a context-aware based authorization system for ?· a context-aware based authorization system for...

Download A CONTEXT-AWARE BASED AUTHORIZATION SYSTEM FOR ?· a context-aware based authorization system for pervasive…

Post on 20-Mar-2019

212 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

A CONTEXT-AWARE BASED AUTHORIZATION

SYSTEM FOR PERVASIVE GRID COMPUTING

MARILYN LIM CHIEN HUI

UNIVERSITI SAINS MALAYSIA

2015

A CONTEXT-AWARE BASED AUTHORIZATION

SYSTEM FOR PERVASIVE GRID COMPUTING

by

MARILYN LIM CHIEN HUI

Thesis submitted in fulfillment of the requirements

for the degree of Master of Science

February 2015

ii

ACKNOWLEDGEMENTS

I would like to express my deepest appreciation to my supervisor, Dr. Chan

Huah Yong for his invaluable help. He provides supports, constructive criticisms and

helpful suggestions during the research. Without his offering to accomplish this

research, I would not be able to finish my study at USM. Im thankful to Dr. Nabil

Elmarzouqi for his help during my studies. He always gave a support for the in-depth

discussion about the state-of-the-art of my research domain and various research

problems. Instead he is the one inspiring me to conduct this study. Im grateful to my

lab mates, that always give me support and help me in better understanding of JAVA

programming and Jade framework, and also all of my friends that always support and

give full attention for me to solve my problems and being my personal proofreader

and grammar coach. I would also like to thank my family for their fully

encouragement and support. And I would like to express my gratitude to the School

of Computer Sciences for making all this possible. I would also like to thank

Universiti Sains Malaysia, USM for the financial support given through the USM

Fellowship Scheme.

