UCGS: A Usage Control Approach for Grid Services

The dynamic and multi-institutional nature of the grid environments introduces challenging security issues that demand new technical approaches. But traditional access control models consider static authorization decisions based on subjects'pre-assigned permissions on target objects and focus on a closed system, therefore, they are not suitable for the dynamic grid environments. To address the above problems, we propose UCGS, a novel usage control approach for grid services. Our approach is inspired by the usage control model (UCON). UCGS improves the security of the grid services by employing a continuous usage control of the grid services, monitoring the behavior of the subjects. It enables richer and finer-grained control over authorization and usage of grid services and resources than that of traditional access control models. "Blacklist", "unilateral contract" and "arbitrator" are introduced in UCGS to guarantee that a subject can not deny its obligations after service is complete, which contributes to maintain the normal order of the grid environments and the security and interests of the service providers.