We can envision a metacomputing environment were lattice-based policies should be used to guard access to resources. Consider a metacomputing application that performs certain experiments which include interactions with scientific facilities, e.g. High-Frequency radio transmitter used for heating of the ionosphere [12]. The application tasks include performing extensive computations spread to a large number of hosts for analyzing the results and steering the transmitter (change the operating frequency, rotate the dish, turn the transmitter on or off, etc.).
The security administrator of the transmitter will establish security policy based on the level of competence to perform specific operations. To prove eligibility to access the resource, a user has to present a valid credential, stating user's competence level.
Assume there are defined three levels of competence: high, medium and low.
1) High may perform any operation
2) Medium may perform all operations except for changing the operating frequency.
3) Low is allowed only to monitor the experiments.
To implement the required lattice-based policy, a generic restriction
| Token Type: lattice_above | ||
| Defining Authority: security_administrator | ||
| Value: competence_level |
can be used. It specifies that a subject, wishing to get access to the resource has to have competence level no less then the one, specified in the Value field.
This is a form of lattice-based policy [13] in a sense that users are unavoidably constrained by the domain protection policy. Only a specially authorizaed person (e.g. security administrator of the transmitter) may change the competence level required to perform a particular operation.
There may be additional generic restrictions posed on the granted access, such as integrity message protection to ensure that the request is free from unauthorized modification, or list of trusted certifying authorities who can attest to the competence level of a requester.