a multiple-policy supported attribute-based access control ......a multiple-policy supported...

A Multiple-Policy supported Attribute-Based Access Control Architecture within Large-scale

Device Collaboration Systems

Feng Liang State Key Laboratory of Software Development Environment,

Beihang University, Beijing 100191,China Email: [email protected]

Haoming Guo, Shengwei Yi and Shilong Ma

State Key Laboratory of Software Development Environment, Beihang University, Beijing 100191,China

Email: {guohm, yisw, slma}@nlsde.buaa.edu.cn

Abstract—In order to collaborate large numbers of heterogeneous distributed devices over multiple domains within a modern large-scale device collaboration system, a fine-grained, flexible and secure approach is required for device authentication and authorization. This paper proposed a Multiple-Policy supported Attribute-Based Access Control model and its architecture to address these demands. With eXtensible Access Control Markup Language standard, this model exceeds the traditional Attribute-Based Access Control Model by providing cross-domain authentication and authorization, hierarchical policy combination and enforcement, unified device access control and fine-grained attributes-based privilege description. Experiments show the performance of this architecture is acceptable within production environment. Index Terms—Large-scale Device Collaboration System, Hierarchical Policy Decision Point, Multiple Policies Attributed-based Access Control

I. INTRODUCTION

Represented by the "Internet of Things"[1,2], large-scale device collaboration systems have already applied into fields such as smart area management, disaster detection and analysis, intelligent resource planning, etc., where the environmental data can be obtained through the terminal devices and exchange via the open internet communication[3,4,5,6].

Large-scale device collaboration systems usually contain large numbers of heterogeneous devices and therefore need to process large scale realtime tasks and complex collaboration process. For example, the National seismological precursory network project achieved the collaborative observation of near 1000 seismological precursor devices, which come from the subdomains within 30 provinces, 300 stations in the scope of the nationwide. The landscape lighting control system of the Olympic Central Area need to process the orchestration of more than 20, 000 lightings to reach the artistic lighting and the lighting devices are controlled by different subsystems. In order to guarantee the security

of device access, authentication and authorization, the large-scale device collaboration systems need functionalities such as cross-domain authentication, dynamic authorization and universal device description. But there are currently many challenges against these goals:

• Existing coarse-grained device access mechanism. Due to their processing and storage limits, most devices usually provide a single username and password for all the actions like device parameter setting, environmental data extracting, and device monitoring, which is very coarse-grained and therefore makes it difficult to grant multiple privilege levels by device itself.

• Device heterogeneity. Because of their heterogeneity and different passwords and usernames, a complex device collaboration process needs to query for every single device username and password so as to access the device. This can be quite annoying and inconvenient.

• Multiple policies combination. Because of the different ownership of the devices, it is possible to have multiple policies with different privileges on a device, which needs to be combined.

• Performance issue. As the increase of device amount involved within a single process, the authentication and authorization process can be very time-consuming with the traditional control approaches.

All these deficits require a novel access control mechanism, which the traditional identity based access control models such as DAC (Discretionary Access Control) [7], MAC (Mandatory Access Control) [8], RBAC (Role Based Access Control) [9] are not effective because cross-domain authentication and authorization and more fine-grained policy description are required. Attribute-Based Access Control (ABAC) [10] is a more flexible and scalable access control model as it is based on the attributes from user and resources. This paper proposes an attribute-based device access control

524 JOURNAL OF NETWORKS, VOL. 7, NO. 3, MARCH 2012

© 2012 ACADEMY PUBLISHERdoi:10.4304/jnw.7.3.524-531

architecture-Multiple-Policy supported Attribute-Based Access Control (MPABAC) to guarantee the device access control. This architecture supports cross-domain authentication and authorization, hierarchical policy combination and enforcement, unified device access control and fine-grained attributes-based privilege description.

This paper is organized as follows. Section II describes related work about device access control models, frameworks, and systems. Section III demonstrates the formalized model of MPABAC. Section IV presents the MPABAC Architecture and its implementation in detail. Section V gives experiments and performance evaluations and Section VI draws the conclusion.

