Fine-grained access control for GridFTP using SecPAL

Fine-grained access control for GridFTP using SecPAL

Grid access control policy languages today are generally one of two extremes: either extremely simplistic, or overly complex and challenging for even security experts to use. In this paper, we explicitly identify requirements for an access control policy language for grid data and then consider six...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Humphrey, M., Sang-Min Park, Jun Feng, Beekwilder, N., Wasson, G., Hogg, J., LaMacchia, B., Dillaway, B.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Access control
Access protocols
Authentication
Authorization
Computer science
Computer security
Data security
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 225
container_issue
container_start_page 217
container_title
container_volume
creator Humphrey, M.
Sang-Min Park
Jun Feng
Beekwilder, N.
Wasson, G.
Hogg, J.
LaMacchia, B.
Dillaway, B.
description Grid access control policy languages today are generally one of two extremes: either extremely simplistic, or overly complex and challenging for even security experts to use. In this paper, we explicitly identify requirements for an access control policy language for grid data and then consider six specific data access use-cases that have been problematic in today's grids: attribute-based access, role-based access, "role-deny" access, impersonation-based access, delegation-based access, and capability-based access. We evaluate the security policy assertion language (SecPAL) against those requirements, specifically in the context of these six use-cases involving GridFTP.NET. We find that while some of these six use-cases are individually possible via existing Grid authorization systems, we believe that SecPAL uniquely offers a single approach that meets the requirements of a grid access control policy language, thereby creating support for a wide range of expanded scenarios for grid data access.
doi_str_mv 10.1109/GRID.2007.4354136
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4354136</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4354136</ieee_id><sourcerecordid>4354136</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-c3589ec683dce734fa829a4da0535cf336e461efe2ad0ab4e7ee110f0683fea03</originalsourceid><addsrcrecordid>eNo9j8tOwzAURM1Loi35AMTGP5Bw_UrsZVVIqBSpFWRfGee6MioJssuCvycSEbOZxZkZaQi5Z1AwBuaxed0-FRygKqRQkonygiyZ5FIyVYK-JAvOFM-npLgiman0zJRR1_9Mq1uSpfQBk5SstGILIuswYH6MdrKeWucwJerG4RzHE_VjpE0Mfd3t6XcKw5G-oduv2zty4-0pYTb7inT1c7d5ydtds92s2zwYOOdOKG3QlVr0DishvdXcWNlbUEI5L0SJsmTokdse7LvECnH66mFqeLQgVuThbzYg4uErhk8bfw7zf_EL-1lI5w</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Fine-grained access control for GridFTP using SecPAL</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Humphrey, M. ; Sang-Min Park ; Jun Feng ; Beekwilder, N. ; Wasson, G. ; Hogg, J. ; LaMacchia, B. ; Dillaway, B.</creator><creatorcontrib>Humphrey, M. ; Sang-Min Park ; Jun Feng ; Beekwilder, N. ; Wasson, G. ; Hogg, J. ; LaMacchia, B. ; Dillaway, B.</creatorcontrib><description>Grid access control policy languages today are generally one of two extremes: either extremely simplistic, or overly complex and challenging for even security experts to use. In this paper, we explicitly identify requirements for an access control policy language for grid data and then consider six specific data access use-cases that have been problematic in today's grids: attribute-based access, role-based access, "role-deny" access, impersonation-based access, delegation-based access, and capability-based access. We evaluate the security policy assertion language (SecPAL) against those requirements, specifically in the context of these six use-cases involving GridFTP.NET. We find that while some of these six use-cases are individually possible via existing Grid authorization systems, we believe that SecPAL uniquely offers a single approach that meets the requirements of a grid access control policy language, thereby creating support for a wide range of expanded scenarios for grid data access.</description><identifier>ISSN: 2152-1085</identifier><identifier>ISBN: 9781424415595</identifier><identifier>ISBN: 1424415594</identifier><identifier>EISSN: 2152-1093</identifier><identifier>EISBN: 1424415608</identifier><identifier>EISBN: 9781424415601</identifier><identifier>DOI: 10.1109/GRID.2007.4354136</identifier><language>eng</language><publisher>IEEE</publisher><subject>Access control ; Access protocols ; Authentication ; Authorization ; Computer science ; Computer security ; Data security</subject><ispartof>2007 8th IEEE/ACM International Conference on Grid Computing, 2007, p.217-225</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4354136$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,27902,54895</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4354136$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Humphrey, M.</creatorcontrib><creatorcontrib>Sang-Min Park</creatorcontrib><creatorcontrib>Jun Feng</creatorcontrib><creatorcontrib>Beekwilder, N.</creatorcontrib><creatorcontrib>Wasson, G.</creatorcontrib><creatorcontrib>Hogg, J.</creatorcontrib><creatorcontrib>LaMacchia, B.</creatorcontrib><creatorcontrib>Dillaway, B.