M. Humphrey, Sang-Min Park, Jun Feng, N. Beekwilder, G. Wasson, J. Hogg, Brian A. LaMacchia, B. Dillaway
{"title":"使用SecPAL对GridFTP进行细粒度访问控制","authors":"M. Humphrey, Sang-Min Park, Jun Feng, N. Beekwilder, G. Wasson, J. Hogg, Brian A. LaMacchia, B. Dillaway","doi":"10.1109/GRID.2007.4354136","DOIUrl":null,"url":null,"abstract":"Grid access control policy languages today are generally one of two extremes: either extremely simplistic, or overly complex and challenging for even security experts to use. In this paper, we explicitly identify requirements for an access control policy language for grid data and then consider six specific data access use-cases that have been problematic in today's grids: attribute-based access, role-based access, \"role-deny\" access, impersonation-based access, delegation-based access, and capability-based access. We evaluate the security policy assertion language (SecPAL) against those requirements, specifically in the context of these six use-cases involving GridFTP.NET. We find that while some of these six use-cases are individually possible via existing Grid authorization systems, we believe that SecPAL uniquely offers a single approach that meets the requirements of a grid access control policy language, thereby creating support for a wide range of expanded scenarios for grid data access.","PeriodicalId":304508,"journal":{"name":"2007 8th IEEE/ACM International Conference on Grid Computing","volume":"148 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Fine-grained access control for GridFTP using SecPAL\",\"authors\":\"M. Humphrey, Sang-Min Park, Jun Feng, N. Beekwilder, G. Wasson, J. Hogg, Brian A. LaMacchia, B. Dillaway\",\"doi\":\"10.1109/GRID.2007.4354136\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Grid access control policy languages today are generally one of two extremes: either extremely simplistic, or overly complex and challenging for even security experts to use. In this paper, we explicitly identify requirements for an access control policy language for grid data and then consider six specific data access use-cases that have been problematic in today's grids: attribute-based access, role-based access, \\\"role-deny\\\" access, impersonation-based access, delegation-based access, and capability-based access. We evaluate the security policy assertion language (SecPAL) against those requirements, specifically in the context of these six use-cases involving GridFTP.NET. We find that while some of these six use-cases are individually possible via existing Grid authorization systems, we believe that SecPAL uniquely offers a single approach that meets the requirements of a grid access control policy language, thereby creating support for a wide range of expanded scenarios for grid data access.\",\"PeriodicalId\":304508,\"journal\":{\"name\":\"2007 8th IEEE/ACM International Conference on Grid Computing\",\"volume\":\"148 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-09-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 8th IEEE/ACM International Conference on Grid Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/GRID.2007.4354136\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 8th IEEE/ACM International Conference on Grid Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/GRID.2007.4354136","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Fine-grained access control for GridFTP using SecPAL
Grid access control policy languages today are generally one of two extremes: either extremely simplistic, or overly complex and challenging for even security experts to use. In this paper, we explicitly identify requirements for an access control policy language for grid data and then consider six specific data access use-cases that have been problematic in today's grids: attribute-based access, role-based access, "role-deny" access, impersonation-based access, delegation-based access, and capability-based access. We evaluate the security policy assertion language (SecPAL) against those requirements, specifically in the context of these six use-cases involving GridFTP.NET. We find that while some of these six use-cases are individually possible via existing Grid authorization systems, we believe that SecPAL uniquely offers a single approach that meets the requirements of a grid access control policy language, thereby creating support for a wide range of expanded scenarios for grid data access.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