II. RELATED WORK

Since the early 1990s, ABAC has appeared with the development of Internet-based distributed application and new security mechanisms such as Public Key Infrastructure (PKI) [11]. In ABAC, access decisions are based on attributes of the requestor and resource, and the authentication can be delayed until necessary because no pre-knowledge of the users are not necessary by the resources. In the following, we would introduce the ABAC in terms of models and algorithms, framework and systems.

A. ABAC Models Wang et al and Lemay et al [12, 13] introduced logic programming theory for modeling attribute-based access control system and policy maintenance, therefore improving the faster policy transformation. Yuan and Tong [10] proposed the ABAC model in terms of policy model and architecture model and presented the mathematical formulation of the policy model. The paper also emphasized the importance of including environment attributes into the authentication process and discussed the benefits of using ABAC for Web Services. Shen and Hong [14] proposed an attribute-based access control model WS-ABAC to use attributes associated with subject, object and environment, and service parameters for access control measures in Web Services environment. The model exploited automated trust negotiation mechanism to address the disclosure issue of sensitive attributes. However, these works were not directly relevant to device access control.

Lang et al. [15] proposed a flexible ABAC model called ABMAC in Grid Computing. The model supported combination of multiple policies from both virtual organization level and local system level, and it also proposed a Globus Toolkit 4-based Attribute-Based Multi-policy Authorization Framework which integrate several existing PDP solutions such as SAML, GridMap and SAML. However this work did not consider the fine-grained requirements of devices.

B. ABAC Framework As one of the earliest work, Bonatti et al. [16]

proposed a uniform attribute-based access control framework and model to regulate service access and

information release in large-scale networks. With the defined access regulations, the framework supported modeling attribute certificates and reasoning about declarations and user-profiles that the server can maintain and exploit for taking the access decision. Damian et al. [17] then presented a privacy-enhanced authorization model and language containing new elements such as Subject expression, Object expression, Actions and Conditions, Purposes and Obligations to provide anonymity, pseudonymity, and therefore improving authorization. However, these works were not directly relevant to device access control.

Yu et al. [18] first realized a fine-grained attribute-based data access control framework for wireless sensor network, FDAC (Fine-grained Distributed Access Control scheme). FDAC assigned each sensor node a set of attributes and each user with an extremely expressive access structure demonstrating his access capability. With this scheme, FDAC was able to provide security assurance such as resilience to user colluding and sensor compromising attacks as well as user revocability. However, FDAC considered only data access within sensor network; device control and monitoring are not considered.

C. ABAC Systems Developed by Lawrence Berkeley National

Laboratory, Akenti [19, 20] provided a distributed policy-based authorization infrastructure for trust management. With X.509 certificates and TLS to establish authenticated secure connections, Akenti was able to use attribute certificates and delegated authorization. Akenti Policy was distributed and hierarchical, but it was not able to set dynamic access privilege limitations for a user during a session.

Developed under the European Commission PERMIS (PrivilEge and Role Management Infrastructure Standards validation) project, PERMIS [21, 22] was a standard X.509 attribute certificate-based Privilege Management Infrastructure. PERMIS was composed of Privilege Allocation subsystem and privilege verification subsystem and has it API for application. The privilege allocation subsystem was responsible of issuing X.509 role assignment attribute certificates to users and stores these in an LDAP directory. the privilege verification subsystem used the stored certificates for authenticating and authorizing the users. PERMIS was widely used in many European countries for privilege management, but still it was mainly for user-centered privilege management, but device control and monitoring were not considered.

Specified by the Internet2 middleware architecture committee, Shibboleth [23] was an attribute authority service. It authenticated users by their home sites and authorizes the user's access to the resource by the resource sites. Such separation of authorization and authentication functions eased the creation and management of federations of resource providers and users, for example, users could remain anonymous to the resource provider while accessing to resources. Shibboleth defined a protocol for transferring the

JOURNAL OF NETWORKS, VOL. 7, NO. 3, MARCH 2012 525

© 2012 ACADEMY PUBLISHER

authentication information and user attributes between the resource site and home site. However, Shibboleth's functionality was based on the simple trust relationship between the resource sites and user's home sites and therefore a more sophisticated authorization infrastructure than that provided by Shibboleth was required when considering dynamic delegation of authority and distributed management of user attributes.

