Security for Grids

Securing a Grid environment presents a distinctive set of challenges. This work groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these activities and introduces new technologies that promise to meet the security requirements of Grids more completely.

[1]  Jim Boyle,et al.  Accept-Ranges : bytes Content-Length : 55967 Connection : close Content-Type : text / plain Internet Draft , 2012 .

[2]  Andrew S. Grimshaw,et al.  Wide-Area Computing: Resource Sharing on a Large Scale , 1999, Computer.

[3]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[4]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[5]  Angelos D. Keromytis,et al.  Key note: Trust management for public-key infrastructures , 1999 .

[6]  Emil C. Lupu,et al.  A policy deployment model for the Ponder language , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[7]  Dinesh C. Verma,et al.  A Policy Service for GRID Computing , 2002, GRID.

[8]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[9]  Daniel Roth,et al.  Web Services Policy Framework (WS- Policy) , 2002 .

[10]  Sushil Jajodia,et al.  Obligation monitoring in policy management , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[11]  Tim Howes,et al.  Lightweight Directory Access Protocol (v3) , 1997, RFC.

[12]  William E. Johnston,et al.  Certificate-based Access Control for Widely Distributed Resources , 1999, USENIX Security Symposium.

[13]  John Linn,et al.  Generic Security Service Application Program Interface Version 2, Update 1 , 2000, RFC.

[14]  Carlisle M. Adams,et al.  Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) , 2001, RFC.

[15]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[16]  Marty Humphrey,et al.  An early evaluation of WSRF and WS-Notification via WSRF.NET , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[17]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[18]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[19]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[20]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[21]  Marty Humphrey,et al.  Policy and enforcement in virtual organizations , 2003, Proceedings. First Latin American Web Congress.

[22]  Ben McClure,et al.  A security architecture for the Internet Protocol , 1998 .

[23]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2002, SACMAT '02.

[24]  Matt Bishop,et al.  What Is Computer Security? , 2003, IEEE Secur. Priv..

[25]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[26]  Frank Leymann,et al.  Modeling Stateful Resources with Web Services , 2004 .

[27]  Theodosis Dimitrakos,et al.  An architecture for dynamic security perimeters of virtual collaborative networks , 2004, 2004 IEEE/IFIP Network Operations and Management Symposium (IEEE Cat. No.04CH37507).

[28]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[29]  Larry Zhu,et al.  Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) , 2006, RFC.

[30]  Barbara M. Chapman,et al.  XML-Based Policy Engine Framework for Usage Policy Management in Grids , 2002, GRID.

[31]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[32]  Charles Poynton,et al.  Frequently Asked Questions about Color , 1997 .

[33]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[34]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[35]  Tim Howes,et al.  Lightweight Directory Access Protocol , 1995, RFC.

[36]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[37]  Sushil Jajodia,et al.  Provisions and Obligations in Policy Management and Security Applications , 2002, VLDB.

[38]  Jean Jacques Moreau,et al.  SOAP Version 1. 2 Part 1: Messaging Framework , 2003 .

[39]  Steve Anderson,et al.  Web Services Secure Conversation Language (WS-SecureConversation) , 2005 .

[40]  Kai Sorensen,et al.  Federal Information Processing Standards Publication , 1985 .

[41]  Peter Honeyman,et al.  Kerberized Credential Translation: A Solution to Web Access Control , 2001, USENIX Security Symposium.

[42]  Jim Basney,et al.  The MyProxy online credential repository , 2005, Softw. Pract. Exp..

[43]  Marty Humphrey,et al.  OGSI.NET: OGSI-compliance on the .NET framework , 2004, IEEE International Symposium on Cluster Computing and the Grid, 2004. CCGrid 2004..

[44]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[45]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[46]  Andrew S. Grimshaw,et al.  A Flexible Security System for Metacomputing Environments , 1999, HPCN Europe.

[47]  Mark O'Neill,et al.  Web Services Security , 2003 .

[48]  Mahadev Satyanarayanan,et al.  Scalable, secure, and highly available distributed file access , 1990, Computer.

[49]  Ian Foster,et al.  The Security Architecture for Open Grid Services , 2002 .

[50]  Steven Tuecke,et al.  The Physiology of the Grid An Open Grid Services Architecture for Distributed Systems Integration , 2002 .

[51]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[52]  Marty Humphrey,et al.  Security Implications of Typical Grid Computing Usage Scenarios , 2004, Cluster Computing.

[53]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.