The security models used in Grid systems today strongly bear the marks of their diverse origin. Historically retrofitted to the distributed systems they are designed to protect and control, the security model is usually limited in scope and applicability, and its implementation tailored towards a few specific deployment scenarios. A common approach towards even the "basic" elements such as authentication to resources is only now emerging, whereas for more complex issues such as community organization, integration of site access control with operating systems, cross-domain resource provisioning, or overlay community Grids ("late authentication" for pilot job frameworks or community-based virtual machines) there is no single coherent and consistent "security" view. Via this paper we aim to share some observations on current security models and solutions found in Grid architectures and deployments today and identify architectural limitations in solving complex access control and policy enforcement scenarios in distributed resource management. The paper provides a short overview of the OGSA security services and other security solutions used in Grid middleware and operations practice. However, it is becoming clear that further development in Grid requires a fresh look at the concepts, both operationally and security-wise. This paper analyses the security aspects of different types of Grids and a set of use cases that may require extended security functionality, such as dynamic security context management, and management of stateful services. Recent developments in open systems security, and revisiting basic security concepts in networking and computing including the OSI security architecture and the concepts used in the trusted computing base provide interesting examples on how some of the conceptual security problems in Grid can be addressed, and on how the shortcomings of current systems and the frequently proposed "ad-hoc" stop-gaps for what are in fact complex security manageability problems may be avoided. This paper is thus intended to initiate and stimulate the wider discussion on the concepts of Grid security, thereby setting the scene for and providing input to a Grid security taxonomy leading to a more consistent Grid security architecture.
[1]
David Groep,et al.
gLExec: gluing grid computing to the Unix world
,
2008
.
[2]
Ian T. Foster,et al.
The anatomy of the grid: enabling scalable virtual organizations
,
2001,
Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.
[3]
Peter Steenkiste,et al.
Exploiting Hierarchical Identity-Based Encryption for Access Control to Pervasive Computing Information
,
2005,
First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).
[4]
Steven Tuecke,et al.
The Physiology of the Grid An Open Grid Services Architecture for Distributed Systems Integration
,
2002
.
[5]
Frank Stajano,et al.
Security policies
,
2001,
Adv. Comput..
[6]
Leon Gommans,et al.
Using Workflow for Dynamic Security Context Management in Grid-based Applications
,
2006,
2006 7th IEEE/ACM International Conference on Grid Computing.
[7]
Cees T. A. M. de Laat,et al.
Extending XACML authorisation model to support policy obligations handling in distributed application
,
2008,
MGC '08.
[8]
Leon Gommans,et al.
Security and dynamics in customer controlled virtual workspace organisation
,
2007,
HPDC '07.
[9]
K. J. Bma.
Integrity considerations for secure computer systems
,
1977
.
[10]
Cees T. A. M. de Laat,et al.
Authorisation infrastructure for on-demand network resource provisioning
,
2008,
2008 9th IEEE/ACM International Conference on Grid Computing.
[11]
D. Elliott Bell,et al.
Secure Computer System: Unified Exposition and Multics Interpretation
,
1976
.
[12]
Adi Shamir,et al.
Identity-Based Cryptosystems and Signature Schemes
,
1984,
CRYPTO.
[13]
Marshall D. Abrams,et al.
Trusted computing update
,
1995,
Comput. Secur..
[14]
Leon Gommans,et al.
Web services and grid security vulnerabilities and threats analysis and model
,
2005,
The 6th IEEE/ACM International Workshop on Grid Computing, 2005..
[15]
James P Anderson,et al.
Computer Security Technology Planning Study
,
1972
.
[16]
Tim Moses,et al.
EXtensible Access Control Markup Language (XACML) version 1
,
2003
.