A Concept for Grid Credential Lifecycle Management and Heuristic Credential Abuse Detection

In modern Grids, authentication is usually implemented via an X.509 PKI. Proxy certificates are employed to facilitate interaction with the Grid, especially for purposes of delegation and single sign-on. However, due to the nature of proxy credentials, these can be obtained by an unauthorized third party and abused for disruptive actions or unauthorized resource consumption. We propose modifications to the Grid Security Infrastructure that allow reporting of proxy usage information to a database, giving the end user an opportunity to review by whom and why his credentials were used. Furthermore, we plan to implement a heuristic method of automated abuse detection for proxy credentials which will give the user a way to easily detect unauthorized usage of their credentials.