Secure interoperation in a multidomain environment employing RBAC policies

Multidomain application environments where distributed multiple organizations interoperate with each other are becoming a reality as witnessed by emerging Internet-based enterprise applications. Composition of a global coherent security policy that governs information and resource accesses in such environments is a challenging problem. In this paper, we propose a policy integration framework for merging heterogeneous role-based access control (RBAC) policies of multiple domains into a global access control policy. A key challenge in composition of this policy is the resolution of conflicts that may arise among the RBAC policies of individual domains. We propose an integer programming (IP)-based approach for optimal resolution of such conflicts. The optimality criterion is to maximize interdomain role accesses without exceeding the autonomy losses beyond the acceptable limit.     

网格：面向虚拟组织的资源共享技术

1.引言在过去的几年里,“网格”(Grid)一词主要在学术界使用。如今,它已从幕后走到了前台,在IT界引起人们的普遍关注。术语网格源于学术界的学派描述共享联网的所有资源(从PC到超级计算机),以共同地解决超级计算任务。一般认为,有关网格的实质性研究始于1995年。当时美国Argonne国家实验室的Ian Foster博士和南加洲大学信息科学研究所的Carl Kesselman博士共同领导了美国政府(能源部、NASA等)支持的高性能分布式计算项目Globus。在此项目中,为了标     

开放式网格服务架构的安全设施

网格是一种开放的分布式系统环境,它的目标是实现分布的、异构的、动态的、虚拟组织之间的资源共享。安全性是网格环境中的关键因素之一,网格的安全性主要包括数据的一致性、私有性、认证、授权与审计。深入分析了开放式系统环境中的安全模型与认证、授权框架,讨论了开放式瞬格服务架构中的网格服务安全的协议与设施。     

DTM:一种面向网络计算的动态信任管理模型

在开放的互联网中,信任关系的建立是实现跨自治域资源共享与协同的前提.然而,网络计算环境的分布自治特性,使得各类复杂系统中应用不同的信任管理机制,容易导致信任定义的不一致问题,特别是很多系统为支持多域协作,直接假设实体间信任具有传递特性,而在模型中缺乏该性质成立的条件;此外,网络计算环境中的动态演化特性,使得驱动实体间协作的信任关系随需而变,而现有信任管理模型仅仅关注于系统功能结构,缺乏对这种动态性的描述.文中提出了一种动态信任管理模型DTM,基于信念公式形式化定义了主体间的信任公式,并将信任的传递特性(信任链)解释为模型的一条性质.在该模型中,针对信任关系的动态特征,以时间为参量刻画主体公式集,以事件为触发条件刻画主体间信任的变化,并基于正则事件序列描述信任管理的资源授权过程,可刻画主体间信任的建立过程.最终,设计、实现了一个信任管理系统CROWN-TM,并进行了初步实验分析.     

高安全度虚拟组织中动态防火墙的设计和实现

网格计算的本质含义是在动态变化的、拥有多个部门或者团体的复杂虚拟组织内,灵活安全地协同实现资源共享和问题求解[1]。建立安全、稳定、可扩充的虚拟组织是整个网格技术的基础。本文分析了在网格环境下组建高安全度虚拟组织时传统防火墙体制遇到的问题,设计了旨在保障虚拟组织高度安全性的新型动态防火墙模型,并给出了在Linux平台下这种防火墙的实现方法。     

多自治域协同环境中群组通信的安全访问控制

支持多自治域协作的安全通信环境是大规模分布式应用的基础,群通信由于高效、可伸缩等特点,成为这种协作环境的一种基本通信方式．然而,由于没有集中的控制中心,实体分别隶属于异构的自治域且动态变化,引发了大量新的安全访问控制问题．针对多域协作的异构性和动态性特点,提出一套基于角色的分布式信任管理的解决方案,重点解决了动态联合授权以及基于属性的委托授权．在此基础上建立了一套较完整的安全通信体系,包括安全策略的协商、信任证的颁发、信任证与安全策略的一致性验证以及用户访问权限论证等．它为多域协作环境的群通信提供了更加灵活、可靠、安全的访问控制模式．     

关于网格及其它分布计算技术的若干问题的讨论

1.引言在“网格:面向虚拟组织的资源共享技术”一文中,我们主要给出了由Ian Foster等定义的网格及相关基本概念和研究领域,讨论了网格的基本理念和关键技术。在“网格体系结构详解”一文中,详述了Globus项目提出的网格体系结构的构成及功能。这些内容旨在说明网格是什么。实际上,我们也可以从另一方面,或不同的角度来观察和认识网格。比     

