Article Preview
Top1. Introduction
Grid computing paradigm is gaining more importance in this era of internet technology (Foster, I., 2002). Creating a grid computing environment involves sharing resources of different natures in a coordinated manner. In addition, this technology allows for collaboration and sharing of computing and storage units to provide the needs that an organization is not able to offer. Shared resources as well as grid users often belong to different administrative domains and are geographically distributed, which makes it difficult to manage the security of such systems.
One of the most challenging security problems that the grid community must handle recently is how to prevent the unauthorized or illegal access to grid resources (Konoplev, A.S., & Kalinin, M. O., 2015). Access control mechanisms are highly important in facing this dilemma, because by ensuring that only legitimate users can access the resources, the system security would be guaranteed. An access control process can be divided into two steps according to the survey presented in [Namane, S. & Goualmi, N., 2019]. The authors conducted a comparative study between the recent works on access control process in grid computing environment. They found that a large part of authorization researches have focused on the first step of the process that tries to find the most efficient manner to represent resources security policies. On the other hand, they found that the second group of works concentrate on how to ensure an effective and fine-grained access control process using an efficient security policy representation mechanism. Furthermore, the security rule representation mechanism must be able to express any type of security policy required in a real system.
Several studies (Kaiiali, M., Wankara, R., Rao, C.R., Agarwal, A., 2013) were focalized on how to efficiently represent security policies in order to avoid repetition in their checking. The Organization for the Advancement of Structured Information Standards (OASIS) community proposed the eXtensible Access Control Markup Language (XACML) standard (Rissanen, E., 2013) that describes both an access control policy language implemented in an XML file and a processing model that defines how to evaluate authorization requests according to the rules defined in policies. The eXtensible Access Control Markup Language (XACML) is an expressive language because it allows for expressing any security policy that can be written in a natural language, thus it is modular and effective. However, its complex structure makes it difficult to comprehend and users find it complicated. Imposing the XACML complexity on users is a difficult problem to manage. Therefore, it is necessary to propose a new technique to represent and store the security policies.
The term Security Table (ST) was used as a point of start to represent these policies, but authors seldom look at the way in which they transform an XML security policy file to a security table. They define Security Tables (ST) as a representation table of all resources security policies, where the security rules are considered as attributes and the resources are considered as objects, with table entries of (i, j)th cell as 1 if the jth security rule is an element of the security policy of the ith resource (Kaiiali, M., Wankara, R., Rao, C.R., Agarwal, A., & Buyya R., 2013). The use of security tables principle allowed the authors to improve the access control process. The chief aim that they tried to achieve is how to reduce the complexity of checking a great number of security rules and to eliminate the redundancy.
The security table was used as input to other tools, such as: the Hierarchical Clustering Mechanism “HCM” (Kaiiali M. ; Wankar R. ; Rao C.R. & Agarwal A., (2010)b ; Kaiiali M. ; Wankar R. ; Rao C.R. & Agarwal A., (2010)c; Kaiiali M. ; Wankar R. ; Rao C.R. & Agarwal A., (2012); Kaiiali, M., Wankara, R., Rao, C.R., Agarwal, A., 2013), Primitive Clustering Mechanism “PCM” (Kaiiali M. ; Wankar R. ; Rao C.R. & Agarwal A., (2010); Kaiiali, M., Wankara, R., Rao, C.R., Agarwal, A., & Buyya R., 2013), Grid Authorization Graph “GAG” (Kaiiali, M., Wankara, R., Rao, C.R., Agarwal, A., & Buyya R., 2013) and Weighted Grid Authorization Graph “WGAG” (Namane, S., Kaiiali, M., & Goualmi, N., 2017) to have a graphic representation of security policies.
In (Kaiiali, M., Wankara, R., Rao, C.R., Agarwal, A., 2013), the authors spoke about using sax parser (Pan, Y., Zhang, Y., & Chiu, K., 2008) to extract the security rules for the security table creation. Sax parser is faster and uses a less of memory to parse an XML file, it is recommended in a dynamic environment such as grid computing.