Skip to main content

Advanced Security for Virtual Organizations: The Pros and Cons of Centralized vs Decentralized Security Models

Sinnott, Richard O. and Chadwick, David W. and Doherty, T. and Martin, D. and Stell, A.J. and Stewart, G. and Su, Linying and Watt, J. (2008) Advanced Security for Virtual Organizations: The Pros and Cons of Centralized vs Decentralized Security Models. In: 2008 Eighth IEEE International Symposium on Cluster Computing and the Grid (CCGRID). IEEE, pp. 106-113. ISBN 978-1-4244-4237-9. (doi:10.1109/CCGRID.2008.67) (KAR id:24029)

Language: English
Download (352kB) Preview
Official URL


Grids allow for collaborative e-Research to be undertaken, often across institutional and national boundaries. Typically this is through the establishment of virtual organizations (VOs) where policies on access and usage of resources across partner sites are defined and subsequently enforced. For many VOs, these agreements have been lightweight and erred on the side of flexibility with minimal constraints on the kinds of jobs a user is allowed to run or the amount of resources that can be consumed. For many new domains such as e-Health, such flexibility is simply not tenable. Instead, precise definitions of what jobs can be run, and what data can be accessed by who need to be defined and enforced by sites. The role based access control model (KBAC) provides a well researched paradigm for controlling access to large scale dynamic VOs. However, the standard RBAC model assumes a single domain with centralised role management. When RBAC is applied to VOs, it does not specify how or where roles should be defined or made known to the distributed resource sites (who are always deemed to be autonomous to make access control decisions). Two main possibilities exist based on either a centralized or decentralized approach to VO role management. We present the advantages and disadvantages of the centralized and decentralized role models and describe how we have implemented them in a range of security focused e-Research domains at the National e-Science Centre (NeSC) at the University of Glasgow.

Item Type: Book section
DOI/Identification number: 10.1109/CCGRID.2008.67
Uncontrolled keywords: information security; national security; public key; grid computing; collaboration; access control; large-scale systems; high performance computing; certification; authorization
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Mark Wheadon
Date Deposited: 29 Mar 2010 12:11 UTC
Last Modified: 23 Jan 2020 04:04 UTC
Resource URI: (The current URI for this page, for reference purposes)
Chadwick, David W.:
  • Depositors only (login required):


Downloads per month over past year