Developed by The Virtual Organization Membership Service (VOMS) [24] granted authorization data to users at the VO level by providing support for group membership, roles and capabilities. However, VOMS did not address the need for dynamic, on-demand delegation or contexts information, which was essential for large-scale device collaboration system.

III. MPABAC MODEL FORMALIZATION

As current large-scale device collaboration systems usually contain multiple domains, meanwhile, different from other resources, devices require more complex access control description, so it is essential to generate fine-grained access control policies and combine multiple policies from different domains to make a decision. Therefore we propose the MPABAC Model.

In MPABAC Model, access control decisions are made from the policies among multiple domains based on the attributes of entities such as subject, device, device manager, environment and actions. These entities and their attributes are described as below.

The entities of MPABAC Model: • Subject sub. A Subject is the entity that sends the

request to the Device and invokes the actions on the Device.

• Device dev. A Device refers to a physical device, containing the attributes of that device.

• Environment env. Environment represents the required context information for making a policy decision. It contains information not related with any specific sub or dev.

• Action act. An Action is an operation provided by Device and it can be invoked by sub.

Suppose the maximum numbers of Subject, Device, Environment and Action are A, B, C, D, the maximum number of the attributes from these entities are K, L, M, N, then the sets of these entities and their attributes can be defined as follows:

SUB = {sub1, sub2, ..., suba | 1 < a < A} (1)

DEV = {dev1, dev2, ..., devb | 1 < b < B} (2)

ENV = {env1, env2, ..., envc | 1 < c < C} (3)

ACT = {act1, act2, ..., actd | 1 < d < D} (4)

SUBAttr={subAttr1, subAttr2, ..., subAttrk | 1 < k < K} (5)

DEVAttr={devAttr1, devAttr2, ..., devAttrl | 1 < l < L} (6)

ENVAttr ={envAttr1, envAttr2, ..., envAttrm | 1<m <M} (7)

ACTAttr ={actAttr1, actAttr2, ..., actAttrn | 1 <n< N} (8)

As each local domain may employ different security mechanism and therefore has its own policy description method, each policy is encapsulated as an independent atom policy to ensure the compatibility and scalability of MPABAC. The final decision is made of the combination of all these atom policies. What is more, as in some systems, the policies have different priorities for device control, so each MPABAC policies include a priority, suppose O is the maximum number of the privileges, then

PRI={level1, level2, level3, level4, ..., levelo|1≤o≤O} (9) With all the defined entities and their attributes, the

policies can be described as below: Single Policy:

Policyi = (Subi×Devi×Envi×Acti, prii), Subi ⊆ SUB, Devi ⊆ DEV, Envi ⊆ ENV, Acti ⊆ ACT, prii ∈ PRI. (10)

Policyi ← (Subi×Devi×Envi×Acti, prii)

← (fcanAccess(Subi, Devi, Envi, Acti), prii)

← (fAttricanAccess(SubAttri, DevAttri, EnvAttri, ActAttri), prii). (11)

The combine function:

Decision ← fcombine(Policy1, Policy2,…,Policyn)

← (fcombine((fAttricanAccess(SubAttr1, DevAttr1, EnvAttr1, ActAttr1), pri1), (fAttricanAccess(SubAttr2, DevAttr2, EnvAttr2, ActAttr2), pri2), (fAttricanAccess(SubAttri, DevAttri, EnvAttri, ActAttri), prii)). (12)

IV. ARCHITECTURE AND IMPLEMENTATION

A. MPABAC Architecture The expressing, managing and enforcing authorizations

for device access policies in a distributed environment require the presence of an architecture that supports distributed policy creation, evaluation and user authentication. EXtensible Access Control Markup Language (XACML) [25] defines a general policy description language and an access decision language. XACML is composed of PAP (Policy Administration Point), PDP (Policy Decision Point) and PEP (Policy Enforcement Point), PIP (Policy Information Point). PAP is the entity that is responsible for policy creation, storage and extraction, making the policies available to PDP. PDP is to issue an appropriate decision response based on the available policy from PAP and the attributes collected by PIP. PEP is the entity that grants or denies access in accordance with the policy decision from PDP. XACML is able to evaluate the access request dynamically and



authorize in accordance with the resource, user identity and environment, therefore serves as a good vehicle for attribute-based access control and fits nicely with our architecture.

