A Security Architecture for Computational Grids Ian Foster, Carl Kesselman, Gene Tsudik, Steven Tuecke Reporter : Po - Jen Lo.

Slides:

Advertisements

Similar presentations

GT 4 Security Goals & Plans Sam Meder

Advertisements

The Anatomy of the Grid: An Integrated View of Grid Architecture Carl Kesselman USC/Information Sciences Institute Ian Foster, Steve Tuecke Argonne National.

High Performance Computing Course Notes Grid Computing.

Grid Security. Typical Grid Scenario Users Resources.

Condor-G: A Computation Management Agent for Multi-Institutional Grids James Frey, Todd Tannenbaum, Miron Livny, Ian Foster, Steven Tuecke Reporter: Fu-Jiun.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.

A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

Overview of Security Standards in the Grid CSE 225 High Performance and Computational Grids Spring 2000 Prepared By

Milos Kobliha Alejandro Cimadevilla Luis de Alba Parallel Computing Seminar GROUP 12.

Globus Ian Foster and Carl Kesselman Argonne National Laboratory and University of Southern California

1 Directory related work in the Global Grid Forum 3rd TF-LSD Meeting in Antalya Peter Gietz

Globus Computing Infrustructure Software Globus Toolkit 11-2.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

1 Dr. Markus Hillenbrand, ICSY Lab, University of Kaiserslautern, Germany A Generic Database Web Service for the Venice Service Grid Michael Koch, Markus.

1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.

A Multipolicy Authorization Framework for Grid Security Bo Lang, Ian Foster, Frank Siebenlist, Rachana Ananthakrishnan, Tim Freeman Reporter.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong

Effective Web Data Extraction with Standard XML Technologies Source ： International World Wide Web Conference Proceedings of the tenth international conference.

Through the development of advanced middleware, Grid computing has evolved to a mature technology in which scientists and researchers can leverage to gain.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

The Globus Project: A Status Report Ian Foster Carl Kesselman

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

The Anatomy of the Grid Mahdi Hamzeh Fall 2005 Class Presentation for the Parallel Processing Course. All figures and data are copyrights of their respective.

1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.

Service - Oriented Middleware for Distributed Data Mining on the Grid ，劉妘鑏 Antonio C., Domenico T., and Paolo T. Journal of Parallel and Distributed.

HPC lab Security Architecture on Grids Ian Foster, Carl Kesselman, Gene Tsudik, Steven Tuecke 1. A Security Architecture for Computational Grids.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.

Ames Research CenterDivision 1 Information Power Grid (IPG) Overview Anthony Lisotta Computer Sciences Corporation NASA Ames May 2,

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

GRID ARCHITECTURE Chintan O.Patel. CS 551 Fall 2002 Workshop 1 Software Architectures 2 What is Grid ? "...a flexible, secure, coordinated resource- sharing.

The Globus Toolkit®: The Open Source Solution for Grid Computing

GRIDS Center Middleware Overview Sandra Redman Information Technology and Systems Center and Information Technology Research Center National Space Science.

Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.

Enabling the Future Service-Oriented Internet (EFSOI 2008) Supporting end-to-end resource virtualization for Web 2.0 applications using Service Oriented.

Cole David Ronnie Julio. Introduction Globus is A community of users and developers who collaborate on the use and development of open source software,

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Basic Grid Projects - Globus Sathish Vadhiyar Sources/Credits: Project web pages, publications available at Globus site. Some of the figures were also.

Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,

INSA LYON1 Security Policy Configuration Issues in Grid Computing Environments George Angelis, Stefanos Gritzalis, and Costas Lambrinoudakis Presentation.

1 Observations on Architecture, Protocols, Services, APIs, SDKs, and the Role of the Grid Forum Ian Foster Carl Kesselman Steven Tuecke.

Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.

X.509 Proxy Certificates for Dynamic Delegation Ian Foster, Jarek Gawor, Carl Kesselman, Sam Meder, Olle Mulmo, Laura Perlman, Frank Siebenlist, Steven.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Security in Distributed Systems – A look at Globus Stephen Rook December 4, 2007.

1 I.Foster LCG Grid Technology: Introduction & Overview Ian Foster Argonne National Laboratory University of Chicago.

Globus: A Report. Introduction What is Globus? Need for Globus. Goal of Globus Approach used by Globus: –Develop High level tools and basic technologies.

EGI-Engage Data Services and Solutions Part 1: Data in the Grid Vincenzo Spinoso EGI.eu/INFN Data Services.

