Grid infrastructures provide an environment for high performance computing by combining heterogeneous, widely distributed computational resources into a single cohesive computing infrastructure. One of the key goals of grid computing infrastructure is to provide an environment where users can share resources across heterogeneous domains. In such an infrastructure security is the major concern. ...

In most systems, authorization is speciied using some low-level system-speciic mechanisms, e.g. protection bits, capabilities and access control lists. We argue that authorization is an independent semantic concept that must be separated from implementation mechanisms and given a precise semantics. We propose a logical approach to representing and evaluating authorization. Speciically, we intro...

The enforcement of authorization constraints such as separation of duty in workflow systems is an important area of current research in computer security. We briefly summarize our model for constrained workflow systems and develop a systematic algebraic method for combining constraints and authorization information. We then show how the closure of a set of constraints and the use of linear exte...

We present a system, called Temporal Data Authorization Model (TDAM), for managing authorizations for temporal data. TDAM is capable of expressing access control policies based on the temporal characteristics of data. TDAM extends existing authorization models to allow the specifications of temporal constraints on data, based on data validity, data capture time, and replication time, using eith...

We introduce a framework for the automated synthesis of security-sensitive distributed applications. The central idea is to provide the programmer with a high-level declarative language for specifying the system and the intended security properties, abstracting away from any cryptographic details. A compiler takes as input such high-level specifications and automatically produces the correspond...

While there are several efforts underway to provide security for the Service Oriented Architecture (SOA), there is no specification or standard defined to provide authorization services for the SOA. The SOA comprises of Web services and business process workflows built using Web services. Based on our analysis of existing authorization frameworks and policy specification models for the SOA, we ...

We are interested in the design of access control policies for virtual communities of agents based on the grid infrastructure. In a virtual community agents can play both the role of resource consumers and the role of resource providers, and they remain in control of their resources. We argue that this requirement imposes a distinction between the authorization to access a resource given by the...

With fast development of network computing and storage technologies, it became more and more convenient to share and spread digital resources through kinds of network services, however without protection and constraint of copyright, digital content can be illegally copied, altered and distributed, which could cause revenue loss to commercial digital resource providers, to solve this problem, di...