| Grid is used to describe a distributed computing architecture which is adapted for advanced science and engineering. It tries to share all of the resources on the Internet, which included computation resources, storage resources, communication resources, software resources, information resources and knowledge resources etc. The grid system is equivalent to a virtual super computer and has strong abilities. It will have a great effect on the humanity and society.Due to the open and dynamic isomerism condition of grid, the security of a grid system is more important. Grid security is a core issue of grid computation. Control access is the core technology of grid security, and it plays an important role in the process of secure communication under grid systems.Firstly, the technology of control access is researched. This paper introduces three kinds of control access models: Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC). It also analyzes the applicability of RBAC using in the grid environment. Based on the model of RBAC96, this paper divides the conception of role into user role and resource role, brings forward Dual-RBAC in order to fit grid environment better.Secondly, Grid Security Infrastructure (GSI) in the Globus project is intensively researched and access control models in GSI are analyzed in this paper. Because there are some deficiencies in the existing access control models of GSI, this paper brings forward an improved model—GSI access control model base on AS&RMS. The improved model divides a grid virtual organization into many organization units and puts an authorization server (AS) and a role management server (RMS) into each organization unit. The two servers manage the authentication and authorization jointly when a user accesses a particular resource. It can improve the efficiency of access control.Finally, a simple grid service based on the security mechanism of GSI is designed and implemented. The paper also designs a client testing program in order to validate the secure access control mechanism of GSI. |
PDF Full Text Request