Skip to main content
Springer Nature Link
Log in

Fine-Grain Access Control Using Shibboleth for the Storage Resource Broker

  • Conference paper
Advances in Information Security and Assurance (ISA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5576))

Included in the following conference series:

  • 1827 Accesses

Abstract

In this paper, we propose a fine-grain access control system for data resources in the Storage Resource Broker (SRB). The SRB is a Data Grid management system, which can integrate heterogeneous data resources of virtual organizations (VOs). The SRB stores the access control information of individual users in the Metadata Catalog (MCAT) database. However, because of the specific MCAT schema, this information can only be used by the SRB applications. If VOs also have many non-SRB applications, each with its own storage format for user access control information, it creates a scalability problem with regard to administration. To solve this problem, we use Shibboleth, which is an attribute authorization service. By using Shibboleth, the authentication and access control information of the user can be obtained from the user’s home institution. Thus, the administration overhead is reduced because the access control information of individual users is now managed by the user’s home institution alone, not by MCAT or applications. The use of Shibboleth allows access control decisions to be made based on the user attributes such as role memberships and institutional affiliation, instead of the identity. Thus, our system provides scalable and fine-grain access control and allows privacy protection. Performance analysis shows that our system adds only a small overhead to the existing security infrastructure of the SRB.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Baker, M., Apon, A., Ferner, C., Brown, J.: Emerging Grid Standards. IEEE Computer 38(4), 43–50 (2005)

    Article  Google Scholar 

  2. Baru, C., Moore, R., Rajasekar, A., Wan, M.: The SDSC Storage Resource Broker. In: Proc. of Conference of the Centre for Advanced Studies on Collaborative Research (1998)

    Google Scholar 

  3. Butler, R., Welch, V., Engert, D., Foster, I., Tuecke, S., Volmer, J., Kesselman, C.: A National-Scale Authentication Infrastructure. IEEE Computer 33(12), 60–66 (2000)

    Article  Google Scholar 

  4. Carmody, S.: Shibboleth Overview and Requirements. Shibboleth Working Group Document (2001), http://shibboleth.internet2.edu/docs/draft-internet2-shibboleth-requirements-01.html

  5. Foster, I., Grossman, R.L.: Data Integration in a Bandwidth-Rich World. Communications of the ACM 46(11), 50–57 (2003)

    Article  Google Scholar 

  6. Humphrey, M., Thompson, M.R., Jackson, K.R.: Security for Grids. Proceedings of the IEEE 93(3), 644–652 (2005)

    Article  Google Scholar 

  7. Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First Experiences Using XACML for Access Control in Distributed Systems. In: Proc. of the ACM Workshop on XML Security, pp. 25–37 (2003)

    Google Scholar 

  8. Organization for the Advancement of Structured Information Standards (OASIS), Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) v1.1, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

  9. OASIS: Core and Hierarchical Role Based Access Control (RBAC) Profile of XACML v2.0, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-rbac-profile1-spec-os.pdf

  10. OASIS: eXtensible Access Control Markup Language (XACML) v2.0, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

  11. OASIS: SAML 2.0 Profile of XACML v2.0, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-profile-spec-os.pdf

  12. Rajasekar, A., Wan, M., Moore, R., et al.: Storage Resource Broker – Managing Distributed Data in a Grid. Computer Society of India Journal 33(4) (2003)

    Google Scholar 

  13. Rajasekar, A., Wan, M., Moore, R.: MySRB & SRB: Components of a Data Grid. In: Proc. of the 11th IEEE Int’l Symposium on High Performance Distributed Computing, pp. 301–310 (2002)

    Google Scholar 

  14. Scavo, T., Welch, V.: A Grid Authorization Model for Science Gateways. In: Int’l Workshop on Grid Computing Environments (2007)

    Google Scholar 

  15. Secretariat of Information Technology Industry Council (ITI): American National Standard for Information Technology — Role Based Access Control (2003), http://csrc.nist.gov/rbac/rbac-std-ncits.pdf

  16. Welch, V., Barton, T., Keahey, K., Siebenlist, F.: Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration. In: Proc. of the 4th Annual PKI R&D Workshop (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Wright State University, Dayton, Ohio, 45435, U.S.A.

    Vineela Muppavarapu & Soon M. Chung

Authors
  1. Vineela Muppavarapu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Soon M. Chung
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Engineering Department, Kyungnam University, 449, Wolyong-dong, 631-701, Kyungnam, Masan, Korea

    Jong Hyuk Park

  2. Institute of Communications Engineering, National Sun Yat-Sen University, Kaohsiung City, Taiwan

    Hsiao-Hwa Chen

  3. School of Computer Science,, University of Oklahoma, 200 Felgar Street, 73019, P.O. Box, Norman, OK, USA

    Mohammed Atiquzzaman

  4. School of Computer Engineering, Hanshin University, Kyeong-Gi, Osan, Korea

    Changhoon Lee

  5. Division of Multimedia, Hannam University, Daejeon, Korea

    Tai-hoon Kim

  6. Division of Computer Engineering, Mokwon University, Daejeon, Korea

    Sang-Soo Yeo

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Muppavarapu, V., Chung, S.M. (2009). Fine-Grain Access Control Using Shibboleth for the Storage Resource Broker. In: Park, J.H., Chen, HH., Atiquzzaman, M., Lee, C., Kim, Th., Yeo, SS. (eds) Advances in Information Security and Assurance. ISA 2009. Lecture Notes in Computer Science, vol 5576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02617-1_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02617-1_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02616-4

  • Online ISBN: 978-3-642-02617-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics