The rapid development of data-intensive computing have become increasingly demanding for information-processing capabilities. The traditional data processing model has not met the actual needs. The emergence of data grid provides a good platform for large-scale data processing. However, the security is one of the bottlenecks which restrict data grid applications. Under analyzing the premise of data grid security requirements, This paper focuses on analyzing and solving a number of key technical issues in the data grid, such as role-based access control mechanism, an authorization delegation mechanisms, intrusion detection mechanisms, and job scheduling mechanisms which combined with the traditional grid security mechanism. The main results and contributions are shown as follows:(1) A RBAC model with context character called C-RBAC is described to match with the highly dynamic nature in Data Grid environment by introducing the two contexts of Sub-Events and Obj-Events. C-RBAC defines Sub-Events and Obj-Events in order to reflect State transition conditions in during of authorization. The underling dynamic role based access control (C-RBAC) model extends the classic role based access control (RBAC). The model provides the formalization description of the two contexts of SUB-EVENTS and OBJ-EVENTS which make the roles transform and permissions transform respectively. The model consistency is discussed and verified when state transformation happens.(2) To solve dynamic access control in data grid, on the basis of using the confidence level of grid entity to change dynamically grid entity roles, it can be resolved by importing trust mechanism to RBAC in Grid community. The trust degree of each Grid entity can be counted based on the feedback from other entities, and then their roles are changed based on their trust degrees. On using this policy, the dynamic trait is realized in Data Grid and the cheat behavior of Grid entity also can be avoided. Finally, the effectiveness of applying dynamic role based access control in data grid from dynamics, dependability, rationality and accuracy.(3) To meet the demand of the delegation service during multi-domain authorization in grid computing, the delegation negotiation process is presented to realize the authorization delegation of role and permission based on the RBDM and RT model through the introduction of trust levels. The fine-grain authorization delegation policy is given. Finally, the simulation is given to prove the feasibility of the delegation model with trust level.(4) Aimed at the characteristics of the grid environment, a collaborative learning intrusion detection method used in data grid is proposed. Through the collaborative learning technology which used for building strong network attack detector, using multiple independent trained BP neural networks located in different grid nodes, and combining feature detection with anomaly detection technologies, Distributed intrusion detection system in data grid based on collaborative learning was proposed. The simulative experiments show that collaborative detection of BP detector significantly improves the detection performance compared with the SVM detector and BP-SVM hybrid detector. Error detection rate of BP detector is decreased by about 0.2% at most in proportion with SVM detector and BP-SVM hybrid detector. Meanwhile, BP detector on collaborative learning not only improves accuracy, but also reduces miss detection.(5) Data Grid Security Prototype System (DGSPS) is designed and accomplished. The design and implemention of all the correlation technique and major function in DGSPS are introduced in detail. |