, they add much flexibility and can define the fine-grained access control policies as they are often needed in real-world applications.To attain the flexible access control, a common and extensible security policy language is required in grid computing environment which can be used to exchange the security information in different domains. We realize the security policy language with Security Assertion Markup Language and eXtensible Access Control Markup Language which are both based on XML. By inheriting the advantages of XML, this security policy language achieves the inherent qualities of dynamicity, scalability and extensibility of grid computing environments. The implementation of RABAC is just based on this security policy language. Compared with current research works, this security policy is more scalable and extensible and platform-independent.An authorization feedback mechanism is realized by combining the RCBAC model with the EB-GTM model. The traditional access control mechanisms are mainly concerned about the user's authorizations without considering the authorized users'behaviors, which carries out potential security vulnerability. For instance, a user may be authorized excessive authority, or the user authorized with appropriate authority has malicious behaviors. The problem is especially acute in grid environments. To solve this problem, we propose a dynamic authorization mechanism which integrates access control with the trust parameters. The authorization mechanisms monitor the behaviors of the authorized entities. The malicious behaviors will debase the entities'trust parameters, and the good behaviors will increase the entity's trust parameters. By introducing the trust parameter into RCBAC model as the feedback of the previous results of authorization decision, the history behaviors of Grid entities have effect on the new process of authorization. The results of computer simulation prove that the RCBAC model and the EB-GTM model can solve the problem of the authorization in the complicated grid environment effectively.