论文信息 - A Concept for Grid Credential Lifecycle Management and Heuristic Credential Abuse Detection

A Concept for Grid Credential Lifecycle Management and Heuristic Credential Abuse Detection

In modern Grids, authentication is usually implemented via an X.509 PKI (Public Key Infrastructure). Proxy certificates are employed to facilitate interaction with the Grid, especially for purposes of delegation and single sign-on. We propose modifications to the Grid Security Infrastructure that allow reporting of proxy usage information to a database, giving the end user an opportunity to review by whom and for which purpose his credentials were used. By means of a standardized protocol for certificate revocation, they can then revoke affected proxies and stop abuse.

Christian Grimm | Stefan Piger | Jan Wiebelitz | Christopher Kunz

[2] Steven Tuecke,et al. Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[3] Ian T. Foster,et al. A security architecture for computational grids , 1998, CCS '98.

[4] Jim Basney,et al. The MyProxy online credential repository , 2005, Softw. Pract. Exp..

[5] Manuel Medina,et al. Using OGRO and CertiVeR to improve OCSP validation for Grids , 2007, The Journal of Supercomputing.

[6] Christian Grimm,et al. A Comprehensive Approach to Self-Restricted Delegation of Rights in Grids , 2008, 2008 Eighth IEEE International Symposium on Cluster Computing and the Grid (CCGRID).

[7] Manuel Medina,et al. Towards a Unified Authentication and Authorization Infrastructure for Grid Services: Implementing an Enhanced OCSP Service Provider into GT4 , 2005, EuroPKI.

[8] Donald F. Ferguson,et al. The WS-Resource Framework , 2004 .

[9] Carlisle M. Adams,et al. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[10] Wolfgang Gentzsch,et al. D-Grid, an E-Science Framework for German Scientists , 2006, 2006 Fifth International Symposium on Parallel and Distributed Computing.

[11] Ian T. Foster,et al. Globus: a Metacomputing Infrastructure Toolkit , 1997, Int. J. High Perform. Comput. Appl..