Fig. 1 shows the MPABAC architecture including the XACML architecture. The Architecture can be divided into two layers, the Upper Layer and the Local Domain Layer. The Upper Layer is composed of the Authorization Engine and the MasterPDP, the Local Domain Layer is composed of Device Manager and multiple Local domains. Each domain contains its own LocalPDP, LocalPIP, LocalPAP and Local Attribute Authorities. The Authorization Engine includes a PEP and Interpreter, it is to receive the user request, Interpreter it into authorization request, trigger the authorization request and enforce the authorization. The MasterPDP is responsible for parsing the authorization request into multiple XACML authentication request. Within each

domain, the LocalPDP is to process the authentication with the LocalPAP, LocalPIP and Local Attribute Authorities. The Device Manager follows the command from Authorization Engine and generates the corresponding command script to conduct the access. Every time when the User sends an access request, an access request is submitted to the MasterPDP from the Authorization Engine. The MasterPDP then analyzes the request and generates multiple XACML authentication request and distributes them into different LocalPDPs according to the domain each request belongs to. After that, the LocalPDP makes an authentication decision based on the attributes collected from all Local Attribute Authorities and the policies generated from LocalPAP within each domain. If LocalPDPs within all related domains permit the Request, then the MasterPDP will authorize the user with proper privileges to access the device via Device Manager.

Figure 1. The MPABAC architecture

B. Hierarchical PDP Structure As the large-scale device collaboration systems usually

include more than one administrative domain, so we employ a hierarchical structure for cross-domain authentication and authorization.

In our Architecture, there are MasterPDP and LocalPDP. MasterPDP is the Upper Layer for authentication and authorization, it is to receive the authorization request from PEP and parse it into multiple XACML authentication requests according to the related domains. in the Local Domain Layer, there are the LocalPDPs, each LocalPDPs is able to use its own authentication policies, The privilege of this loosely-coupled distributed authentication structure is to support multiple policies among different domains.

C. Device-independent Device Manager There are a large number of heterogeneous devices

within large-scale device collaboration systems, furthermore, different from traditional computing

resources or web service resources, device access actions include multiple categories and parameters, for example, ParameterSet, which are the commands for setting working parameters of devices such as device time, device password, IP address and etc. DataQuery represents the commands to query data from devices, such as the temperature, water level, etc., or StateMonitor represents the commands for querying the state of devices, such as its power status, voltage status, SNTP time, etc., which makes it nearly impossible to maintain all the access commands in the Upper Layer. Because of all these complexities, we propose a device-independent Device Manager for distributed device access information management.

We define a XML-based Device Object to describe device and its access commands. As shown in Fig 2, it stores all the commands and access information such as user name and password to the device. Because of its importance, it is encrypted and only accessible to the local Device Manager. Every time when the Device



Manager receives an authorized request from the Authorization Engine, it generates the corresponding commands script from this Object and conduct the access process. As with the corresponding Device Object file,

the Device Manager is able to control that device, which allows the simple plug-in implementation when adding new devices.

Figure 2. The Device object

D. Priority Description XACML does not directly support priorities between

different policies. But in production environment, because of administrative relationships, policies from different PAPs may not be equally important, it requires priority ranking among the multiple related policies when making to a decision.

We categorize the policies into two different scopes, including the local domain scope (LocalPolicy) and the meta layer scope (MetaLayerPolicy), then different priorities are set depending on the administration strategies. For example, in more central-controlled systems, the Upper Layer scope should own higher priority than the Local Domain Layer, so as to enforce the controlling strategies, and probably each local domain should own equal priority, in federation environment where multiple domains are more independent, the meta layer and other domains should own lower priority than the local domain. As shown in Fig. 3, we set Priority as the CombinerParameter in the XACML PolicySet description so that each policy is attached with a priority.

