| In this thesis we address the access control and resource allocation problems in computational federations, such as testbeds and cloud computing federations. The computational federations of today are growing in their number of participant organizations, where one challenge is to allow organizations participate autonomously by expressing how much of their resources should be used and by whom, through complex policies. In addition, such organizations should be able to exchange resources with any other organizations without necessarily knowing all of them beforehand.;We introduce our federation framework which allows to build federations in varying complexities easily, by synthesizing trust management, policy languages and resource discovery into a single system. Although these three have been studied separately in the past, we show that they are in fact related, and can be viewed as separate layers of a more general system. We argue that complex agreements that involve indirect trust relationships is one key way to enable resource exchange in a federation with numerous organizations, and this can be realized by our synthesis architecture that provides usability as well as expressiveness.;As part of our framework, federation policy language (FPL) is used to express both the security and allocation policies, by providing simple primitives such as contracts that hide the underlying complexity. FPL primitives allow system administrators to express policies such as indirect trust and resource restrictions within the same construct. Underneath, FPL uses our distributed trust management system (CERTDIST) to implement and impose policy primitives. CERTDIST uses digital certificates to allow or deny resource requests and a DHT for complex distributive proofs in an e!cient way. The Resource discovery part of our framework (CODAL) is layered on top of FPL, and uses contracts to discover peers, FPL security and allocation policies to authorize for resources that are located possibly in many di?erent organizations.;We evaluate the federation framework with a realistic emulation of a large scale federation using real PlanetLab traces, that shows that complex policies can be expressed with a minimal amount of code, and we can e!ciently perform the access control and resource discovery operations in a federation. |
