Coordinated access control with temporal and spatial constraints on mobile execution in coalition environments

Dynamics is an inherent characteristic of computational grids. The volatile nodal availablity requires grid applications and services be adaptive to changes of the underlying grid topology. Mobile execution allows mobile users or tasks to relocate across different nodes in the grid. This poses new challenges to resource access control. Resource sharing in the grid coalition environment creates certain temporal and spatial requirements for accesses by mobile entities. However, there is a lack of formal treatment of the impact of mobility on the shared resource access control. In this paper, we formalize the mobile execution of grid entities by using the mobile code model. We introduce a shared resource access language, SRAL, to model the behaviors of mobile codes. SRAL is structured and composed so that the program of a mobile code can be constructed recursively from primitive accesses. We define the operational semantics of SRAL and prove that it is expressive enough for most resource access patterns. In particular, it is complete in the sense that it can specify any program of regular trace model. A constraint language, SRAC, is defined to specify spatial constraints for shared resource accesses. Checking if the behavior of a mobile code satisfies a given spatial constraint can be solved by a polynomial-time algorithm. We apply the Duration Calculus to express temporal constraints, and show the constraint satisfaction problem is decidable as well. We extend the role-based access control model to specify and enforce our spatio-temporal constraints. To prove the concept and technical feasibility of our coordinated access control model, we implemented it in a mobile agent system, which emulates mobile execution in grids by software agents. (C) 2006 Elsevier B.V. All rights reserved.