A Trust Management Model for PACS-Grid

  • Cho, Hyun-Sook (Department of Information and Communication Eng., Daejeon University) ;
  • Lee, Bong-Hwan (Department of Information and Communication Eng., Daejeon University) ;
  • Lee, Kyu-Won (Department of Information and Communication Eng., Daejeon University) ;
  • Lee, Hyoung (Department of Information and Communication Eng., Daejeon University)
  • Published : 2007.06.30

Abstract

Grid technologies make it possible for IT resources to be shared across organizational and security domains. The traditional identity-based access control mechanisms are unscalable and difficult to manage. Thus, we propose the FAS (Federation Agent Server) model which is composed of three modules: Certificate Conversion Module (CCM), Role Decision Module (RDM), and Authorization Decision Module (ADM). The proposed FAS model is an extended Role-Based Access Control (RBAC) model which provides resource access capabilities based on roles assigned to the users. FAS can solve the problem of assigning multiple identities to a shared local name in grid-map file and mapping the remote entity's identity to a local name manually.

Keywords

References

  1. Djordjevic, I., Dimitrakos, T., 'Towards dynamic security perimeters for virtual collaborative networks,' In: Trust Management: Second International Conference, iTrust, Oxford, UK, March 29-April 1,2004
  2. Winsborough, W.H., Seamons, K.E., Jones, V.E., 'Automated trust negotiation,' In DARPA Information Survivability Conference and Exposition, 2000, DISCEX Proceedings, Volume 1, IEEE, pages 88-102, 2000
  3. Tuecke, S., et al., 'Internet X.509 Public Key Infrastructure Proxy Certificate Pro-file', IETF, 2003
  4. Sean Turner, Alfred Arsenault, 'X.509 Public Key Infrastructure,' IETF 2002
  5. Hertzberg, A., Mihaeli. J., Mass,Y., Naor,D., and David, Y., 'Access Control Meets Public Key Infrastructure, Or 'Assigning Roles to Strangers,' In IEEE Symposium on Security and Privacy, Oakland, CA, 2000
  6. Johnson, W., Mudumbai,S., and Thompson, M, 'Authorization and Attribute Certificates for Widely Distributed Access Control,' In IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, 1998
  7. Blaze, M., FEIGENBAUM, J., and KEROMYTIS, A. D. 'KeyNote: Trust Management for Public-Key Infrastructures,' In Security Protocols Workshop, Cambridge, UK, 1998
  8. Matt Blaze, Joan Feigenbaum, Jack Lacy, 'Decentralized Trust Management,' In IEEE conference on Security and Privacy, Oakland, CA, May 1998
  9. http://www.acuotech.com/home.html
  10. Huang HK, Brent J, Liu, Zheng Zhou, Jorge Documet, 'A Data Grid Model for Combining Teleradiology and PACS Operations,' In Med Imag Tech, 2006
  11. Foster, I., C. Kesselman, and S. Tuecke, 'The Anatomy of the Grid: Enabling Scalable Virtual Organizations,' International Journal of Supercomputer Applications, 2001
  12. The Globus Security Team, 'Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective,' September 12, 2005
  13. L. Pearlman, C. Kesselman, V.Welch, I. Foster, and S. Tuecke, 'The community authorization service: Status and future,' In Proceedings of the Conference for Computing in High Energy and Nuclear Physics, La Jolla, California, USA, Mar. 2003
  14. L Pearlman, et al., 'A Community Authorization Service for Group Collaboration,' In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002
  15. M Erdos and S Cantor, 'Shibboleth Architecture,' Internet2, October 8, 2001
  16. R. Alfieri, R. Cecchini, V. Ciaschini, L. dell' Agnello, A. Frohner, A. Gianoli, K. L'orentey, and F. Spataro, 'Voms: An authorization system for virtual organizations,' In Proceedings of the 1st European across Grids Conference, Santiago de Compostela, Feb., 2003
  17. Novotny, J., S. Tuecke, and V. Welch., 'An Online Credential Repository for the Grid: MyProxy,' In High Performance Distributed Computing (HPDC), 2001