Research On Grid Accounting Based On Extended Role-Based Authorization Model

With the rapid development of distributed technologies, different kinds of resources need to be shared in both scientific research and industrial production, so Grid technology comes into being. In the process of Grid development, the distributed resources including software and hardware exist in the form of services. Most of present Grid services are free. However, since more and more attention has been paid to the QoS of Grid service and higher value services are required by users, the situation of free Grid services will change. Therefore, it becomes an emergent task to construct a fair and reasonable Grid accounting system.Because of the problems such as the varieties of Grid services, the dynamical changing environment, the different service quality and the user's unpredictable credit, the traditional accounting models such as charging according to flow or time can not meet the need of Grid environment. So, some new accounting models, e.g. the GridBank presented by the University of Melbourne, IBM's measurement and statistical models and so on, come out. Although these Grid accounting models have solved the problems such as how to make price and how to pay, they can not monitor the task dynamically through time measurement. And they also seldom refer to the Grid authorization which is the basis of the Grid accounting.Considering the particularity of the Grid services and using present Grid accounting system, this thesis proposes a Grid accounting system based on the extended role-based authorization model. This system consists of two parts: Grid authorization and Grid accounting.In view of the requirement, the resources access control should be fine-grained and unified in Grid. This thesis also presents the extended role-based access control (ERBAC) and constructs a Grid authorization model based on ERBAC, which considers properties involving user credit, account balance, ability list and others. It avoids the phenomenon that users still get the operation permission while the credit is too low, the account balance is not enough or the security demand is not satisfied and so on. The Grid authorization model also considers the specific task and the condition, so that the permission only meets the need of this task, which accords with the minimal permission principle. Moreover, because of the addition of the monitor, the model can implement dynamical authorization according to the state of the executing task, and the change of the subjects' and objects' properties.On the basis of the security, this thesis advances the Grid accounting system based on the extended authorization model. This system can determine the calculating standards according to the service types, and also deal with the free services and paying services differently. Through making the cooperative steps of the participator, the model ensures that the accounting system and services providers focus on their work, reduces the additional spending and improves efficiency. What's more, this thesis also does some research on the standards of estimating services, the methods of payment and other strategies.Finally, the test of the accounting model in GT4 indicates that this Grid accounting model proposed by this thesis can achieve the following objects:①it can account the consumption accurately and reasonably according to the properties and types of the service;②it ensures users to have the minimal permission set and authorize users according to the particular executing condition;③it is able to monitor the task real-timely, and terminate the task when the role or account changes.