An innovative simulation environment for cross-domain policy enforcement

With the development of policy management systems, policy-based management has been introduced in cross-domain organization collaborations and system integrations. Theoretically, cross-domain policy enforcement is possible, but in reality different systems from different organizations or domains have very different high-level policy representations and low-level enforcement mechanisms, such as security policies and privacy configurations. To ensure the compatibility and enforceability of one policy set in another domain, a simulation environment is needed prior to actual policy deployment and enforcement code development. In most cases, we have to manually write enforcement codes for all organizations or domains involved in every collaboration activity, which is a huge task. The goal of this paper is to propose an enforcement architecture and develop a simulation framework for cross-domain policy enforcement. The entire environment is used to simulate the problem of enforcing policies across domain boundaries when permanent or temporary collaborations have to span multiple domains. The middleware derived from this simulation environment can also be used to generate policy enforcement components directly for permanent integration or temporary interaction. This middleware provides various functions to enforce policies automatically or semi-automatically across domains, such as collecting policies of each participant domain in a new collaboration, generating policy models for each domain, and mapping specific policy rules following these models to different enforcement mechanisms of participant domains.     

An approach to domain-based scalable context management architecture in pervasive environments

In pervasive environments, context management systems are expected to administrate large volume of contextual information that is captured from spatial to nonspatial elements. Research in context-aware computing produced a number of middleware systems for context management to intermediate the communications between applications and context providers. In particular, in pervasive environments, the design of distributed storage, retrieval and propagation mechanisms of context information across domains is vital. In this paper, we propose a domain-based approach to address the requirements of scalable distributed context management, cross-domain efficient context information dissemination and domain-based privacy policy enforcement. We propose infinitum, a middleware architecture that incorporates the management and communication benefits of the Google Wave Federation Protocol, while also taking advantage of the semantic and inference benefits of ontology-based context models. This architecture establishes a robust cross-domain scalable context management and collaboration framework, which has been implemented and evaluated in a real-life application of “SMART University” to support virtual team collaboration.     

Secure Collaboration in a Mediator-Free Distributed Environment

The internet and related technologies have made multidomain collaborations a reality. Collaboration enables domains to effectively share resources; however it introduces several security and privacy challenges. Managing security in the absence of a central mediator is even more challenging. In this paper, we propose a distributed secure interoperability framework for mediator-free collaboration environments. We introduce the idea of secure access paths which enables domains to make localized access control decisions without having global view of the collaboration. We also present a path authentication technique for proving path authenticity. Furthermore, we present an on-demand path discovery algorithms that enable domains to securely discover paths in the collaboration environment. We implemented a simulation of our proposed framework and ran experiments to investigate the effect of several design parameters on our proposed access path discovery algorithm.     

Towards secure information sharing using role-based delegation

As computing becomes more pervasive, information sharing occurs in broad, highly dynamic network-based environments. Such pervasive computing environments pose a difficult challenge in formally accessing the resources. The digital information generally represents sensitive and confidential information that organizations must protect and allow only authorized personnel to access and manipulate them. As organizations implement information strategies that call for sharing access to resources in the networked environment, mechanisms must be provided to protect the resources from adversaries. In this paper, we seek to address the issue of how to advocate selective information sharing while minimizing the risks of unauthorized access. We integrate a role-based delegation framework to propose a system architecture. We also demonstrate the feasibility of our framework through a proof-of-concept implementation.     

Security policy verification for multi-domains in cloud systems

The cloud is a modern computing paradigm with the ability to support a business model by providing multi-tenancy, scalability, elasticity, pay as you go and self-provisioning of resources by using broad network access. Yet, cloud systems are mostly bounded to single domains, and collaboration among different cloud systems is an active area of research. Over time, such collaboration schemas are becoming of vital importance since they allow companies to diversify their services on multiple cloud systems to increase both uptime and usage of services. The existence of an efficient management process for the enforcement of security policies among the participating cloud systems would facilitate the adoption of multi-domain cloud systems. An important issue in collaborative environments is secure inter-operation. Stemmed from the absence of relevant work in the area of cloud computing, we define a model checking technique that can be used as a management service/tool for the verification of multi-domain cloud policies. Our proposal is based on NIST’s (National Institute of Standards and Technology) generic model checking technique and has been enriched with RBAC reasoning. Current approaches, in Grid systems, are capable of verifying and detect only conflicts and redundancies between two policies. However, the latter cannot overcome the risk of privileged user access in multi-domain cloud systems. In this paper, we provide the formal definition of the proposed technique and security properties that have to be verified in multi-domain cloud systems. Furthermore, an evaluation of the technique through a series of performance tests is provided.     