</creatorcontrib><title>Fine-grained access control for GridFTP using SecPAL</title><title>2007 8th IEEE/ACM International Conference on Grid Computing</title><addtitle>GRID</addtitle><description>Grid access control policy languages today are generally one of two extremes: either extremely simplistic, or overly complex and challenging for even security experts to use. In this paper, we explicitly identify requirements for an access control policy language for grid data and then consider six specific data access use-cases that have been problematic in today's grids: attribute-based access, role-based access, "role-deny" access, impersonation-based access, delegation-based access, and capability-based access. We evaluate the security policy assertion language (SecPAL) against those requirements, specifically in the context of these six use-cases involving GridFTP.NET. We find that while some of these six use-cases are individually possible via existing Grid authorization systems, we believe that SecPAL uniquely offers a single approach that meets the requirements of a grid access control policy language, thereby creating support for a wide range of expanded scenarios for grid data access.</description><subject>Access control</subject><subject>Access protocols</subject><subject>Authentication</subject><subject>Authorization</subject><subject>Computer science</subject><subject>Computer security</subject><subject>Data security</subject><issn>2152-1085</issn><issn>2152-1093</issn><isbn>9781424415595</isbn><isbn>1424415594</isbn><isbn>1424415608</isbn><isbn>9781424415601</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2007</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNo9j8tOwzAURM1Loi35AMTGP5Bw_UrsZVVIqBSpFWRfGee6MioJssuCvycSEbOZxZkZaQi5Z1AwBuaxed0-FRygKqRQkonygiyZ5FIyVYK-JAvOFM-npLgiman0zJRR1_9Mq1uSpfQBk5SstGILIuswYH6MdrKeWucwJerG4RzHE_VjpE0Mfd3t6XcKw5G-oduv2zty4-0pYTb7inT1c7d5ydtds92s2zwYOOdOKG3QlVr0DishvdXcWNlbUEI5L0SJsmTokdse7LvECnH66mFqeLQgVuThbzYg4uErhk8bfw7zf_EL-1lI5w</recordid><startdate>200709</startdate><enddate>200709</enddate><creator>Humphrey, M.</creator><creator>Sang-Min Park</creator><creator>Jun Feng</creator><creator>Beekwilder, N.</creator><creator>Wasson, G.</creator><creator>Hogg, J.</creator><creator>LaMacchia, B.</creator><creator>Dillaway, B.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200709</creationdate><title>Fine-grained access control for GridFTP using SecPAL</title><author>Humphrey, M. ; Sang-Min Park ; Jun Feng ; Beekwilder, N. ; Wasson, G. ; Hogg, J. ; LaMacchia, B. ; Dillaway, B.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-c3589ec683dce734fa829a4da0535cf336e461efe2ad0ab4e7ee110f0683fea03</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2007</creationdate><topic>Access control</topic><topic>Access protocols</topic><topic>Authentication</topic><topic>Authorization</topic><topic>Computer science</topic><topic>Computer security</topic><topic>Data security</topic><toplevel>online_resources</toplevel><creatorcontrib>Humphrey, M.</creatorcontrib><creatorcontrib>Sang-Min Park</creatorcontrib><creatorcontrib>Jun Feng</creatorcontrib><creatorcontrib>Beekwilder, N.</creatorcontrib><creatorcontrib>Wasson, G.</creatorcontrib><creatorcontrib>Hogg, J.</creatorcontrib><creatorcontrib>LaMacchia, B.</creatorcontrib><creatorcontrib>Dillaway, B.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Humphrey, M.</au><au>Sang-Min Park</au><au>Jun Feng</au><au>Beekwilder, N.</au><au>Wasson, G.</au><au>Hogg, J.</au><au>LaMacchia, B.</au><au>Dillaway, B.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Fine-grained access control for GridFTP using SecPAL</atitle><btitle>2007 8th IEEE/ACM International Conference on Grid Computing</btitle><stitle>GRID</stitle><date>2007-09</date><risdate>2007</risdate><spage>217</spage><epage>225</epage><pages>217-225</pages><issn>2152-1085</issn><eissn>2152-1093</eissn><isbn>9781424415595</isbn><isbn>1424415594</isbn><eisbn>1424415608</eisbn><eisbn>9781424415601</eisbn><abstract>Grid access control policy languages today are generally one of two extremes: either extremely simplistic, or overly complex and challenging for even security experts to use. In this paper, we explicitly identify requirements for an access control policy language for grid data and then consider six specific data access use-cases that have been problematic in today's grids: attribute-based access, role-based access, "role-deny" access, impersonation-based access, delegation-based access, and capability-based access. We evaluate the security policy assertion language (SecPAL) against those requirements, specifically in the context of these six use-cases involving GridFTP.NET. We find that while some of these six use-cases are individually possible via existing Grid authorization systems, we believe that SecPAL uniquely offers a single approach that meets the requirements of a grid access control policy language, thereby creating support for a wide range of expanded scenarios for grid data access.</abstract><pub>IEEE</pub><doi>10.1109/GRID.2007.4354136</doi><tpages>9</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 2152-1085
ispartof 2007 8th IEEE/ACM International Conference on Grid Computing, 2007, p.217-225
issn 2152-1085
2152-1093
language eng
recordid cdi_ieee_primary_4354136
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Access control
Access protocols
Authentication
Authorization
Computer science
Computer security
Data security
title Fine-grained access control for GridFTP using SecPAL
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-30T16%3A16%3A03IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Fine-grained%20access%20control%20for%20GridFTP%20using%20SecPAL&rft.btitle=2007%208th%20IEEE/ACM%20International%20Conference%20on%20Grid%20Computing&rft.au=Humphrey,%20M.&rft.date=2007-09&rft.spage=217&rft.epage=225&rft.pages=217-225&rft.issn=2152-1085&rft.eissn=2152-1093&rft.isbn=9781424415595&rft.isbn_list=1424415594&rft_id=info:doi/10.1109/GRID.2007.4354136&rft_dat=%3Cieee_6IE%3E4354136%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=1424415608&rft.eisbn_list=9781424415601&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4354136&rfr_iscdi=true