Figure 3. Priority supported policy description in XACML

V. ARCHITECTURE AND IMPLEMENTATION

Our test environment include three machines, one is the upper layer server equipped with a Intel Core 2 Duo 2.66 CPU and 2 GB memory, other two are local domain servers with a1.66 GHz AMD processor and 1 GB RAM.

All these machines are interconnected via switched gigabit Ethernet. All three machines are running a Debian Linux with 2.6.18 Kernel, with Sun JDK 1.6 as the Java platform. The configuration of our test environment is shown in Fig. 4.

Figure 4. Test environment configuration

A. Authentication Duration Test The efficiency of our implementation depends largely

on the timespan of the authentication process. According to our algorithm design, the authentication process are influenced by both the number of resource and the number of policy, what is more, it takes different time to generate command scripts for different actions ( ParameterSet, DataQuery and StateMonitor), therefore we conducted several experiments to test the duration of authentication process with all these three factors included.

As is shown in Fig. 5 - Fig. 8, with the one resource and different number of policies (in this test we take 30 policies), every action needs a relative smaller duration (the mean value at around 120 ms), and the number of the policies does not give very obvious influence. The same rule stands for multiple resources (in this test we take 200 resources) with different number of policies (mean value at around 530 ms). However, there is an large increase in both mean time and the standard deviation, for example, compared with the ParameterSet action in Figure c) , the same action in Figure a) has an increase of 410 ms in the duration mean value and an increase of 965 ms in the



standard deviation. So it is clear that the time spent for authentication process lasts longer when there are more resources involved.

Figure 5. The duration test in multiple resources with multiple policies

Figure 6. The duration test in one resource with multiple policies

Figure 7. The duration test in multiple resources with one policy

Figure 8. The duration test in one resource with one policy

B. Authentication Duration Test From the above test, we conclude the number of

resources has the most obvious impact on authentication duration, therefore we also conducted the scalability test,

to test the authentication duration time with different number of resources.

In Fig. 9, we analyze the correlation between the number of resources and the duration time. Obviously the duration time increases with the number of resources. When the number of resources is under 4000, the duration time is under 1 second and increases quite slowly, but after 4000, the duration time increases very quickly. As most of the large-scale device collaboration systems have around 5000 devices, this reflects that our results are acceptable in production environment.

Figure 9. The duration test under different number of resources

VI. ARCHITECTURE AND IMPLEMENTATION

Fine-grained authentication and authorization in large-scale multi-domain device collaboration systems are important security issues. While the traditional MAC, DAC and RBAC models are not sufficient for this, ABAC can be a promising approach. In this paper we proposed MPABAC architecture to realize this by supporting prioritized hierarchical policies combination and enforcement among multiple domains, unified device access control and fine-grained attributes-based privilege description.

Our experiments demonstrate that the overhead exposed by our system is acceptable and that the system scales under load. The duration time of the authentication process depend on the number of resources in the system. Our experiments show that the duration lasts less than 1 second and scales quite well when the device number is under 4000.

In the future, we will investigate more algorithms for policy combination and perform experimental assessments when applying it on real large-scale device collaboration system scenarios.

ACKNOWLEDGMENT

This research work was supported by both the self-conducted exploratory research program "Green Lighting in Internet of Things " from State Key Laboratory for Software Development Environment in China (NO.SKLSDE-2010ZX-06) and the Special Program for Seism-Scientific Research in Public Interest "Research in Online Processing Technologies for Seismological Precursory Network Dynamic Monitoring and Products" (NO. 201008002)



REFERENCES [1] Lu Yan, Yan Zhang, Laurence T. Yang, Huansheng Ning:

“The Internet of Things: From RFID to the Next-Generation Pervasive Networked Systems” Wireless Networks and Mobile Communications. Auerbach Publications, 2008, pp.35-42

[2] Hakima Chaouchi. “The Internet of Things: Connecting Objects”, Wiley-ISTE, 2010

