| Grid computing provides a computational infrastructure supporting flexible, secure, coordinated resource sharing among dynamic collections of individuals and orgnizations. With the growing of the Grid technology and the unification of the Grid standards, the advantages of Grid in integrating distributed resources are obvious, more and more applications and orgnizations will join Grid platforms. In order to protect the sensitive data and services in the Grid systems, access control comes to be very important. Current Grid access control methods lack systemic partition of the entities involved in the access request scenario and omit the interactions between these entities, and they can't properly meet the expansibility, heterogeneity and dynamic of the Grid systems. The authorization they provid is too coarse and with low efficiency.To address this thesis, this paper focuses on the dynamic and heterogeneous characteristic of Grid, and presents a new access control method based on semantic technology. Depending on machine reasoning on the semantic level, the semantic access control can detect and resolve conflicts between policies automatically and authorize the request or offer useful feedback to the requester if he is denied. A semantic access model designed for Grid services is introduced too. Based on this model and GT4, we implemented the Grid semantic access control facility and integrated it into SEUGrid platform.Our implementation and analysis show that our approaches are effective and extensible, and can commendably overcome the limitations in existing Grid system access control schemes. It offers a cheap way for organizations to apply their Grid systems for cooperative work without entirely modifying or weakling their underline network security systems, which is considered as a significative step forward to the large scale spreading of Grid systems. |
PDF Full Text Request