EGEE is a project funded by the European Union CA overview and requirements Ognjen Prnjat, Nikos Vogiatzis GRNET EGEE-SEE regional kick-off, April 7-8.

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

INDIGO – DataCloud WP5 introduction INFN-Bari CYFRONET RIA

Security in Distributed Systems – A look at Globus

Grid Computing B.Ramamurthy 9/22/2018 B.Ramamurthy.

Grid Services B.Ramamurthy 12/28/2018 B.Ramamurthy.

Grid Security Giảng viên: PhD. Phạm Trần Vũ

Presentation transcript:

A Security Architecture for Computational Grids Ian Foster, Carl Kesselman, Gene Tsudik, Steven Tuecke Reporter : Po - Jen Lo

P - J - L 2 Abstract  這篇 paper 主要提出的問題是，每一個 domain 會有他自己的認證機制，要如何在不同的 domain 中不用重複多次的認證

P - J - L 3 Outline Security Requirements 2 Implementation 4 Introduction 31 Grid Security Architecture 33 Conclusion 35

P - J - L 4 Introduction  The interdomain security solutions used for grids must be able to interoperate with, rather than replace, the diverse intradomain access control technologies inevitably encountered in individual domains.  We propose a security policy for grid systems that addresses requirements for single sign-on, interoperability with local policies, and dynamically varying resource requirements

P - J - L 5 Introduction (Cont.)  This policy focuses on authentication of users, resources, and processes and supports user-to- resource, resource-to-user, process-to-resource, and process-to-process authentication.

P - J - L 6 The Grid Security Problem

P - J - L 7 Security Requirements  Grid systems and applications may require any or all of the standard security functions  including authentication, access control, integrity, privacy, and nonrepudiation  provide authentication solutions that allow a user, the processes that comprise a user's computation, and the resources used by those processes, to verify each other's identity  allow local access control mechanisms to be applied without change, whenever possible

P - J - L 8 Security Requirements (Cont.)  Single sign-on  Protection of credentials  Interoperability with local security solutions  Exportability  Uniform credentials/certification infrastructure  Support for secure group communication  Support for multiple implementations

P - J - L 9 Grid Security Architecture  User Proxy Creation Protocol  Resource Allocation Protocol  Resource Allocation from a Process Protocol  Mapping Registration Protocol

P - J - L 10 Grid Security Architecture (Cont.)

P - J - L 11 Implementation  GSI was developed as part of the Globus project  understand the basic infrastructure required to support the execution of wide range of computational grid applications  build prototype implementations of this infrastructure  evaluate applications on large-scale testbeds

P - J - L 12 Implementation (Cont.)  Use of the Generic Security Services Application Programming Interface (GSSAPI)  GSS-API allows us to construct GSI simply by transcribing the grid security protocols into GSS calls

P - J - L 13 Implementation (Cont.)  Use of the Generic Security Services Application Programming Interface (GSSAPI)  GSS-API bindings have been defined for several mechanisms. one based on plaintext passwords –Implementation was designed to support system debugging and small-scale deployment one based on X.509 certificates –Implementation is used for wide-area “production" use  The flexibility of our GSS-API implementation allows us to switch between public key and plaintext versions of Globus without changing a single line of Globus code

P - J - L 14 Implementation (Cont.)  Support for Public Key Technology in GSI  The GSI implementation currently uses the authentication protocols defined by the Secure Socket Library (SSL) protocol  it is possible to separate the authentication and communication components of SSL  To avoid confusion between the SSL authentication protocol and the SSL communication library SSL Authentication Protocol or SAP to refer specifically to the authentication elements of SSL

P - J - L 15 Implementation (Cont.)  Support for Public Key Technology in GSI  there exists a high-quality, public-domain implementation of the SSL protocol (SSLeay), developed outside of the United States and hence avoiding export control issues.  SSLeay is structured in a way that allows a token stream to be extracted easily, thus making the GSS implementation straightforward

P - J - L 16 Implementation (Cont.)  Support for Public Key Technology in GSI  SSL is widely adopted as the method of choice for authentication and secure communication for a broad range of distributed services  Consequently, a computation can use GSI to access not only Globus services, but also generic Web services.

P - J - L 17 Conclusions  This implementation has been deployed on a national-scale testbed  The resource proxy enables interoperability with local security solutions, as the resource proxy can translate between interdomain and intradomain security solutions.