[3] Hu, W.; Bulusu, N.; Chou, C. T.; Jha, S.; Taylor, A. & Tran, V. N. “Design and evaluation of a hybrid sensor network for cane toad monitoring”. ACM Trans. Sen. Netw., ACM, 2009, 5, pp.1-28

[4] Du Boulay D. J.,Chee C.,Chiu K., et al. “Remote instrument control with CIMA web services and web 2.0 technology”. iJOE, vol. 4, 2008. p.5

[5] Gridcc Project report[EB/OL], http://www.gridcc.org /documents/GRIDCC-WP8-D8_3-20080201-06-INF_Final _ Report. pdf, 2009-06-10

[6] A. Luckow, B. Schnor. Migol: “A Fault-tolerant Service Framework for Mpi Applications in the Grid”. Future Generation Computer Systems – The International Journal of Grid Computing, vol. 24, 2008, pp.142-152.

[7] Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, and John F. Farrell. “The inevitability of failure: The flawed assumption of security in modern computing environments”. In In Proceedings of the 21st National Information Systems Security Conference, pp.303-314, 1998.

[8] Peter A. Loscocco and Stephen D. Smalley. “Meeting critical security objectives with securityenhanced linux”. In Proceedings of the 2001 Ottawa Linux Symposium, July 2001.

[9] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. “Role-based access control models”. Computer, vol.29, pp.38-47, 1996. doi:10.1109 /2.485845

[10] Eric Yuan and Jin Tong. “Attributed based access control (ABAC) for web services”. In Proceedings of the IEEE International Conference on Web Services, ICWS '05, IEEE Computer Society, pp.561-569, Washington, DC, USA, 2005. doi:10.1109/ICWS.2005.25

[11] ITU-T. ITU-T Recommendation X.509 - ISO/IEC 9594-8: “Information Technology and Open Systems Interconnection and The Directory: Public-Key and Attribute Certificate Frameworks”. Technical report, ITU-T, 2000.http://www.infosecurity.org.cn/content/pki_pmi /x509v4.pdf.

[12] Lingyu Wang, Duminda Wijesekera, and Sushil Jajodia. “A logic-based framework for attribute based access control”. In Proceedings of the 2004 ACM workshop on Formal methods in security engineering, FMSE '04, pp.45-55, New York, NY, USA, 2004. doi:10.1145/1029133.1029140

[13] Michael LeMay, Omid Fatemieh, and Carl A. Gunter. “Policymorph: interactive policy transformations for a logical attribute-based access control framework”. In Proceedings of the 12th ACM symposium on Access control models and technologies, SACMAT '07, pp.205-214, New York, NY, USA, 2007. ACM. doi:10.1145/ 1266840.1266874

[14] Hai-bo Shen and Fan Hong. “An attribute-based access control model for web services”. In Proceedings of the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT '06, Washington, DC, USA, 2006. IEEE Computer Society, pp.74-79, doi:10.1007/978-3-642-03095-6_65

[15] Bo Lang, Ian T. Foster, Frank Siebenlist, Rachana Ananthakrishnan, and Timothy Freeman. “A flexible attribute based access control method for grid computing”. Journal of Grid Computing, vol 7, pp.169-180, 2009. doi: 10.1007/s10723-008-9112-1

[16] Piero A. Bonatti and Pierangela Samarati. “A uniform framework for regulating service access and information release on the web”. Journal of Computer Security, vol 10, pp.241-271, September 2002.

[17] E. Damiani, S.D.C. di Vimercati, and P. Samarati. “New paradigms for access control in open environments. In Signal Processing and Information Technology”, 2005. Proceedings of the Fifth IEEE International Symposium, pp. 540-545, December 2005.

[18] Shucheng Yu, Kui Ren, and Wenjing Lou. Fdac: “FDAC:Toward fine-grained distributed data access control in wireless sensor networks”. IEEE Transactions on Parallel and Distributed Systems, vol 99(in press), 2010.doi:10.1109/TPDS.2010.130

[19] Mary Thompson, William Johnston, Srilekha Mudumbai, Gary Hoo, Keith Jackson, and Abdelilah Essiari. “Certificate-based access control for widely distributed resources”. In Proceedings of the 8th conference on USENIX Security Symposium, vol 8, Berkeley, CA, USA, 1999. USENIX Association, pp.17-18.

