Supporting Secure Ad-hoc User Collaboration in Grid Environments

We envision that many grid usage scenarios will be based on small, dynamic working groups for which the ability to establish transient collaboration is a key requirement. Current grid security mechanisms support individual users as members of well-defined virtual organizations. Recent research seeks to provide manageable grid security services for self-regulating, stable communities. Our prior work with component-based systems for grid computation demonstrated a need to support spontaneous, limited, short-lived collaborations which rely on shared or delegated fine grained access privileges. Our mechanisms enable the high-level management of such fine grained privileges based on PKIX attribute certificates and enforce resulting access policies through readily available POSIX operating system extensions. In combination, our mechanisms leverage other work in the grid computing and security communities, reduce administrative costs to resource providers, enable ad-hoc collaboration through incremental trust relationships and can be used to provide improved security service to long-lived communities.

[1]  Gregor von Laszewski,et al.  A Java commodity grid kit , 2001, Concurr. Comput. Pract. Exp..

[2]  David A. Wagner,et al.  A Secure Environment for Untrusted Helper Applications , 1996, USENIX Security Symposium.

[3]  Mathilde Romberg UNICORE: Beyond Web-based Job-Submission , 2000 .

[4]  Andrew S. Grimshaw,et al.  Wide-Area Computing: Resource Sharing on a Large Scale , 1999, Computer.

[5]  Geoffrey C. Fox,et al.  Special Issue: ACM 2000 Java Grande Conference , 2001, Concurr. Comput. Pract. Exp..

[6]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[7]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures , 1989, RFC.

[8]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[9]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[10]  Thomas J. Hacker,et al.  A Methodology for Account Management in Grid Computing Environments , 2001, GRID.

[11]  Andrew S. Grimshaw,et al.  Legion: An Operating System for Wide-Area Computing , 1999 .

[12]  Dennis G. Kafura,et al.  Symphony - A Java-Based Composition and Manipulation Framework for Computational Grids , 2002, 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID'02).

[13]  William E. Johnston,et al.  Certificate-based Access Control for Widely Distributed Resources , 1999, USENIX Security Symposium.

[14]  Ian Goldberg,et al.  A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[15]  Steven Tuecke,et al.  The Physiology of the Grid An Open Grid Services Architecture for Distributed Systems Integration , 2002 .

[16]  John Linn,et al.  Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures , 1987, RFC.

[17]  Charles E. Catlett,et al.  From the I-WAY to the National Technology Grid , 1997, CACM.

[18]  G. Gheorghiu,et al.  An authorization framework for metacomputing applications , 1999, Cluster Computing.

[19]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[20]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[21]  Douglas Thain,et al.  Multiple Bypass: Interposition Agents for Distributed Computing , 2001, Cluster Computing.