Skip to main content
SpringerLink
Log in

A context-constrained authorisation (CoCoA) framework for pervasive grid computing

  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

The paper discusses access control implications when bridging Pervasive and Grid computing, and analyses the limitations of current Grid authorisation solutions when applied to Pervasive Grid environments. The key authorisation requirements for Pervasive Grid computing are identified and a novel Grid authorisation framework, the context-constrained authorisation framework CoCoA, is proposed. The CoCoA framework takes into account not only users’ static attributes, but also their dynamic contextual attributes that are inherent in Pervasive computing. It adheres to open Grid standards, uses a modular layered approach to complement existing Grid authorisation systems, and inter-works with other Grid security building blocks. A prototype implementation of the CoCoA framework is presented and its performance evaluated.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Foster, I., & Kesselman, C. (Eds.). (1998). The Grid: Blueprint for a future computing infrastructure. San Francisco: Morgan Kaufmann Publishers.

  2. Cannataro, M., & Talia, D. (2003). Towards the next-generation Grid: A pervasive environment for knowledge-based computing. In Proceedings International Conference on Information Technology: Computers and Communications ITCC, pp. 437–441.

  3. Suarez, T. L. (2005). Access Grid technology in classroom and research environments. In Proceedings International Conference on Parallel and Distributed Processing Techniques and Applications PDPTA, pp. 379–385

  4. Hutter, D., Stephan, W., & Ullmann, M. (2004). Security and privacy in pervasive computing state of the art and future directions, Springer. Lecture Notes in Computer Science, 2802, 284–289.

    Google Scholar 

  5. Satyanarayanan, M. (2001). Pervasive computing: Vision and challenges. IEEE Personal Communications, 8(4), 10–17. doi:10.1109/98.943998.

    Article  Google Scholar 

  6. Stajano, F. (2003). The security challenges of ubiquitous computing, Springer. Lecture Notes in Computer Science, 2779, 1. http://www.informatik.uni-trier.de/~ley/db/conf/ches/ches2003.html.

  7. Trusted Computing Group, TPM Main Specification ver.1.2 rev. 85 (February 2005).

  8. Winkler, I. S. (1995). Social engineering: The only real test of information systems security plans. In Proceedings 18th NIST-NCSC National Information Systems Security Conference, pp. 464–469.

  9. Foster, I. (2001). The anatomy of the Grid: Enabling scalable virtual organizations. In Proceedings 1st ACM/IEEE International Symposium on Cluster Computing and the Grid (CCGRID), pp. 6–7.

  10. UK e-Science, http://www.rcuk.ac.uk/escience/default.htm.

  11. Open Science Grid. http://www.opensciencegrid.org/.

  12. Weiser, M. (1991). The computer for the twenty-first century. Scientific American, 265(3), 94–104.

    Article  Google Scholar 

  13. Weiser, M. (1993). The world is not a desktop. ACM Interactions, 1(1), 7–8. doi:10.1145/174800.174801.

    Article  Google Scholar 

  14. Roman, M., & Campbell, R. (2000). GAIA: enabling active spaces. In Proceedings 9th ACM SIGOPS European Workshop, pp. 229–234.

  15. Hedberg, S. (2000). Beyond desktop computing: MIT’s oxygen project. IEEE Distributed Systems Online, 1(1).

  16. Sousa, J., & Garlan, D. (2002). Aura: an architectural framework for user mobility in ubiquitous computing environments. In Proceedings 3rd IEEE/IFIP Conference on Software Architecture (WICSA3) (August 2002), pp. 29–43.

  17. Dey, A. (2000). Providing Architectural Support for Building Context-Aware Applications. PhD Thesis, College of Computing, Georgia Institute of Technology.

  18. Mostefaoui, G. K., Pasquier-Rocha, J., & Brezillon, P. (2004). Context-aware computing: A guide for the pervasive computing community. In Proceedings IEEE/ACS Conference on Pervasive Services (ICPS04).

  19. Burr, W. E., Dodson, D. F., & Polk, W. T. (2006). NIST Special Publication 800–63: Electronic Authentication Guideline v1.0.2 (April 2006).

  20. Zhang, N., Chin, J., Rector, A., Goble, C., & Li, Y. (2004). Towards an authentication middleware to support ubiquitous web access. In Proceedings 28th Annual International Computer Software and Applications Conference (September 2004).

  21. Hulsebosch, R. J., Salden, A. H., Bargh, M. S., Ebben, P. W. G., & Reitsma, J. (2005). Context sensitive access control. In Proceedings 10th ACM Symposium on Access Control Models and Technologies, pp. 111–119.

  22. Wang, Y., & Abdel-Wahab, H. M. (2005). A correlative context-based framework for network intrusion detection system. In Proceedings of ISCC, pp. 463–468.

  23. Covingtion, M. J., Moyer, M., & Ahamad, M. (2001). Securing context-aware applications using environmental roles. In: Proceedings 23rd National Information Systems Security Conference (NISSC) (May 2001), pp. 40–51.

  24. Covington, M. J., Fogla, P., Zhan, Z., & Ahamad, M. (2002). A context-aware security architecture for emerging applications. In Proceedings Annual Computer Security Applications Conference (ACSAC) (December 2002), pp. 249–258.

  25. Strembeck, M., & Neumann, G. (2004). An Integrated approach to engineer and enforce context constraints in RBAC environments. ACM Transactions on Information and System Security, 7(3), 392–427. doi:10.1145/1015040.1015043.

    Article  Google Scholar 

  26. Wolf, R., & Schneider, M. (2003). Context-dependent access control for web-based collaboration environments with role-based approach. In Proceedings of the 2nd International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security (Vol. 2776, pp. 267–278). Springer Lecture Notes in Computer Science. http://www.springerlink.com/content/5er2pw19hdmgfhgl/fulltext.html/.