[20] Mary R. Thompson, Abdelilah Essiari, and Srilekha Mudumbai. “Certificate-based authorization policy in a pki environment”. ACM Transaction of Informaiton System and Security, vol 6, pp.566-588, November 2003. doi:10.1145/950191.950196

[21] David W. Chadwick and Alexander Otenko. “The permis x.509 role based privilege management infrastructure”. In Proceedings of the seventh ACM symposium on Access control models and technologies, SACMAT '02. ACM. pp. 135-140, New York, NY, USA, 2002. doi:10.1145 /507711.507732

[22] D. Chadwick, A. Otenko, and E. Ball. “Role-based access control with x.509 attribute certificates”. Internet Computing, IEEE, vol 7. pp.62 - 69, 2003. doi:10.110 9/MIC.2003.1189190

[23] Tom Scavo, Scott Cantor, and Nathan Dors. “Shibboleth architecture: Technical overview”. Technical report, Shibboleth Development Group, June 2005. http://shibboleth.internet2.edu/docs/draft-mace-shibboleth-tech-overview-latest.pdf.

[24] R. Alfieri, R. Cecchini, V. Ciaschini, L. dell'Agnello,.A. Frohner, A. Gianoli, K. Lorentey, and F. Spataro. “Voms, an authorization system for virtual organizations”. In Francisco Fernandez Rivera,Marian Bubak, Andres Gomez Tato, and Ramon Doallo, editors, Grid Computing, Lecture Notes in Computer Science, Springer Berlin / Heidelberg. vol 2970. pp.33-40., 2004.

[25] Tim Moses. “eXtensible Access Control Markup Language (XACML) Version 2.0”. Technical report, OASIS, Febuary 2005. http://docs.oasis-open.org/xacml/2.0/access_control- xacml-2.0-core-spec-os.pdf.

Feng Liang born in Hubei, China on

March 13rd, 1985, received his bachelor’s degree in computer science and technology in Central South University in Hunan China in the year of 2006, and currently is a Ph. D student majoring in computer software and theory in National Laboratory of Software Development and



Environment, Beihang University Beijing China. His research interests include grid computing and cloud computing, he has worked on Migol Grid Project from 2007-2009 in Potsdam University, Germany as an academic visiting student.

Shengwei Yi, was born in Henan province, China, on March, 1977. He received the Master degree in computer application technology from Liaoning University of Petroleum and Chemical in 2005. He is a PhD candidate in computer software and theory in the school of computer science and engineering at Beihang University now. He was an engineer in China Railway Shanhaiguan Bridge Group CO., LTD.

from 1999-2002. He was an Assistant General Manager of The 2008 department in Capital Information Development Co., LTD. in 2008. He has published several papers in the international academic journal and international conference. His research interests include cluster computing, grid computing, cloud computing, web engineering and data mining.

Mr. Yi is a student membership of Chinese Association for Artificial Intelligence. He is a reviewer of 2011 International Conference of Information Technology, Computer Engineering and Management Sciences (ICM2011), 2011 International Conference on Network Engineering and Computer Science (ICNECS2011) and 2011 International Conference on Electronics and Optoelectronics (ICEOE2011).

Haomin Guo Postdoctor Member in National Laboratory for Software Development and Environment, Beihang University with the research interests in DataGrid and Internet of Things.

Shilong Ma Ph.D. professor, doctoral supervisor, standing deputy director of the National Key Lab for Software Development Environment of the school of computer science and engineering in Beihang University, member of the 10th expert appraisal panel under Department of Information Science of the National Natural Science Foundation Committee,

member of executive Committee of Asian Software Foundamental Federation, standing director of China Artificial Intelligence Society. He has undertaken many projects from 973 Program,863 Program, and National Natural Science Foundation.



a multiple-policy supported attribute-based access control ......a multiple-policy supported...

Documents