Abstract
This paper presents an abstract specification of an enforcement mechanism of usage control for Grids, and verifies formally that such mechanism enforces UCON policies. Our technique is based on KAOS, a goal-oriented requirements engineering methodology with a formal LTL-based language and semantics. KAOS is used in a bottom-up form. We abstract the specification of the enforcement mechanism from current implementations of usage control for Grids. The result of this process is agent and operation models that describe the main components and operations of the enforcement mechanism. KAOS is used in top-down form by applying goal-refinement in order to refine UCON policies. The result of this process is a goal-refinement tree, which shows how a goal (policy) can be decomposed into sub-goals. Verification that a policy can be enforced is then equivalent to prove that a goal can be implemented by the enforcement mechanism represented by the agent and operation models.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: enabling scalable virtual organizations. International Journal of Supercomputer Applications 15(3) (2001)
Venugopal, S., Buyya, R., Ramamohanarao, K.: A taxonomy of data grids for distributed data sharing, management, and processing. ACM Comput. Surv. 38(1), 3 (2006)
Park, J., Sandhu, R.: The UCON A B C usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128 (2004)
Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Commun. ACM 49(9), 39 (2006)
Martinelli, F., Mori, P.: A model for usage control in GRID systems. In: Grid-STP2007, International Conference on Security, Trust and Privacy in Grid Systems. IEEE Computer Society (2007)
Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Toward a usage-based security framework for collaborative computing systems. ACM Trans. Inf. Syst. Secur. 11(1), 3:1 (2008)
van Lamsweerde, A.: Requirements Engineering in the Year 00: A Research Perspective. In: International Conference on Software Engineering, pp. 5–19 (2000)
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. 8(4), 351 (2005)
Sandhu, R., Park, J.: Usage control: A vision for next generation access control. In: MMM-ACNS, pp. 17–31 (2003)
Martinelli, F., Mori, P.: On usage control for GRID systems. Futur. Gener. Comput. Syst. 26 (7), 1032 (2010)
Naqvi, S., Massonet, P., Aziz, B., Arenas, A., Martinelli, F., Mori, P., Blasi, L., Cortese, G.: Fine-grained continuous usage control of service based grids - The GridTrust approach. In: Proceedings of the 1st European Conference on Towards a Service-Based Internet, Springer-Verlag, ServiceWave’08, pp. 242–253 (2008)
OASIS: Oasis Extensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/xacml (2005)
e Ghazia, U., Masood, R., Shibli, M.A., Bilal, M.: Usage control model specification in XACML policy language. In: Proceedings of the 11th IFIP TC 8 International Conference on Computer Information Systems and Industrial Management, Springer-Verlag, CISIM’12, pp. 68–79 (2012)
Colombo, M., Lazouski, A., Martinelli, F., Mori, P.: A proposal on enhancing XACML with continuous usage control features. In: Desprez, F., Getov, V., Priol, T., Yahyapour, R. (eds.) Grids, P2P and Services Computing, pp. 133–146. Springer (2010)
Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E., Martinelli, F., Mori, P.: Testing of PolPA-based usage control systems. Softw. Qual. Control 22(2), 241 (2014)
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: Enabling scalable virtual organizations. Int. J. High Perform. Comput. Appl. 15(3), 200 (2001)
Chadwick, D.: Functional Components of Grid Service Provider Authorisation Service Middleware. Technical Report, Open Grid Forum (2008)
van Lamsweerde, A.: Requirements engineering - from system goals to UML models to software specifications. Wiley (2009)
Vardi, M. Y.: Branching vs. linear time: Final showdown. In: Margaria, T., Yi, W. (eds.) Proceedings of the 7th International Conference On Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2001), Lecture Notes in Computer Science, vol. 2031, pp. 1–22. Springer (2001)
Objectover: A Power Tool to Engineer Your Business and Technical Requirements. http://www.objectiver.com/fileadmin/download/documents/leaflet.pdf (2015)
Moffett, J., Sloman, M.: Policy Hierarchies for Distributed Systems Management. IEEE J. Selected Areas in Communications 11(9), 14 04 (1993)
Bandara, A.K., Lupu, E.C., Moffett, J., Russo, A.: A goal-based approach to policy refinement. In: 5th IEEE Workshop on Policies for Distributed Systems and Networks. IEEE Computer Society (2004)
Ponsard, C., Massonet, P., Molderez, J. F., Rifaut, A., van Lamsweerde, A., Hung, T.V.: Early verification and validation of mission critical systems. J. Form. Methods Syst. Des. 30(3) (2007)
Letier, E., van Lamsweerde, A.: Deriving operational software specifications from system goals. In: FSE’10: 10th ACM SIGSOFT Symposium on the Foundations of Software Engineering (2002)
Lorch, M., Kafura, D.: The PRIMA grid authorization system. J. Grid Comput. 2(3), 279 (2004)
Dumitrescu, C.L., Raicu, I., Foster, I.: The design, usage, and performance of GRUBER: A grid usage service level agreement based brokERing infrastructure. J. Grid Comput. 5(1), 99 (2007)
Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A flexible attribute based access control method for grid computing. J. Grid Comput. 7(2), 169 (2009)
Muppavarapu, V., Chung, S.: Role-based access control in a data grid using the storage resource broker and shibboleth. J. Grid Comput. 7(2), 265 (2009)
Rubio-Loyola, J., Serrat, J., Charalambides, M., Flegkas, P., Pavlou, G., Lafuente, A.: Using linear temporal model checking for goal-oriented policy refinement frameworks. In: 6th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 181–190 (2005)
Su, L., Chadwick, D., Basden, A., Cunningham, J.: Automated decomposition of access control policies. In: 6th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 3–13. IEEE Computer Society (2005)
Janicke, H., Cau, A., Siewe, F., Zedan, H.: Deriving Enforcement Mechanisms from Policies. IEEE Computer Society (2007)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Aziz, B. Modelling Fine-Grained Access Control Policies in Grids. J Grid Computing 14, 477–493 (2016). https://doi.org/10.1007/s10723-015-9351-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10723-015-9351-x