On Usage Control for GRID Services

ABSTRACT In recent years, usage control has been proposed as a novel authorization solution for open, heterogeneous, distributed computer environments. Grid is a such environment providing services for seamless sharing and usage of heterogeneous computational resources. Researches have shown that usage control is a viable solution for authorization in Grid. Unfortunately, the implementation of continues usage control for Grid services is not widely presented. In this paper, we present a usage control model and focus on continuous control over Grid services. If a security policy is violated during a service execution, the service should be blocked or terminated. Our approach presents different levels of granularity and enforces coarse and finegrained usage control on generic and computational Grid services. Furthermore, we present an implementation of our prototype based on POLPA policy language and its reasoning authorization engine integrated into Grid services runtime component of Globus Toolkit. Our prototype is facilitated through implementation of service interfaces compliant with OGSA standard and can be easily plugged-in to existing Globus authorization infrastructure.