A federated usage control framework with ontology-based policy and elimination of irrelevant rules set algorithm for grid computing authorization

• 第一著者: Maizura, Ibrahim
• フォーマット: 学位論文
• 言語: 英語
• 出版事項: 2019
• 主題: Mathematical optimization; Algorithms; Computational grids (Computer systems)
• オンライン･アクセス: http://psasir.upm.edu.my/id/eprint/90345/1/FSKTM%202020%208%20ir.pdf

This research explores the problem of providing a fine-grained authorization while maintaining the performance of authorization in grid computing. A high-level granularity access control model needs to be applied to achieve a fine-grained authorization. However, the high-level granularity access control caused high complexity and increased the number of rules that must be checked during the authorization process, which degrade the overall authorization performance. The impact of this problem becomes worst in a grid computing environment due to a large number of users and resource pools in the grid virtual organization (VO). This thesis aims at providing solutions to the problem by introducing an authorization framework, namely the Federated Grid Usage Control (FGUC) with a new ontology-based policy model, namely, the UCON based Access Control Ontology (UBACO), and a new grid authorization algorithm, namely, the Elimination of the Irrelevant Authorization Rules Set (EIARS). UBACO is created with the aim to reduce the comprehensive complexity of the high-level granularity policy model, and EIARS is developed with the aim to reduce the number of checked rules during the authorization process. The quality of UBACO is validated by five human experts, and its comprehensive complexity is measured. Meanwhile, the effect of EIARS in reducing the number of checked rules during the authorization process is evaluated using a simulation technique. The results indicate that, by implementing the UBACO, the weighted comprehensive complexity is reduced by 40.5% as compared to the UCON based policy proposed by Martinelli and Mori (2010). The number of checked rules during the authorization process is reduced by 80% with the EIARS compared to the GAG proposed by Kaiiali et al. (2013). Therefore, it can be concluded that this research has accomplished the aimed objectives.