TOWER: Practical Trust Negotiation Framework for Grids

In order to establish trust relationship between service requesters and providers in an open decentralized environment, we propose a novel trust negotiation framework, TOWER, which integrates distributed trust chain construction of trust management and aims to enhance the grid security infrastructure. Our approach leverages attribute-based credentials to support flexible delegation, and dynamically constructs trust chains. A novel TRust chAin based Negotiation Strategy (TRANS) is proposed to establish trust relationship on the fly by gradually disclosing credentials according to various access control policies. Our approach has been successfully implemented as useful components and fundamental security services in the CROWN Grid, and techniques such as trust tickets and policy caching that can greatly increase service efficiency are used. Finally, we evaluate our approach by comprehensive experiments and the results show that it is feasible.

[1]  Marianne Winslett,et al.  Negotiating Trust on the Grid , 2005, Semantic Grid.

[2]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[3]  Ninghui Li,et al.  Distributed Credential Chain Discovery in Trust Management , 2003, J. Comput. Secur..

[4]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[5]  Li Zhou,et al.  Adaptive trust negotiation and access control for grids , 2005, The 6th IEEE/ACM International Workshop on Grid Computing, 2005..

[6]  Ninghui Li,et al.  Towards practical automated trust negotiation , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[7]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[8]  Yunhao Liu,et al.  Early Experience of Remote and Hot Service Deployment with Trustworthiness in CROWN Grid , 2005, APPT.

[9]  Srilekha Mudumbai,et al.  Certificate-based authorization policy in a PKI environment , 2003, TSEC.

[10]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[11]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.