Accountability and Control of Process Creation in Metasystems

Abstract : The distinguishing feature of a metasystem is middleware that facilitates viewing a collection of large, distributed, heterogeneous resources as a single virtual machine, where each user of the metasystem is identified by a unique metasystem-level identity. The physical resources of the metasystem can exist in multiple administrative domains, each with different local security requirements and authentication mechanisms (e.g., Kerberos, public-key). The problem this paper addresses is how to map the metasystems-level identity to an appropriate account on each local physical machine for the purposes of process creation, such that the access control and authentication policies of each local machine are not violated. This mapping must ensure the integrity of the local machines, must ensure the integrity of the metasystem user's data, and must not unnecessarily burden either the metasystem users, the metasystem system administrator, or the local machine system administrators. Specific examples are drawn from experiences gained during the deployment of the Legion metasystem. For example, Legion configurations for local sites with different access control mechanisms such as standard UNIX mechanisms and Kerberos are compared. Through analysis of these configurations, the inherent security trade-offs in each design are derived. These results have practical importance to current and future metasystem users and to sites considering any future inclusion of local resources in a global virtual computer.

[1]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[2]  Tatyana Ryutov,et al.  Access Control Framework for Distributed Applications , 2000 .

[3]  Andrew S. Grimshaw,et al.  Wide-Area Computing: Resource Sharing on a Large Scale , 1999, Computer.

[4]  John Linn,et al.  Generic Security Service Application Program Interface , 1993, RFC.

[5]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[6]  Morris Sloman,et al.  A Security Framework Supporting Domain Based Access Control in Distributed Systems , 1996, NDSS.

[7]  Amin Vahdat,et al.  The CRISIS Wide Area Security Architecture , 1998, USENIX Security Symposium.

[8]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[9]  Andrew S. Grimshaw,et al.  The Legion vision of a worldwide virtual computer , 1997, Commun. ACM.

[10]  Andrew S. Grimshaw,et al.  A Flexible Security System for Metacomputing Environments , 1999, HPCN Europe.

[11]  John Linn,et al.  Generic Security Service Application Program Interface, Version 2 , 1997, RFC.

[12]  Peter Honeyman,et al.  Joining Security Realms: A Single Login for NetWare and Kerberos , 1995, USENIX Security Symposium.

[13]  Victoria Ungureanu,et al.  Unified Support for Heterogeneous Security Policies in Distributed Systems , 1998, USENIX Security Symposium.

[14]  Marvin A. Sirbu,et al.  Distributed authentication in Kerberos using public key cryptography , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.