Grid authorization graph

Abstract

The heterogeneous and dynamic nature of a grid environment demands a scalable authorization system. This brings out the need for a fast fine-grained access control mechanism for authorizing grid resources. Existing grid authorization systems adopt inefficient mechanisms for storing resources' security policies. This leads to a large number of repetitions in checking security rules. One of the efficient mechanisms that handle these repetitions is the Hierarchical Clustering Mechanism (HCM). HCM reduces the redundancy in checking security rules compared to the Brute Force Approach (BFA) as well as the Primitive Clustering Mechanism (PCM). Further enhancement is done to HCM to increase the scalability of the authorization process. However, HCM is not totally free of repetitions and cannot easily describe the OR-based security policies. A novel Grid Authorization Graph (GAG) is proposed to overcome HCM limitations. GAG introduces special types of edges named "Correspondence Edge"/"Discrepancy Edge" which can be used to entirely eliminate the redundancy and handle the cases where a set of security rules are mutually exclusive. Comparative studies are made in a simulated environment using the Grid Authorization Simulator (GAS) developed by the authors. It simulates the authorization process of the existing mechanisms like BFA, PCM, HCM and the proposed novel GAG. It also enables a comparative analysis to be done between these approaches. © 2013 Elsevier B.V. All rights reserved.