RB-GDM: A Role-Based Grid Delegation Model

Page 1

G Geethakumari, Atul Negi and V N Sastry
International Journal of Computer Science and Security, Volume (2) : Issue (1) 61
RB-GDM: A Role-Based Grid Delegation Model

G Geethakumari geethamaruvada@gmail.com
Research Scholar,DCIS
University of Hyderabad
Hyderabad, 500046, India

Dr Atul Negi atulcs@uohyd.ernet.in
Reader, DCIS
University of Hyderabad
Hyderabad, 500046, India


Dr V N Sastry
Assoc. Professor
IDRBT, Hyderabad
Hyderabad, 500057, India
vnsastry@idrbt.ac.in

Abstract

Grid delegation is the procedure by which a valid user endows another user or a
program or service with the ability to act on that user’s behalf. Delegation is the
primary form of authorization in grids. The large and geographically distributed,
dynamic, heterogeneous and scalable grid environment poses unique delegation
requirements. Presently there are no standard mechanisms to guide grid
delegation. As credential delegation has its own limitations in a dynamic grid
environment, a new conceptual model is required to effectively formulate the grid
delegation requirements. In this paper, we present a framework called Role-
Based Grid Delegation Model (RB-GDM) for delegating access rights in grids.
The basic unit of delegation in our model is role. Derived from the standard
RBAC formalisms, this framework explores various approaches for authorization
and revocation of delegation.

Keywords: Delegation; access control; authorization; grid computing systems; role based access control


1. INTRODUCTION
Delegation is an important aspect of grid security. In general, delegation is defined as the act
whereby an active entity in a system authorizes (delegates) its authority to another entity to
execute some functions on its behalf [7]. Delegation in computing systems can take many forms:
human to human, human to machine, machine to machine and even machine to human [3]. The
consequence of delegation is propagation of access rights. Propagation of access rights in a
decentralized collaborative system like the grid presents difficult challenges for traditional access
control mechanisms and models.

A delegation activity in a grid environment needs to be monitored and controlled in such a
manner so that the resource inside the domain can stay protected [3]. Though various forms of
delegation are possible, the most common delegation activities in present day grids are user to
user delegation and user to machine delegation. Most of the resource access in grids takes place

Page 2

G Geethakumari, Atul Negi and V N Sastry
International Journal of Computer Science and Security, Volume (2) : Issue (1) 62
through remote authorization and is achieved by user to machine/process delegation. User to
machine delegation is the mechanism whereby a user in a distributed environment authorizes a
system to access remote resources on his behalf [3]. In some cases the user may delegate the
rights to one of the several permissible roles or identities; in order to limit the actions of the
process to some subset that user is authorized to. This form of delegation is generally referred to
as limited or restricted delegation.

The support of roles is crucial in an open computing environment like the grids, where not all
individuals may be registered at a service and requests may arrive from previously unknown
parties. In such a context, the ability to invoke a service often depends on the capacity in which a
user can operate rather than on who the user actually is. This capacity is characterized as a role.
The concept of roles is different from that of groups in the sense that unlike groups, roles carry a
dynamic behavior and can be activated and deactivated by users and service providers arbitrarily
as required and roles activation is enabled by attaching credentials with a request. Though
current grid systems support delegation through impersonation (by issuing a proxy certificate), the
revocation of delegation tracing and multi step delegation still remain as the major challenges.

We propose a grid delegation approach built on Role Based Access Control (RBAC) [8]. RBAC
has been accepted in the access control design and architecture of security in enterprises as an
alternative to traditional discretionary and mandatory access control models. RBAC is designed to
suit large-scale enterprise-wide systems and works on the notion that permissions are associated
with roles. The users are assigned to appropriate roles and users acquire permissions by being
members of roles. Roles can be granted new permissions and permissions can be easily revoked
from roles as and when needed. Thus RBAC provides a way to empower individual users and
service providers through role-based delegation in a fully distributed environment like grids.

The rest of the paper is organized as follows. In section 2, we present the motivation for our work.
In section 3, we propose the role-based delegation framework for delegation and revocation in
grids. The different topologies and representation of the components of RB-GDM is discussed in
section 4. Section 5 summarizes our work and provides conclusion and future work.

2. MOTIVATION
The core theme behind delegation is that of delegating rights, obligations, privileges and
authority. The basic idea of role-based delegation is that users themselves may delegate role
authorities (rights) to others to carry out some functions authorized to the former. Though there
has been considerable work on various aspects of delegation [10], they cannot meet the grid
authorization requirements in the present form. We present a delegation model for Grid resource
access based upon roles through which only the rights assigned to roles can be delegated,
thereby making it fine-grained. The major contribution of our paper is that unlike the existing
identity-based approaches, this framework treats grid delegation as an authorization problem.

3. GRID DELEGATION FRAMEWORK
In this section, we propose a Grid delegation model called RB-GDM. This model is aimed at
supporting role-based delegation and revocation. Our work is built upon the following reference
models: RBAC96 model [8], the RBDM0 model [11], RDM2000- A Rule-Based Framework for
Role-Based Delegation and Revocation [7], and RB-GACA: A RBAC Based Grid Access Control
Architecture [9].