基于虚拟组织的网格文件资源共享模型

网格计算主要关注大规模的资源共享,且这种共享是高度可控的。为解决网格环境下文件资源共享与管理的问题,提出了一个网格文件资源共享模型FsvGrid。该模型引入注册通知机制,并采用确定性算法与非确定性算法相结合的消息传递机制,使得网格中的各个节点之间能够高效协作;采用分层结构,屏蔽了文件资源的多样性;增加了共享的安全性,可以对共享进行控制;提出了一种依靠虚拟组织来对文件资源进行管理的方式,解决分布式资源难以管理的问题。     

一种基于TPM匿名证书的信任协商方案

为促进分布式网络环境中跨安全域的信息共享与协作,需要一种合理有效的信任协商敏感信息保护机制.可信计算组织(Trusted Computing Group,TCG)专注于从计算平台体系结构上增强其安全性.基于可信计算的匿名证书机制提出一种新的信任协商方案:匿名证书信任协商ACTN(anonymous credentials based trusted negotiation),良好地解决了跨安全域的敏感信息保护的问题,可以有效地防止重放攻击、窜改攻击和替换攻击.使用一个硬件模块TPM进行隐私信息保护,并通过TPM模块提供可靠的匿名证书和平台认证.定义了ACTN的模型以及模型中的匿名证书,详细说明了匿名证书的基本参数以及匿名证书的创建方法,讨论了策略的安全性、委托机制以及证书链的发现机制,同时设计了协商节点的框架以及协商过程.通过实验并与TrustBuilder和COTN协商系统进行比较,表明系统具有良好的稳定性和可用性.最后指出相关的一些未来研究方向.     

Aligning Collaborative Business Processes—An Organization-Oriented Perspective

Business collaboration encompasses the coordination of information flows among organizations as well as the composition of their business processes toward mutual benefits. While integrating business processes of different organizations seamlessly, it brings great challenges to keep participating organizations as autonomous entities. To address this issue, we propose a new perspective on modeling collaborative business processes with a novel concept called relative workflow (RWF). With its visibility control mechanism, the RWF model defines what a participating organization can perceive in collaboration and thereby allows each organization to customize its own collaboration process and behaviors. In this paper, we present a formal definition of RWFs and related algorithms for generating RWFs. A prototype is implemented on the Web service platform for the proof-of-concept purpose.     

网格技术及其应用

网格实现了将计算机网络作为统一的计算资源的可能性。这是一种动态的、多机构虚拟组织的资源协调共享和问题解决的崭新技术，与传统分布式计算的区别，主要在于其重点是大规模的资源共享、创新的应用以及高性能的目标。文章阐述了网格的基本概念，并介绍了网格的应用与发展。     

A stochastic load balancing algorithm for i‐Computing

This paper presents a stochastic dynamic load balancing algorithm for Internet computing, which is a new type of distributed computing involving heterogeneous workstations from different organizations on the Internet. To realize the practical environment, we assume the system to be comprised of heterogeneous, untrusted and non‐dedicated workstations connected by a non‐dedicated network. Our algorithm uses the product of the average processing time and the queue length of system jobs as the load index. Dynamic communication delay is included in the execution cost calculation. The transfer policy and the location policy are combined in a stochastic algorithm. State information exchange is done via information feedback and mutual updating. Simulations demonstrate that our algorithm outperforms conventional approaches over a wide range of system parameters. These results are reconfirmed by empirical experiments after we have implemented the algorithms on the Distributed Java Machine global virtual machine. Copyright © 2003 John Wiley & Sons, Ltd.     

Automatically composed workflows for grid environments

Once the realm of high-performance computing for scientific applications, grid computing is rising as a key enabling infrastructure for resource sharing and coordinated problem solving in dynamic multiinstitutional virtual organizations. Grids build over networking technology to provide middleware support such as locating files over a network of computers, scheduling the distributed execution of jobs, and managing resource sharing and access policies.2 The need of scientific communities to interconnect applications, data, expertise, and computing resources is shared by other application areas, such as business, government, medical care, and education.     

一种新型的主动安全管理

针对目前对计算机网络的保护力度不足的问题,提出一种基于共享攻击信息以及组织间合作的主动安全管理方案。使用安全区域合作框架在可信区域之间建立相互合作和协同的关系,以保护系统和网络免遭潜在的攻击并通过交换安全信息和区间合作来预报和响应攻击,这种动态的强安全体系结构能够快速更新安全策略和配置响应模块。     

REMUS: A Rerouting and Multiplexing System for Grid Connectivity Across Firewalls

The Grid provides unique opportunities for high-performance computing through distributed applications that execute over multiple remote resources. Participating institutions can form a virtual organization to maximize the utilization of collective resources as well as to facilitate collaborative projects. However, there are two design aspects in distributed environments like the Grid that can easily clash: security and resource sharing. It may be that resources are secure but are not entirely conducive to resource sharing, or networks are wide open for resource sharing but sacrifice security as a result. We developed REMUS, a rerouting and multiplexing system that provides a compromise through connection rerouting and wrappers. REMUS reroutes connections using proxies, ports and protocols that are already authorized across firewalls, avoiding the need to make new openings through the firewalls. We also encapsulate applications within wrappers, transparently rerouting the connections among Grid applications without modifying their programs. In this paper, we describe REMUS and the tests we conducted across firewalls using two Grid middleware case studies: Globus Toolkit 2.4 and Nimrod/G 3.0.