Information Technology Reference
In-Depth Information
DISCUSSION
described in this paper. This work has been carried
out as part of the Dutch research project Virtual
Laboratory for e-Science (VL-e).
We presented a trust-based security framework for
Grid middleware that allows for enforcement of
access control and data export policies for privacy-
sensitive data. The framework proposes a Trusted
SRB to manage data and enforce fine-grained
access control policies on behalf of data owners.
Access control policies combine user-based ac-
cess control and trusted hosts lists with a runtime
evaluation of properties of remote hosts from
which jobs request data access. Microcontracts
allow for establishing data handling agreements,
and an auditing mechanism based on microcon-
tracts allows for tracing all operations on the data.
The focus of this paper is on usage scenarios
where Grid-based storage and data sharing is
required. Our framework emphasizes data-owner
specified user and host (property) based access
control policies, to ensure that privacy sensitive
information is only made accessible to authorized
jobs running on hosts trusted by the data owner.
This way, we can ensure that the data owner's
requirements for secure data handling are met.
More generally, we believe that the basic concepts
presented in this paper, such as remote host prop-
erty list evaluation, microcontracts, and auditing,
can be of value for any distributed system or Grid
middleware component in which precise control
is required over where data or code may be dis-
tributed, and under what constraints.
REFERENCES
Alfieri, R., Cecchini, R., Ciaschini, V., dell'Agnello,
L., Frohner, A., Gianoli, A., et al. Spataro, F. (2004).
Voms, an authorization system for virtual organiza-
tions.
European Across Grids Conference, LNCS
2970
, (pp. 33-40). Springer, 2004.
Blancquer, I., Hernández, V., Segrelles, D., & Tor-
res, E. (2009). Enhancing privacy and authorization
control scalability in the Grid through ontologies.
IEEE Transactions on Information Technol-
ogy in Biomedicine
,
13
(1), 16-24. doi:10.1109/
TITB.2008.2003369
Coca, R. (2011). Security enhancements of
GridFTP:Description and Measurements.
Tech-
nical Report UVA-SNE-2011-01
, University of
Amsterdam.
Dcache. (n.d.).
Dcache storage system
. Retrieved
from http://www.dcache.org/
E.C. (1995). Directive 95/46/EC.
European com-
mission data protection regulations overview page
.
Retrieved from http://ec.europa.eu/justice_home/
fsj/privacy/
Erberich, S., Silverstein, J. C., Chervenak, A.,
Schuler, R., Nelson, M. D., & Kesselman, C. (2007).
Globus medicus - federation of dicom medical
imaging devices into healthcare grids.
Studies in
Health Technology and Informatics
,
126
, 269-278.
ACKNOWLEDGMENT
We thank Oscar Koeroo, Dennis van Dok, and
David Groep (NIKHEF) for valuable insight in the
gLite-based VL-e infrastructure. Keith Cover (VU
Medical Center) provided valuable information
on privacy aspects of his job farming application.
Berry Hoekstra and Niels Monen worked on a
student project on HPLs and vulnerability scor-
ing. Razvan Coca (UvA) is thanked for recent
contributions to implementing the framework
Fischer-Huebner, S. (2001).
IT-security and pri-
vacy: Design and use of privacy-enhancing security
mechanisms
. New York, NY: Springer-Verlag.
Foster, I., Kesselman, C., Tsudik, G., & Tuecke, S.
(1998). A security architecture for computational
grids.
Proc. 5th ACM Conf. on Computer and
Communication Security,
(pp. 83-92).
Search WWH ::
Custom Search