[KSCI] Korea Science Citation Index Service

A Trust Management Model for PACS-Grid

Cho, Hyun-Sook (Department of Information and Communication Eng., Daejeon University)
Lee, Bong-Hwan (Department of Information and Communication Eng., Daejeon University)
Lee, Kyu-Won (Department of Information and Communication Eng., Daejeon University)
Lee, Hyoung (Department of Information and Communication Eng., Daejeon University)

Publication Information

Journal of information and communication convergence engineering / v.5, no.2, 2007 , pp. 144-149 More about this Journal

Abstract

Grid technologies make it possible for IT resources to be shared across organizational and security domains. The traditional identity-based access control mechanisms are unscalable and difficult to manage. Thus, we propose the FAS (Federation Agent Server) model which is composed of three modules: Certificate Conversion Module (CCM), Role Decision Module (RDM), and Authorization Decision Module (ADM). The proposed FAS model is an extended Role-Based Access Control (RBAC) model which provides resource access capabilities based on roles assigned to the users. FAS can solve the problem of assigning multiple identities to a shared local name in grid-map file and mapping the remote entity's identity to a local name manually.

Keywords

Trust Management; Grid; Security;

Citations & Related Records

Reference

1	Djordjevic, I., Dimitrakos, T., 'Towards dynamic security perimeters for virtual collaborative networks,' In: Trust Management: Second International Conference, iTrust, Oxford, UK, March 29-April 1,2004
2	Johnson, W., Mudumbai,S., and Thompson, M, 'Authorization and Attribute Certificates for Widely Distributed Access Control,' In IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, 1998
3	Matt Blaze, Joan Feigenbaum, Jack Lacy, 'Decentralized Trust Management,' In IEEE conference on Security and Privacy, Oakland, CA, May 1998
4	L. Pearlman, C. Kesselman, V.Welch, I. Foster, and S. Tuecke, 'The community authorization service: Status and future,' In Proceedings of the Conference for Computing in High Energy and Nuclear Physics, La Jolla, California, USA, Mar. 2003
5	The Globus Security Team, 'Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective,' September 12, 2005
6	http://www.acuotech.com/home.html
7	Tuecke, S., et al., 'Internet X.509 Public Key Infrastructure Proxy Certificate Pro-file', IETF, 2003
8	R. Alfieri, R. Cecchini, V. Ciaschini, L. dell' Agnello, A. Frohner, A. Gianoli, K. L'orentey, and F. Spataro, 'Voms: An authorization system for virtual organizations,' In Proceedings of the 1st European across Grids Conference, Santiago de Compostela, Feb., 2003
9	M Erdos and S Cantor, 'Shibboleth Architecture,' Internet2, October 8, 2001
10	Winsborough, W.H., Seamons, K.E., Jones, V.E., 'Automated trust negotiation,' In DARPA Information Survivability Conference and Exposition, 2000, DISCEX Proceedings, Volume 1, IEEE, pages 88-102, 2000
11	Novotny, J., S. Tuecke, and V. Welch., 'An Online Credential Repository for the Grid: MyProxy,' In High Performance Distributed Computing (HPDC), 2001
12	Foster, I., C. Kesselman, and S. Tuecke, 'The Anatomy of the Grid: Enabling Scalable Virtual Organizations,' International Journal of Supercomputer Applications, 2001
13	Hertzberg, A., Mihaeli. J., Mass,Y., Naor,D., and David, Y., 'Access Control Meets Public Key Infrastructure, Or 'Assigning Roles to Strangers,' In IEEE Symposium on Security and Privacy, Oakland, CA, 2000
14	Huang HK, Brent J, Liu, Zheng Zhou, Jorge Documet, 'A Data Grid Model for Combining Teleradiology and PACS Operations,' In Med Imag Tech, 2006
15	L Pearlman, et al., 'A Community Authorization Service for Group Collaboration,' In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002
16	Blaze, M., FEIGENBAUM, J., and KEROMYTIS, A. D. 'KeyNote: Trust Management for Public-Key Infrastructures,' In Security Protocols Workshop, Cambridge, UK, 1998
17	Sean Turner, Alfred Arsenault, 'X.509 Public Key Infrastructure,' IETF 2002