Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Requirements for ChinaGrid Applications - What the current grid security solutions cannot do Hai Jin Huazhong University of Science and Technology.

Published byClemence Day Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Requirements for ChinaGrid Applications - What the current grid security solutions cannot do Hai Jin Huazhong University of Science and Technology."— Presentation transcript:

1 Security Requirements for ChinaGrid Applications - What the current grid security solutions cannot do Hai Jin Huazhong University of Science and Technology Wuhan, China

2 Outline Introduction about ChinaGrid Typical ChinaGrid applications
ChinaGrid security requirements Open Issues of ChinaGrid Security

3 ChinaGrid in a Nutshell
China Education and Research Grid Funded by Ministry of Education As the pilot grid application supported by National 863 Hi-Tech R&D program Based on CERNET (China Education and Research Network) First Phase From 12 key universities as initiative More than 6Tflops w/60TB 20 key universities now

4 ChinaGrid (The First Phase)

5 Main Research Tasks Campus grid platform Common platform for ChinaGrid Grid application platform and representative grid applications Image processing grid Bioinformatics grid Course on-line grid Computational fluid dynamic grid Large scale information processing grid

6 Campus Grids and their Computing Power and Storage Capacity
HUST:0.8Tflops, 5TB THU:1.3Tflops, 20TB PKU:0.5Tflops, 10TB BUAA:0.5Tflops, 5TB SCUT:0.9Tflops, 20TB SJTU:0.3Tflops, 9TB SEU:0.5Tflops, 5TB XJTU:0.1Tflops, 2.5TB NUDT:0.2Tflops, 5TB NEU:0.8Tflops, 5TB ZSU:1.0Tflops, 10TB SDU:1.3Tflops, 18TB NWPU:0.4Tflops, 2TB ZJU:0.6Tflops, 3TB FUDAN:1.8Tflops, 6TB TONGJI:0.2Tflops, 1TB USTC:1.2Tflops, 5TB UESTC:0.3Tflops, 2TB RUC:0.1Tflops, 0.5TB LZU:0.3Tflops, 1TB ChinaGrid:>13Tflops, 135TB

7 Layered Infrastructure of ChinaGrid
High performance computing environment (campus grid) ChinaGrid Supporting Platform (CGSP) NUDT THU HUST ZSU PKU SJTU XJTU NEU SCUT BUAA SEU SDU Remote education grid Image processing Fluid dynamics Massive information processing grid Bioinformatics

8 CGSP1.0 Architecture

9 Typical ChinaGrid Application - Image Processing Grid
Grid Resource Application Middleware Image process programming environment Image resource sharing Portal and Application Interface Typical application support Mainframes Instruments Databases Grid Interface Application monitoring tool Remote visual tools Information service Resource manager Data manager Grid security Grid Infrastructure Clusters

10 Workflow of Image Processing Grid Application - Remote Sensing
Original Image Original Image Signal & Auxiliary Data Distill Optical Original Image Meta-data Pre-Processing Layer Image Radiation Validity & System Geometric Validity Validity Image Precise Check Image Multi-Source & Physic Data Data Processing Layer Increment Comeback Transfer Encoding Single Breadth &Multiple-Spectrum Data Info Abstract Layer Automated Match Histogram Statistic Division Classification Description Abstraction Compound Data Features, Identifier, Knowledge Data Image Description & Inference 3D Model Scenario Back Identification Knowledge Layer Application:Resource Monitor, Modification Check, Target Identify, Image Spelling, Map Navigation etc

11 Typical ChinaGrid Application - Massive Information Processing Grid

12 Workflow of Mass Information Processing Grid (UMDGrid)
BUAA SDU NJU KMST Control Flow Data Flow Static Registry

13 ChinaGrid Security Requirements (1)
Security requirements for ChinaGrid platform Interoperate with existing security infrastructures Adapt to domain autonomy Meet the security requirements of various applications Construct security architecture Trusted computing for platform legality

14 ChinaGrid Security Requirements (2)
Security requirements for image processing grid Basic security requirement (encryption transfer and authentication) Protect sensitive information produced by remote image processing Service (including key data, key software, key hardware) authorization requirement - for virtual human and remote sensing image processing grid User-profile based sensitive record authorization requirement (a decentralized trust management problem) - for medical image diagnosis grid Security requirement for virtual organization based collaboration processing (more general and abstract level)

15 Scenario for Image Processing Grid (Medical Diagnosis)

16 ChinaGrid Security Requirements (3)
Security requirements for massive information processing grid Basic security requirement (encryption transfer and authentication) Database security operation requirement (to deal with federation of distributed information) - for UDMGrid and DPKDD Grid Data access authorization for different users in cooperative processing

17 Scenario for Massive Information Processing Grid (University Digital Museum)
SDU Database Authorization Service Authentication Admin NJU Computing Resource BUAA Mass Storage Delegation Users

18 Open Issues for ChinaGrid Security (1)
Technical aspects Standard policy and assertion presentation Attribute based authorization and access control Autonomous authorization delegation Dynamic and flexible secure virtual organization collaboration Secure group communication (provide secure group communication mechanism for VO participants)

19 Open Issues for ChinaGrid Security (2)
Practical aspects Support Web Service/Grid Service Adopt standard draft and implement for policy and assertion (SAML, XACML) Conform to some security drafts, such as WS Security, Liberty Alliance Adopt ideas from some existing authorization infrastructure, such as PERMIS, AKENTI, CARDEA Adopt ideas from Single Sign-on (SSO) systems, such as Shibboleth and SourceID (for the SSO in a virtual organization) Adopt some ideas from decentralized trust management for Authorization Delegation

20 Open Issues for ChinaGrid Security (3)
Some aspects need to be further discussed Security policy negotiation and reconciliation inside the virtual organization (because of security policy conflict in VO) ChinaGrid security architecture Evaluation for ChinaGrid security technology and policy Trusted computing mechanism for ChinaGrid

Download ppt "Security Requirements for ChinaGrid Applications - What the current grid security solutions cannot do Hai Jin Huazhong University of Science and Technology."

Similar presentations

GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
Some contributions to the management of data in grids Lionel Brunie National Institute of Applied Science (INSA) LIRIS Laboratory/DRIM Team – UMR CNRS.

Some contributions to the management of data in grids Lionel Brunie National Institute of Applied Science (INSA) LIRIS Laboratory/DRIM Team – UMR CNRS.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.
CoLaB 22nd December 2005 Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell Informatics Institute University of Leeds, UK.

CoLaB 22nd December 2005 Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell Informatics Institute University of Leeds, UK.
DAME Collaborative Workflow & Access Control Duncan Russell University of Leeds.

DAME Collaborative Workflow & Access Control Duncan Russell University of Leeds.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Scientific Data Infrastructure in CAS Dr. Jianhui Scientific Data Center Computer Network Information Center Chinese Academy of Sciences.

Scientific Data Infrastructure in CAS Dr. Jianhui Scientific Data Center Computer Network Information Center Chinese Academy of Sciences.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong

1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
ChinaGrid Experience with GT4 Hai Jin Huazhong University of Science and Technology

ChinaGrid Experience with GT4 Hai Jin Huazhong University of Science and Technology
The Grid System Design Liu Xiangrui Beijing Institute of Technology.

The Grid System Design Liu Xiangrui Beijing Institute of Technology.
1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.

1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.

Similar presentations

Ads by Google