Adaptive trust negotiation and access control for grids

Abstract

Access control in computational grids is typically provided by a combination of identity certificates and local accounts. This approach does not scale as the number of users and resources increase. Moreover, identity-based access control is not sufficient because users and resources may reside in different security domains and may not have pre-existing knowledge about one another. Trust negotiation is well-suited for grid computing because it allows participants to establish mutual trust based on attributes other than identity. The adaptive trust negotiation and access control (ATNAC) framework addresses the problem of access control in open systems by protecting itself from adversaries who may want to misuse, exhaust or deny service to resources. ATNAC is based on the GAA-API, which provides adaptive access control capturing dynamically changing system security requirements. The GAA-API utilizes TrustBuilder to establish a sufficient level of trust between the negotiating participants, based on the sensitivity of the access request and a suspicion level associated with the requester. A federated security context allows Grid participants to communicate their security appraisal and make judgments based on collective wisdom and the level of trust among them. We plan to apply ATNAC techniques to negotiation agreements in virtual organizations and P2P environments.