PRIMA - Privilege Management and Authorization in Grid Computing Environments

Simple item page
dc.contributor.authorLorch, Markusen
dc.contributor.committeechairKafura, Dennis G.en
dc.contributor.committeememberHicks, James O. Jr.en
dc.contributor.committeememberVaradarajan, Srinidhien
dc.contributor.committeememberRamakrishnan, Narenen
dc.contributor.committeememberRibbens, Calvin J.en
dc.contributor.departmentComputer Scienceen
dc.date.accessioned2014-03-14T20:10:03Zen
dc.date.adate2004-04-28en
dc.date.available2014-03-14T20:10:03Zen
dc.date.issued2004-04-16en
dc.date.rdate2004-04-28en
dc.date.sdate2004-04-19en
dc.description.abstractComputational grids and other heterogeneous, large-scale distributed systems require more powerful and more flexible authorization mechanisms to realize fine-grained access-control of resources. Computational grids are increasingly used for collaborative problem-solving and advanced science and engineering applications. Usage scenarios for advanced grids require support for small, dynamic working groups, direct delegation of access privileges among users, procedures for establishing trust relationships without requiring organizational level agreements, precise management by individuals of their privileges, and retention of authority by resource providers. Existing systems fail to provide the necessary flexibility and granularity to support these scenarios. The reasons include the overhead imposed by required administrator intervention, coarse granularity that only allows for all-or-nothing access control decisions, and the inability to implement finer-grained access control without requiring trusted application code. PRIMA, the model and system developed in this research, focuses on management and enforcement of fine-grained privileges. The PRIMA model introduces novel approaches that can be used in place of, or in combination with existing access control mechanisms. PRIMA enables the users of a system to manage access to their own assets directly without the need for, and costs of intervention by technical personnel. System administrators benefit from more flexible and fine-grained definition of access privileges and policies. A novel access control decision and enforcement model with support for legacy applications has been developed. The model uses on-demand account leasing and implements expressive enforcement mechanisms built on existing low-overhead security primitives of the operating systems. The combination of the PRIMA components constitutes a comprehensive security model that facilitates highly dynamic authorization scenarios and increases security through least privilege access to resources. In summary, PRIMA mechanisms enable the use of fine-grained access rights, reduce administrative costs to resource providers, enable ad-hoc and dynamic collaboration scenarios, and provide improved security service to long-lived grid communities.en
dc.description.degreePh. D.en
dc.identifier.otheretd-04192004-092304en
dc.identifier.sourceurlhttp://scholar.lib.vt.edu/theses/available/etd-04192004-092304/en
dc.identifier.urihttp://hdl.handle.net/10919/26995en
dc.publisherVirginia Techen
dc.relation.haspartdissertation-markus-lorch-2004-04-19.pdfen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjectDistributed Systemsen
dc.subjectGrid Securityen
dc.subjectComputer Securityen
dc.titlePRIMA - Privilege Management and Authorization in Grid Computing Environmentsen
dc.typeDissertationen
thesis.degree.disciplineComputer Scienceen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.leveldoctoralen
thesis.degree.namePh. D.en

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
dissertation-markus-lorch-2004-04-19.pdf
Size:
1.02 MB
Format:
Adobe Portable Document Format
Download

Collections

Doctoral Dissertations