Page 3

G Geethakumari, Atul Negi and V N Sastry
International Journal of Computer Science and Security, Volume (2) : Issue (1) 63
3.1
The Role Based Access Control Model (RBAC) [8] has the following basic elements: users U,
roles R and permissions P. Individual users are assigned roles and roles are assigned certain
permissions. According to this model, a user is a human being; a role is a job function indicative
of the responsibility and permission indicates the approval to execute some method or perform
some action. We generalize the term user to make it represent an individual, an intelligent
autonomous agent, or a machine in the Grid environment. We consider the end user of a Grid
resource as the basic user or original user. There are two sets of users associated with a role r :
as given in [7].

• Original users are those users who are assigned to the role r
• Delegated users are those users who are delegated to the role r

Each constituent local domain of the grid virtual domain may have its own role hierarchies. A role
hierarchy is a structure reflecting an organization’s lines of authority and responsibility and is
represented using a partial ordering operator ≥. For example, if role1≥role2, then role1 inherits
permissions of role2. Though role hierarchies in different local domains vary in their semantics
level, they are required to enforce the principle of least privilege. The fundamental components of
RBAC and RBDM0 which form the basis for our model are depicted in Table 1 and Table 2
respectively.

Basic Elements from Reference Models

TABLE 1: RBAC Components



TABLE 2: RBDM0 Components

Page 4

G Geethakumari, Atul Negi and V N Sastry
International Journal of Computer Science and Security, Volume (2) : Issue (1) 64


3.2
The delegation model RBDM0 suggests only user-to-user delegation, which is the simplest form
of delegation. Our model is Grid specific. As mentioned in 3.1, the end-user is considered as the
basic user. The end-users are geographically distributed, can be dynamic and can get
disconnected from the virtual organization (VO) [4], after the submission of a job. Hence end-
user-to-end-user delegation is insufficient and inappropriate in Grids. We need to look at other
forms of delegation namely user-to-machine, machine-to-machine, user-to process etc. The basic
idea of delegation is who is granting or revoking what to whom. Thus the entities in delegation are
the grantor, the grantee and the rights, which are granted. To suit the requirements of Grid
environment and to distinguish delegation from direct authorization, we call the grantor of
delegation as a delegator, the grantee as delegatee and the rights that are granted through the
roles as delegated rights.

There are basically two categories of Grid roles: flat roles and hierarchical roles. For flat roles, no
inheritance of permissions between roles is involved. Roles can be delegable or non-delegable.
Delegable roles are those roles, a subset of which can further be delegated where as with non-
delegable roles, further delegation is not possible. The first challenge in framing a Grid delegation
model is to identify various roles in a Grid environment. The subject or active entity in a Grid
transaction can be a user (we mean an individual), a process or a machine. Among users, there
can be administrators (who possess all the administrative and super user privileges like a domain
administrator), basic users (who can submit large scale jobs, access resources etc), developers
(whose main objective is to handle the programming and middleware aspects) or guest users [9]
(who can only browse the information or submit very small scale jobs).

The components that constitute a Grid delegation mechanism include the delegator, the
delegatee, the delegated rights and the associated constraints. We make the following design
criteria in RB-GDM.

• A role is considered to be the basic unit of delegation and is a job function.
• The term user in our model represents an end-user, a process or a machine in the
broader perspective.
• Delegation between entities in the same role is not allowed since the same roles will have
same permissions [3].
• Both single step delegation and multi-step delegation are permissible.
• Delegation can be granted in total or can be partial.
• Each delegating role r has two types of members namely the original members O(r) and
delegated members D(r)i.
• Grid users can be a domain administrator, an advanced user, a basic user or a guest
user.

Before we build a model, it is essential to define the components which can constitute our model.
Therefore we present definitions 1-4 (Table 3, Table 4, Table 5 and Table 6 respectively) of RB-
GDM. In Table 3, the basic components like grid domain, users, roles, permissions and the user-
role, role-permission assignments which are required to build the Role-Based Grid Delegation
Model (RB-GDM) are defined. Table 4 defines how the access rights can be delegated through
authorization. Table 5 gives definitions for different role permissions like delegable and non-
delegable. Table 6 defines what “revocation of delegation” means. Once the components of the
model have been defined, we need to arrive at a way in which these components are associated
as well as how do they interact to form a delegation mechanism. We achieve this by proposing
algorithms for authorization and revocation of delegation. Algorithm 1 gives the method for
authorization of delegation as per Definition 2. Algorithm 2, 3 and 4 show the methods for
revoking the delegated rights by various means such as grant-dependent, grant-independent or
Role Based Delegation

Page 5

G Geethakumari, Atul Negi and V N Sastry
International Journal of Computer Science and Security, Volume (2) : Issue (1) 65
by time-out as per Definition 4 respectively. Each algorithm has been explained by including the
comments as well as examples.



TABLE 3: Definition 1 RB-GDM Components



TABLE 4: Definition 2 RB-GDM Authorization of Delegation