Semantic and role-based access control for data grid systems .

机译：数据网格系统的语义和基于角色的访问控制。

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

This dissertation focuses on solving these problems and provides access control systems that are based on existing standards. We developed a role-based access control (RBAC) system with Shibboleth, which is an attribute authorization service currently being used in many Grid applications. We used the Core and Hierarchical RBAC profile of the eXtensible Access Control Markup Language (XACML) standard for specifying access control policies uniformly across different organizations. For distributed administration of those policies, we used the Object, Metadata and Artifacts Registry (OMAR). OMAR is based on the e-business eXtensible Markup Language (ebXML) registry specifications developed to achieve interoperable registries and repositories.;We developed a semantic-based access control method using the ontology to resolve the semantic differences in terminologies. Understanding the semantics of the data being protected is often helpful in determining which users can access the data and what access level the users can have. Web Ontology Language (OWL) is used to represent the ontology of the data resources and users. By using ontology, VOs can resolve the differences in their terminologies and specify access control policies based on concepts and user roles, instead of individual data resources and user identities.;Administration of XACML policies is a difficult task because each XACML policy has several components, and the number of XACML policies may be very large in a Data Grid environment. However, no efficient tool is available for the creation and update of XACML policies. So, we developed an XACML administration tool and a GUI in Java. The tool allows the creation of XACML policies from existing RBAC policies. The tool also provides capabilities to update or create new RBAC policies. Using this tool, the policy administrator can create new users, roles, data resources, and actions. It allows the administrator to change the user-role assignment and the permissions on a role.;Our proposed access control systems allow quick and easy deployments, and privacy protection. The systems are scalable, and support interoperability and fine-grain access control. Administration overheads for the resource providers are reduced because they do not need to maintain the individual user information. Moreover, our system allows unauthorized requests to be denied before establishing a connection to the resource, thereby reducing the connection overheads and making the data resources to be available to authorized users. Performance analysis shows that our systems add very little overhead to the existing security infrastructures of SRB and OGSA-DAI.

机译：本文致力于解决这些问题，并提供了基于现有标准的访问控制系统。我们使用Shibboleth开发了基于角色的访问控制（RBAC）系统，该系统是当前在许多Grid应用程序中使用的属性授权服务。我们使用可扩展访问控制标记语言（XACML）标准的核心和分层RBAC配置文件来跨不同组织统一指定访问控制策略。为了对这些策略进行分布式管理，我们使用了对象，元数据和工件注册表（OMAR）。 OMAR是基于电子商务可扩展标记语言（ebXML）注册规范而开发的，以实现可互操作的注册库和存储库。我们开发了一种基于本体的基于语义的访问控制方法，以解决术语中的语义差异。了解受保护数据的语义通常有助于确定哪些用户可以访问数据以及用户可以具有的访问级别。 Web本体语言（OWL）用于表示数据资源和用户的本体。通过使用本体，VO可以解决其术语上的差异，并根据概念和用户角色而不是单个数据资源和用户身份来指定访问控制策略。XACML策略的管理是一项艰巨的任务，因为每个XACML策略都有多个组成部分，并且在数据网格环境中XACML策略的数量可能非常大。但是，没有有效的工具可用于创建和更新XACML策略。因此，我们用Java开发了XACML管理工具和GUI。该工具允许根据现有RBAC策略创建XACML策略。该工具还提供了更新或创建新的RBAC策略的功能。使用此工具，策略管理员可以创建新用户，角色，数据资源和操作。它允许管理员更改用户角色分配和角色权限。;我们提出的访问控制系统允许快速，轻松地进行部署以及隐私保护。这些系统是可扩展的，并支持互操作性和细粒度的访问控制。资源提供者的管理开销减少了，因为它们不需要维护单个用户信息。此外，我们的系统允许在建立与资源的连接之前拒绝未经授权的请求，从而减少了连接开销，并使数据资源可供授权用户使用。性能分析表明，我们的系统为SRB和OGSA-DAI的现有安全基础架构增加了很少的开销。

著录项

作者
Muppavarapu, Vineela.;
展开▼
作者单位

Wright State University.;

展开▼
授予单位 Wright State University.;
学科 Computer Science.
学位 Ph.D.
年度 2009
页码 124 p.
总页数 124
原文格式 PDF
正文语种 eng
中图分类
关键词
入库时间 2022-08-17 11:38:18

相似文献

外文文献
中文文献
专利

1. Role-Based Access Control in a Data Grid Using the Storage Resource Broker and Shibboleth [J] . Vineela Muppavarapu, Soon M. Chung Journal of grid computing . 2009,第2期

机译：使用存储资源代理和Shibboleth的数据网格中基于角色的访问控制
2. Role-Based Access Control in a Data Grid Using the Storage Resource Broker and Shibboleth [J] . Vineela Muppavarapu, Soon M. Chung Journal of grid computing . 2009,第2期

机译：使用存储资源代理和Shibboleth的数据网格中基于角色的访问控制
3. Role-Based Access Control in a Data Grid Using the Storage Resource Broker and Shibboleth [J] . Vineela Muppavarapu, Soon M. Chung Journal of Grid Computing . 2009,第2期

机译：使用存储资源代理和Shibboleth的数据网格中基于角色的访问控制
4. Semantic-Based Access Control for Grid Data Resources in Open Grid Services Architecture - Data Access and Integration (OGSA-DAI) [C] . International Conference on Tools with Artificial Intelligence . 2008

机译：开放网格服务架构中的网格数据资源基于语义的访问控制 - 数据访问与集成（OGSA-DAI）
5. Role-based access control for the Open Grid Services Architecture-Data Access and Integration (OGSA-DAI). [D] . Pereira, Anil L. 2007

机译：开放式网格服务体系结构的基于角色的访问控制-数据访问和集成（OGSA-DAI）。
6. A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach [O] . Santiago Figueroa-Lorenzo, Javier Añorga, Saioa Arrizabalaga 2019

机译：Modbus SCADA系统中的基于角色的访问控制模型。集中模型方法
7. Role-Based Access Control for Grid Database Services Using the Community Authorization Service [O] . Anil L. Pereira, Soon M. Chung 2006

机译：使用社区授权服务的网格数据库服务的基于角色的访问控制

Semantic and role-based access control for data grid systems .

摘要

著录项

相似文献

相关主题

期刊订阅