Design and Implementation of a Security Policy in a Distributed System

This is a project proposal (20 credits) for one master student. The project will be carried out at FOI, the Swedish Defence Research Agency, at the department of Systems Modelling in Stockholm, Kista. The project is expected to start during March 2006.


Keywords
Security Policy, Access Control, Grids, Web Services, Globus Toolkit, Distributed systems


Background
The NetSim project at FOI is a project aimed at network based modeling and simulation (M&S). The vision is to improve the M&S-process and make it more efficient in order to support simulation models throughout their entire life cycle. A part of this work is to create M&S-related services for the Network Based Defence. Therefore we are building a framework for the development, execution, use and reuse of distributed simulation models. A part of this framework is the Semantic based Distributed Repository (SDR).

The purpose of SDR is to use and share different kinds of resources independently of their location, owner or organization. Resources in this case can be anything from employee’s data, files and simulation models to available execution power. The main functionality in SDR is, besides storing and downloading resources, also the description, removal and semantic search of resources. An SDR prototype has been implemented with techniques and methods related to the Semantic Web and Grids. Examples of used techniques and programs are Globus Toolkit, Jena, Web Services and PostgreSQL. The implementation has mainly been done in Java and in a linux environment.


Proposal
The proposed project is to design and implement an access control (AC) policy that enforces access rights on resources in the SDR. Challenges to solve are for example how to treat groups and users in SDR, how to enforce that a query in the system only returns the results that the user (or the group the user belongs to) is allowed to see or use, etc.

The scope of the master’s project is to do a literature and practical study of AC policies, SDR and the requisites on it. Based on the study, the next step is to suggest a design for a policy and then to implement and test it. The final step is to analyze and evaluate the result and write a report.


References
[1] S. Baymani, E. Stridfeldt, Carbonara – a semantically searchable distributed repository. Master of Science Thesis, Royal Institute of Technology Stockholm, Sweden 2005, IMIT/LECS-2005-44, http://web.it.kth.se/~rassul/exjobb/rapporter/sima-emil.pdf
[2] Globus Alliance and Globus toolkit, http://www.globus.org/