Masayuki Nakae

Toward a Usage-Based Security Framework for Collaborative Computing Systems

Collaborative systems such as Grids provide efficient and scalable access to distributed computing capabilities and enable seamless resource sharing between users and platforms. This heterogeneous distribution of resources and the various modes of collaborations that exist between users, virtual organizations, and resource providers require scalable, flexible, and fine-grained access control to protect both individual and shared computing resources. In this article we propose a usage control (UCON) based security framework for collaborative applications, by following a layered approach with policy, enforcement, and implementation models, called the PEI framework. In the policy model layer, UCON policies are specified with predicates on subject and object attributes, along with system attributes as conditional constraints and user actions as obligations. General attributes include not only persistent attributes such as role and group memberships but also mutable usage attributes of subjects and objects. Conditions in UCON can be used to support context-based authorizations in ad hoc collaborations. In the enforcement model layer, our novel framework uses a hybrid approach for subject attribute acquisition with both push and pull modes. By leveraging attribute propagations between a centralized attribute repository and distributed policy decision points, our architecture supports decision continuity and attribute mutability of the UCON policy model, as well as obligation evaluations during policy enforcement. As a proof-of-concept, we implement a prototype system based on our proposed architecture and conduct experimental studies to demonstrate the feasibility and performance of our approach.

A usage-based authorization framework for collaborative computing systems

Collaborative systems such as Grids provide efficient and scalable access to distributed computing capabilities and enable seamless resource sharing between users and platforms. This heterogeneous distribution of resources and the various modes of collaborations that exist between users, virtual organizations, and resource providers require scalable, flexible, and fine-grained access control to pro-tect both individual and shared computing resources. In this paper we propose a usage control (UCON) based authorization frame-work for collaborative applications. In our framework, usage con-trol policies are defined using subject and object attributes, along with system attributes as conditions. General attributes include not only persistent attributes such as role and group memberships, but also mutable usage attributes of subjects and objects. Conditions in UCON can be used to support context-based authorizations in ad-hoc collaborations. As a proof-of-concept we implement a pro-totype system based on our proposed architecture and conduct ex-perimental studies to demonstrate the feasibility and performance of our approach.

Virtual Machine Migration Method between Different Hypervisor Implementations and Its Evaluation

Virtualization technologies are an important building block for cloud services. Each service will run on virtual machines (VMs) deployed over different hyper visors in the future. Therefore, a VM migration method between different hyper visor implementations will be required. Existing methods, such as VM image conversion, generate dead copies of VM images during migration. This causes an operating system running on a VM to fail to boot up after migration and to identify virtual devices provided by destination hyper visors because the dead copied image does not contain requisite files for booting up the copied VM environment. To solve these problems, we propose a VM migration method that generates a destination-dependent VM image before migration. The destination dependency is a set of requisite files enabling a guest OS to boot up from the image, and is determined from the device configurations of destination physical machines and virtual ones. The proposed method extracts the dependency from the file structure that enables the guest OS to run on the destination hyper visor. Our evaluation confirms that the proposed method succeeds in VM migration between hyper visors such as VMWare, Virtual Box, and VirtualPC. As for performance efficiency, our method can reduce the size of a transferred VM image to approximately 20% that of a source VM image.

Content oriented virtual domains for secure information sharing across organizations

Secure information sharing across different organizations is an emerging issue for collaborative software development, product design, etc. Virtual domains have been proposed for this issue so far. A virtual domain is a collaborative workspace comprising virtual computer resources dedicated to a particular collaborative activity, and it is subject to information sharing policies that restrict the scope of information sharing within the domain. This paper proposes a method of constructing Content Oriented Virtual Domains, which leverages existing common services such as e-mail, Web, and file servers, therefore enabling us to construct a secure collaborative workspace at lower cost than existing methods that require such services to be reconstructed in the same domain. This paper also shows an experimental implementation of the method and its performance evaluation results.

CIM-Based Resource Information Management for Integrated Access Control Manager

An architecture for CIM-based integrated access control middleware is proposed. The proposed architecture employs CIM standards for managing several access control modules for different resources uniformly in consolidated server environments. CIM standards allow the user of the middleware to look up the target resource information through the common interface, to describe abstract policy with grouping the same type of resources together, and to translate the abstract policy to detailed configurations for each access control module automatically. We evaluated the feasibility of the proposed architecture by a pilot implementation for file access control systems. According to the findings of the evaluation, we propose an extension of the CIM_Directory class to improve operations for exploring directories on user interfaces of the middleware.

A general design towards secure ad-hoc collaboration

We propose a general design for secure collaboration systems, which is underpinned with an access control policy model, an administrative scheme, and an enforcement scheme, based on the Type Usage Control (TUCON) model. TUCON is a generalized form of the usage control model (UCON) proposed recently. By utilizing mutable object attributes, UCON can reflect the dynamic nature of ad-hoc collaborations such as temporal and/or spatial usages. In TUCON, every object has an object type as a persistent attribute, which works as a name space that indicates an organization to which the object belongs. With object types, TUCON policies can distinctly control intra-organization and inter-organization information flows. This approach achieves the autonomy of collaborative teams as well as the mutual confidentiality of collaborating organizations.