Invited Speakers

Title

A Model for Usage Control in GRID Systems

Abstract

The usage control model (UCON) is a new access control paradigm proposed by Park and Sandhu that encompasses and extends different existing models. Its main novelty, in addition to the unification view, is based on continuity of usage monitoring and mutability of attributes. We identified this model as a perfect one for managing access/usage control in GRID systems due to their peculiarities.

Here we extend and systematize our previous work on usage control to develop a full model for usage control in GRID We use as policy specification language a process description language and show how this is suitable to model the usage policy models of the original UCON model.

Short Biography

Fabio Martinelli is a senior researcher of the National Research Council of Italy (CNR). His main research interests involve security in distributed/mobile/GRID systems and formal methods. He usually serves as referee/PC member/PC chair/organizer in several international conferences/workshops. In particular, He is the initiator of the International Workshop on Formal Aspects in Security and Trust (FAST).

He is the chairman of the WG in security and trust management (STM) of the European Research Consortium in Informatics and Mathematics (ERCIM). He is a scientific director of the international research school on Foundations of Security Analysis and Design (FOSAD). He usually manages R&D projects on information and communication security; in particular, He is currently involved in the following EU-funded projects: BioNets, GridTrust, S3MS, SENSORIA.

Title

Aggregation of Attributes from Different Authorities

Abstract

The model for grid authorisation is now reasonably well established. Attribute Authorities (or Identity Providers) assign attributes to users, and policy decision points (PDPs) at the resource sites make access control decisions based on the user's attributes. Well known examples of AAs/IdPs are VOMS, CAS and Shibboleth, and well known examples of PDPs are XACML, PERMIS, Akenti, and LCAS. However, existing solutions are not capable of receiving attributes from multiple IdPs when the user is known by different identities at each IdP. Projects such as GridShib at Globus are making limited progress, but only in an IdP and middleware dependent way. This talk will describe the Shintau project, whose purpose is to define and build an application and middleware independent set of tools that will allow users to aggregate their attributes from multiple authorities, in a privacy preserving manner.

Short Biography

David Chadwick is Professor of Information Systems Security at the University of Kent. He is the leader of the Information Systems Security Research Group and a member of IEEE and ACM. He has published widely, with over 80 publications in international journals, conferences and workshops, including 3 books and 10 book chapters (see http://www.cs.kent.ac.uk/people/staff/dwc8/pubs.html).

He specialises in Public Key Infrastructures, Privilege Management Infrastructures, Trust Management, Privacy Management and Internet Security research in general. Current research topics include: attribute aggregation, policy based authorisation, grid security, the management of trust, the delegation of authority and autonomic security. He actively participates in standardisation activities, is the UK BSI representative to X.509 standards meetings, the chair of the Open Grid Forum OGSA Authorisation Working Group, and the author of a number of Internet Drafts, RFCs and OGF documents.

His group are the creators of PERMIS (www.openpermis.org), an open source X.509 and SAML based authorisation infrastructure. PERMIS is part of the US NMI software suite, and is integrated with Globus Toolkit (version 3.3 onwards), Shibboleth and Apache.