  27. Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., et al. (2003). VOMS, an authorization system for virtual organizations. In Proceedings European Across Grids Conference (February 2003).

  28. Pearlman, L., Welch, V., Foster, I., Kesselman, C., & Tuecke, S. (2002). A community authorization service for group collaboration. In Proceedings International Workshop on Policies for Distributed Systems and Networks POLICY’02, pp. 50–59.

  29. Chadwick, D. W., & Otenko, A. (2003). The PERMIS X.509 role-based privilege management infrastructure. Future Generation Computer Systems, 19(2), 277–289. doi:10.1016/S0167-739X(02)00153-X.

    Article  Google Scholar 

  30. Globus Toolkit (GT). http://www.globus.org/toolkit/.

  31. Welch, V., Kesselman, C., Mulmo, O., Pearlman, L., Tuecke, S., Gawor, J., et al. (2004). X.509 proxy certificates for dynamic delegation. In Proceedings 3rd Annual PKI R&D Workshop (April 2004).

  32. Chadwick, D. W. (2003). The X.509 privilege management infrastructure. In Proceedings NATO Advanced Networking Workshop on Advanced Security Technologies in Networking (June 2003), pp. 15–25.

  33. The OSGi Alliance.OSGi Service Platform—Core Specification release 4, http://osgi.org/osgi_technology/download_specs.asp (August 2005).

  34. Glasser, U., Gurevich, Y., & Veanes, M. (2001). Universal Plug and Play Models, Technical Report MSR-TR-2001-59, Microsoft Research (June 2001).

  35. Waldo, J. (1999). The JINI architecture for network-centric computing. Communications of the ACM, 7, 76–82. doi:10.1145/306549.306582.

    Article  Google Scholar 

  36. CORBA. (2006). Common Object Request Broker Architecture, http://www.corba.org.

  37. Eikerling, H., & Berger, F. (2002). Design of OSGi compatible middleware components for mobile multimedia applications, springer. Lecture Notes in Computer Science, 2515, 80–91. doi:10.1007/3-540-36166-9_8.

    Article  Google Scholar 

  38. JADABS.An Open Source OSGi Implementation, http://jadabs.berlios.de.

  39. Knopplerfish: An Open Source OSGi Implementation, http://www.knopflerfish.org/.

  40. Oscar: An Open Source OSGi Implementation, http://oscar-osgi.sourceforge.net.

  41. Gamma, E., Helm, R., Johnson, R., & Vlissides, J. (1995) Design patterns. Addison-Wesley.

  42. Czajkowski, K., Ferguson, D., Foster, I., Frey, J., Graham, S., Sedukhin, I., et al. (2004). The WS-Resource Framework v1.0, http://www.globus.org/wsrf/specs/ws-wsrf.pdf (May 2004).

  43. Sundaram, B. (2005). WS-Notification and the Globus Toolkit 4 WS-Java Core, IBM Developer Works, http://www-128.ibm.com/developerworks/grid/library/gr-wsngt4/ (July 2005).

  44. Garcia, F. J., & Clemente, B. G. M., & Gomez-Skarmeta, A. F. (2005). Advances in web intelligence, a semantically-rich management system based on {CIM} for the {OGSA} security services. In Proceedings 3rd International Atlantic Web Intelligence Conference (AWIC) (June 2005), pp. 473–479.

  45. Kagal, L., Finin, T. W., & Joshi, A. (2003). A policy based approach to security for the semantic web. In Proceedings 2nd International Semantic Web Conference (October 2003), pp. 402–418

  46. Ryutov, T., Zhou, L., Neuman, C., Foukia, N., Leithead, T., & Seamons, K. E. (2005). Adaptive trust negotiation and access control for Grids. In Proceedings 6th IEEE/ACM International Workshop on Grid Computing (November 2005), pp. 55–62.

  47. Uszok, A., Bradshaw, J. M., Johnson, M., Jeffers, R., Tate, A., Dalton, J., et al. (2004). KAoS policy management for semantic web services. IEEE Intelligent Systems, 19(4), 32–41. doi:10.1109/MIS.2004.31.

    Article  Google Scholar 

  48. Berners-Lee, T., Hendler, J. A., & Lassila, O. (2001). The Semantic Web. Scientific American, 284(5), 34–43. http://dret.net/biblio/reference/ber01.

  49. Antoniou, G., & van Harmelen, F. (2004). Web ontology language: OWL. Handbook of Ontologies in Information Systems. Springer, pp. 67–92.

  50. Keahey, K., Doering, K., & Foster, I. (2004). From sandbox to playground: Dynamic virtual environments in the Grid. In Proceedings 5th IEEE/ACM International Workshop on Grid Computing, pp. 34–42.

Download references

Acknowledgement

We gratefully acknowledge the funding support from the University of Manchester.

Author information

Authors and Affiliations

  1. School of Computer Science, The University of Manchester, Manchester, UK

    Jay Chin, Ning Zhang & Aleksandra Nenadic

  2. School of Computer Science, King Abdulaziz University, Jeddah, Saudi Arabia

    Omaima Bamasak

Authors
  1. Jay Chin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ning Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aleksandra Nenadic
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Omaima Bamasak
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ning Zhang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chin, J., Zhang, N., Nenadic, A. et al. A context-constrained authorisation (CoCoA) framework for pervasive grid computing. Wireless Netw 16, 1541–1556 (2010). https://doi.org/10.1007/s11276-008-0135-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-008-0135-0

Keywords

Search

Navigation