iii

TABLE OF CONTENTS

Page

Acknowledgements ii

Table of Contents iii

List of Tables vi

List of Figures vii

List of Abbreviations ix

Abstrak x

Abstract xii

CHAPTER 1 INTRODUCTION

1.1 Overview 1

1.2 Background 2

1.3 Research Problem 4

1.4 Objectives 5

1.5 Importance and Significance of this Research 5

1.6 Scope of the Research 6

1.7 Contribution 6

1.8 Organization of Thesis 7

CHAPTER 2 LITERATURE REVIEW

2.1 Introduction 9

2.2 Pervasive Grid Computing 9

2.3 Authorization 11

2.3.1 Type of Authorization Model 13

iv

2.3.2 Characteristic of Authorization System 14

2.3.3 Limitation of Existing Authorization System 19

2.4 Context-Awareness 20

2.4.1 Context-Aware Authorization Mechanism in Pervasive Grid 21

2.5 Related Works 23

2.6 Summary of Comparison 26

CHAPTER 3 SIMULATION DESIGN AND IMPLEMENTATION

3.1 Introduction 30

3.2 System Design 30

3.2.1 Context Management System 31

3.2.2 Session Service Authority 34

3.2.3 Access Control System 35

3.3 Implementation Platform 37

3.3.1 PrivilEge and Role Management Infrastructure Standards

(PERMIS) Framework 38

3.3.2 Java Agent DEvelopment Framework (JADE) Platform 38

3.3.3 Operation of Simulation Work 39

3.3.3.1 Issuing an Authorization Request 40

3.3.3.2 Context Acquisition 42

3.3.3.3 Authorization Decision 42

3.3.3.4 User Session Token 44

3.3.3.5 Re-authorization 45

3.3.3.6 Subsequence Authorization Requests 46

3.3.4 Policies 47

v

3.3.5 Authorization Session Access Token 50

3.4 Models of Authorization System 51

3.4.1 Context-aware Simple Push Model 51

3.4.2 Context-Aware Simple Pull Model 52

3.4.3 Context-Aware Session Push Model 52

3.4.4 Context-Aware Session Pull Model 53

3.4.5 Centralized Architecture 53

3.5 Performance Metrics 54

3.5.1 Efficiency 54

3.5.2 Scalability 56

CHAPTER 4 RESULT AND DISCUSSION

4.1 Introduction 57

4.2 System Testing Setup 57

4.3 System Performance Test 59

4.3.1 Context Management Test Case 60

4.3.2 Impact of Type of Authorization Credential on Efficiency

Performance 61

4.4 Scalability Analysis 67

4.5 Comparison 75

CHAPTER 5 CONCLUSION AND FUTURE WORK

5.1 Summary and Conclusion 76

5.2 Research Limitation and Future Work 78

vi

REFERENCES 80

LIST OF PUBLICATION 84

vii

LIST OF TABLES

Page

Table 2.1 Comparison of Characteristic for Existing Grid Authorization

System 29

Table 4.1 Test Case and Result for Context Management Performance Test 61

Table 4.2 Test Case and Result for Different Model 64

Table 4.3 Times Taken to Process Each Authorization Request by Each

Model 65

Table 4.4 Test Case and Result for First Test 69

Table 4.5 Test Case and Result for Second Test 74

viii

LIST OF FIGURES

Page

Figure 2.1 The Push-Based Authorization Model 13

Figure 2.2 The Pull-Based Authorization Model 14

Figure 2.3 Overview of Security Infrastructure in Pervasive Grid Computing 22

Figure 3.1 Simulation System Components 31

Figure 3.2 Components of Context Management System 32

Figure 3.3 Components of Access Control System 36

Figure 3.4 Relationship between Different Types of Agents 39

Figure 3.5 Sample of Certificate 40

Figure 3.6 Sample of Agent Message for User Request 41

Figure 3.7 Pseudo-code of Decision Evaluation Algorithm 43

Figure 3.8 Type of Message for Different Authorization Result Status 44

Figure 3.9 Sample of Authorization Requests Attached with Session Access

Token 47

Figure 3.10 Sample of SubjectPolicy 47

Figure 3.11 Sample of RoleHierarchyPolicy 48

Figure 3.12 Sample of SOAPolicy 48

Figure 3.13 Sample of RoleAssignmentPolicy 48

Figure 3.14 Sample of TargetPolicy 49

Figure 3.15 Sample of ActionPolicy 49

Figure 3.16 Sample of TargetAccessPolicy 50

Figure 3.17 Architecture of Proposed Authorization Model 54

Figure 4.1 Screen Capture of Output Generated on Client Site 58

Figure 4.2 Screen Capture of Output Generated on Authorization Server Site 58

ix

Figure 4.3 Comparison of Processing Time for Retrieving Identity from Different

Authorization Credential 63

Figure 4.4 Comparison of Overall Processing Time between Different

Authorization Models 66

Figure 4.5 Average Response Time for a Range of User Size 70

Figure 4.6 Administrative Scalability Deduced from Analytical Analysis 72

Figure 4.7 Average Loading Time on Different Policy Size 75

x

LIST OF ABBREVIATIONS

ACL Agent Communication Language

ACM Attribute Certificate Management

ADF Access Decision Function

AEF Access Control Enforcement Function

API Application Programming Interface

CAS Community Authorization Service

CoCoA Context-Constrained Architecture

CMS Context Management System

CN Common Name

EALS Enterprise Authorization and Licensing Service

JADE Java Agent Development Framework

MAS Multi-agent System

OGSA Open Grid Services Architecture

PE Policy Editor

PERMIS Privilege and Role Management Infrastructure Standards Validation

PMS Policy Management System

SAML Security Assertion Markup Language

SSA Session Service Authority

VO Virtual Organization

VOMS Virtual Organization Membership Service

XML Extensible Markup Language

XACML eXtensible Access Control Markup Language

xi

SISTEM PENGESAHAN KUASA BERASASKAN

KONTEKS UNTUK PENGKOMPUTERAN GRID

PERVASIF

ABSTRAK

Tujuan kajian ini adalah untuk mengatasi had grid pervasif terutamanya

dalam bidang pengesahan kuasa.Kemajuan dalam teknologi tanpa wayar telah

mempercepatkan evolusi dari teknologi grid kepada grid pervasif. Ini telah membawa

cabaran kepada mekanisme pengesahan kuasa, kerana pengesahan kuasa

konvensional tidak menyokong konteks alam sekitar semasa proses pengesahan

kuasa. Matlamat penyelidikan ini adalah untuk meningkatkan kebolehpercayaan

yang lebih baik bagi rangka kerja pengesahan kuasa untuk berkerja dalam grid

pervasif. Daripada kajian ini, mekanisme pengesahan kuasa yang sedia ada

mempunyai keterbatasan di mana ia hanya mampu menyokong sifat-sifat statik (yang

nilai tidak berubah sepanjang sesi pengesahan kuasa itu) dan juga tidak mempunyai

mekanisme untuk mengesahkan semula dan mengenalpasti maklumat persekitaran

pengguna. Ini telah menyebabkan penurunan dari segi tahap keselamatan grid,

seperti darjah rintangan sistem grid terhadap pengguna yang tidak sah yang sengaja

menyalahgunakan prasarana grid. Salah satu penyelesaian untuk

Recommended

View more >