Tao Liu

National Defense University, Washington, Washington, D.C., United States

Are you Tao Liu?

Claim your profile

Publications (3)0 Total impact

  • [Show abstract] [Hide abstract]
    ABSTRACT: In Grid environments, virtual organizations (VOs) often need to define access control policies to govern who can use which resources for which purpose over multiple policy domains. This is challenging, not only because the entities in VOs must collaborate with each other to share resources across administrative domains, but also because there usually exist a large amount of underlying sites (resource providers) and users in VOs. In this paper, we introduce to use trust management approach to address these problems in Grid environments. We propose a rule-based policy language (RPL) framework to describe the authorization and delegation policies related to VOs, sites and users. This paper also introduces the design of an enhanced community authorization service (ECAS) based on RPL framework, which can be seamlessly integrated with local authorization mechanisms. ECAS uses different kinds of delegation policies for flexible collaboration on authorization between entities in VOs. Compared with similar research works, ECAS enhances the flexibility and scalability of decentralized authorization in Grid environments.
    Parallel and Distributed Processing and Applications - ISPA 2005 Workshops, ISPA 2005 International Workshops AEPP, ASTD, BIOS, GCIC, IADS, MASN, SGCA, and WISA, Nanjing, China, November 2-5, 2005, Proceedings; 01/2005

  • Advanced Parallel Processing Technologies, 6th InternationalWorkshop, APPT 2005, Hong Kong, China, October 27-28, 2005, Proceedings; 01/2005
  • [Show abstract] [Hide abstract]
    ABSTRACT: Trust management uses delegation to enable decentralized authorization across administrative domains. Delegation passes one’s authority over resources to trusted entities and thus enables more flexible and scalable authorization. However, unrestricted delegation may result in privilege proliferation and breach the privacy of information systems. The delegation models of existing trust management systems do not provide effective control on delegation propagation, and the correctness of constraint enforcement mechanisms is not formally analyzed, which may lead to privilege proliferation. In this paper, we propose a role-based constrained delegation model (RCDM), which restricts the propagation scope of delegation trees by a novel delegation constraint mechanism named spacial constraint. This paper also introduces a rule-based language to specify the policies and the deduction algorithm for constrained delegation defined in RCDM. The soundness and completeness properties of the deduction algorithm ensure the safety and availability of our delegation model.
    01/1970: pages 174-183;