Task-and-role-based access-control model for computational grid

作     者：龙涛 

作者机构：College of Computer Science Huazhong University of Science and Technology 

出 版 物：《Journal of Chongqing University》 (重庆大学学报（英文版）)

年 卷 期：2007年第6卷第4期

页      面：249-255页

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：Funded by the Natural Science Foundation of China under Grant Nos. 60503040 and 60403027 

主　　题：computational grid task-and-role-based access control grid security role assignment 

摘      要：Access control in a grid environment is a challenging issue because the heterogeneous nature and independent administration of geographically dispersed resources in grid require access control to use fine-grained policies. We established a task-and-role-based access-control model for computational grid (CG-TRBAC model), integrating the concepts of role-based access control (RBAC) and task-based access control (TBAC). In this model, condition restrictions are defined and concepts specifically tailored to Workflow Management System are simplified or omitted so that role assignment and security administration fit computational grid better than traditional models; permissions are mutable with the task status and system variables, and can be dynamically controlled. The CG-TRBAC model is proved flexible and extendible. It can implement different control policies. It embodies the security principle of least privilege and executes active dynamic authorization. A task attribute can be extended to satisfy different requirements in a real grid system.