A Security Auditing Approach Based on Mobile Agent in Grid Environments

Due to the dynamic and multi-institutional nature, auditing is fundamental and difficult to solve in grid computing. In this paper, we identify security-auditing requirements, and propose a Cross-Domain Security Auditing (CDSA) architecture, in which mobile agent is applied to help gathering security information in the grid environment. Whilst a new authorization mechanism is presented to improve the performance by changing the traditional manner "route once, switch many" over the network into the "audit once, authorize many" in the Grid, and a multi-value trust relationship model is constructed in order to carry out the dynamic auditing. The system enforces these mechanisms to enable cross-domain security in the aid of special services based on Globus Toolkit version 3.0 and IBM Aglet.

[1]  Huafei Zhu,et al.  A Novel Two-Level Trust Model for Grid , 2003, ICICS.

[2]  Armin R. Mikler,et al.  Secure agent computation: X.509 Proxy Certificates in a multi-lingual agent framework , 2005, J. Syst. Softw..

[3]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[4]  Gexiang Zhang,et al.  Multi-agent based security auditing system of broadband man , 2004, 2004 International Conference on Intelligent Mechatronics and Automation, 2004. Proceedings..

[5]  Steven Tuecke,et al.  The Physiology of the Grid An Open Grid Services Architecture for Distributed Systems Integration , 2002 .

[6]  Christian Huitema,et al.  A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[7]  Mary R. Thompson,et al.  CA-based Trust Model for Grid Authentication and Identity Delegation , 2002 .

[8]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[9]  Muthucumaru Maheswaran,et al.  Evolving and managing trust in grid computing systems , 2002, IEEE CCECE2002. Canadian Conference on Electrical and Computer Engineering. Conference Proceedings (Cat. No.02CH37373).