Research On Study And Implementation Of Grid Security Model Based On Temp Secure Domain And RBAC

Grid security is an important component of grid, which directly affects the grid development and the grid software applications. At present, the research about Grid security focuses on the safe authentication, access control, data integrity, secret comunnication, single login etc.The critical problem of the grid security is how resources could be shared safely. In grid, the users and the resources entities belong to the different virtual organization, the quantity is huge and dynamics and there are different authentication mechanisms between the different virtual organizations. Because of the above reasons it is difficult to share resources safely in grid. As core of grid security, identity authentication mechanism and access control mechanism play an important role. This article focuses on.these aspects.In this paper, the structure of grid, the safe problems and the safe requirements, the characteristics and limitations of existing grid security solution plan are introduced firstly, the authentication mechanism based on temp secure domain and the grid access control mechanism based on role access control strategy (RBAC) are proposed sequently, the unifid authentication and authorization grid security model (GRBAC- TSD) is presented finally.In this paper, the tasks are divided into general tasks and secure tasks. Different authentication methods are adopted according to the secure level of the task in the model. Based on virtual organization (VO) and trust domain, different authentication policies are adopted within VO and across VOs, and the concept of temp security domain (TSD) is introduced in GRBAC- TSD model. Simultaneously the concept of role is also introduced in the model which sperates user and authority and simplified the authorized management.The workflow of authentication and authorization, the divisioin of modules and the relationships of the modules are analysised in this article finally.The implementation of GRBAC-TSD model is partially finished. The model solves the problems of distributed management, provides authentication and authorization across virtual organizations (VO) in grid and satisfies the demands of dynamical resources and policies self-determination through separating anthentication module, access control module and policy resource management module. The analysis indicates that the model provides safe identity authentication for entities in Grid and simplifies authentication mechanism, which satisfies the security requirements of Grid.