정보처리학회논문지C (The KIPS Transactions:PartC)

한국정보처리학회 (Korea Information Processing Society)
권호 표지
DOI QR코드

DOI QR Code

그리드 보안을 위한 역할 기반의 신뢰 협상 모델

RBAC-based Trust Negotiation Model for Grid Security

  • 발행 : 2008.12.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

본 논문에서는 그리드 보안 프레임워크에서 디지털 인증서를 기반으로 신뢰를 구축하는 FAS(Federation Agent Server) 모델을 제안한다. 제안하는 FAS 모델은 기존의 RBAC(Role Based Access Control) 모델의 주요 요소인 사용자, 역할, 그리고 허가의 기본구조를 구체화하고 확장하여 연합 에이전트 서버를 설계함으로써 로컬정책에 따른 상세한 접근권한을 할당할 수 있는 시스템 독립적인 그리드 보안 통합 모델이다. FAS는 각 사용자가 어떤 역할을 가지는지를 결정하고, 역할에 따른 접근권한을 할당하며, 역할과 접근권한을 포함하는 속성 인증서를 발행하는 RDM, PCM 그리고 CCM의 세 가지 내부 모듈로 구성된다. RDM에서 신뢰 협상 과정을 통하여 사용자들이 서버의 정책을 확인하고 그들이 계획한 작업을 수행하는데 따르는 자신의 역할 및 접근권한을 선택할 수 있도록 설계함으로써, VO(Virtual Organization) 내의 모든 사용자들이 단일 사용자 계정으로 매핑하던 기존의 낮은 시스템 보안 레벨을 탈피하였다. PCM CCM 과정을 통하여 어떤 작업들을 어떤 사용자가 수행할 수 있으며, 어떤 우선순위를 가지는지에 대해 제한하기 위해서 서로 다른 사용자 그룹과 역할에 대한 다양한 정책을 적용하고 인증서를 발행함으로써 보다 향상된 보안레벨을 가지고 그리드 서비스를 제공할 수 있는 기반을 마련하였다.

In this paper, we propose FAS model for establishing trust based on digital certificates in Grid security framework. The existing RBAC(Role Based Access Control) model is extended to provide permissions depending on the users‘ roles. The FAS model is designed for a system independent integrated Grid security by detailing and extending the fundamental architecture of user, role, and permission. FAS decides each user’s role, allocates access right, and publishes attribute certificate. FAS is composed of three modules: RDM, PCM, and CCM. The RDM decides roles of the user during trust negotiation process and improves the existing low level Grid security in which every single user maps a single shared local name. Both PCM and CCM confirm the capability of the user based on various policies that can restrict priority of the different user groups and roles. We have analyzed the FAS strategy with the complexity of the policy graph-based strategy. In particular, we focused on the algorithm for constructing the policy graph. As a result, the total running time was significantly reduced.

키워드

참고문헌

  1. T. Ryutov et al., “Adaptive Trust Negotiation and Access Control for Grids,” In Proc. of 6th IEEE/ACM International Workshop on Grid Computing, Seattle, WA, November, 2005 https://doi.org/10.1109/GRID.2005.1542724
  2. M. Winslett et al., “Negotiating Trust on the Web,” IEEE Internet Computing Special Issue on Trust Management, pp.6(6):30–37, Nov./Dec., 2002 https://doi.org/10.1109/MIC.2002.1067734
  3. T. Yu et al., “Supporting structured credentials and sensitive policies through interoperable strategies in automated trust negotiation,” ACM Transactions on Information and System Security, pp.6(1):1–42, Feb., 2003 https://doi.org/10.1145/605434.605435
  4. M. Blaze, J. Feigenbaum and J. Lacy, “Decentralized trust management,” Proceedings of the IEEE Symposium on Research in Security and Privacy, (Oakland, CA), IEEE Computer Society, Technical Committee on Security and Privacy, IEEE Computer Society Press, pp.164-173, May, 1996
  5. T. Yu, M. Winslett and K. Seamons. Interoperable strategies in automated trust negotiation. Proc. of ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, November, 2001
  6. T. Yu, X. Ma and M. Winslett. “PRUNES: An efficient and complete strategy for trust negotiation over the Internet,” Proc. of ACM Conference on Computer and Communications Security, Athens, November, 2000
  7. GGF Security Area, Grid Security Infrastructure Working Group, http://www.gridforum.org/security/gsi/index.html, 2007
  8. Howard Chivers, “Grid Security: Problems and Potential Solutions,” Department of Computer Science, University of York, 2003
  9. D. F. Ferraiolo et. al, “A role-based access control model and reference implementation within a corporate intranet,” ACM Transactions on Information and System Security, Vol.2, pp.34-64, Feb. 1999 https://doi.org/10.1145/300830.300834
  10. R. Sandhu et. al, “The ARBAC97 model for role-based administration of roles,” ACM Transactions on Information and System Security, Vol.2, pp.105-135, Feb., 1999 https://doi.org/10.1145/300830.300839
  11. S. Osborn, “Mandatory access control and role-based access control revisited,” In Proceedings of the 2nd ACM Workshop on Role-Based Access Control (RBAC-97), (New York, NY), ACM Press, Nov., 6-7, pp.31-40, 1997 https://doi.org/10.1145/266741.266751
  12. Ian Foster et al., “Security Architecture for Open Grid Services,” GGF OGSA Security Workgroup, June, 2003
  13. H Cho, B Lee, K Lee, “A Trust Management Model for PACS-Grid,” LNCS, Computational Science and Its Applications, ICCSA, 2007 https://doi.org/10.1007/978-3-540-74477-1_98
  14. Weifeng Chen et. al, “Optimizing Cost-sensitive Trust-negotiation Protocols,” NSF Technical Report, 2004
  15. Erberich SG et al., “Globus MEDICUS - Federation of DICOM Medical Imaging Devices into Healthcare Grids. Studies in Health Technology and Informatics,” IOS Press, Vol.126, pp.269-278, 2007