The distributed control system of the Large Hadron Collider (LHC) presents many challenges due to its inherent heterogeneity and highly dynamic nature. One critical challenge is providing access control guarantees within the middleware. Role-based access control (RBAC) is a good candidate to provide access control. However, in an equipment control system transactions are often dependent on user context and device context. Unfortunately, classic RBAC cannot be used to handle the above requirements. In this paper we present an extended role-based access control model called CMW-RBAC. This new model incorporates the advantages of role-based permission administration together with a fine-grained control of dynamic context attributes. We also propose a new technique called dynamic authorization that allows phased introduction of access control in large distributed systems. This paper also describes motivation of the project, requirements, and overview of its main components: authentication and authorization.

Publié le : 2013-01-24
Classification:  Role-based access control, information security, equipment protection, middleware, distributed systems,  68N19, 68N30, 68U35, 94A62

@article{cai1302,
     author = {Ilia Yastrebov; CERN, Geneva 23 and Natalia Yastrebova; CERN, Geneva 23},
     title = {Securing Controls Middleware of the Large Hadron Collider},
     journal = {Computing and Informatics},
     volume = {31},
     number = {6},
     year = {2013},
     language = {en},
     url = {http://dml.mathdoc.fr/item/cai1302}
}

Ilia Yastrebov; CERN, Geneva 23; Natalia Yastrebova; CERN, Geneva 23. Securing Controls Middleware of the Large Hadron Collider. Computing and Informatics, Tome 31 (2013) no. 6, . http://gdmltest.u-ga.fr/item/cai1302/