HL Hu,D Chen,CQ Huang

DOI: https://doi.org/10.1007/11428862_31

2005-01-01

Abstract:The open and anonymous of grid make the task of controlling access to sharing information more difficult, which cannot be addressed by traditional access control methods. In this paper, we identify access control requirements in such environments and propose a trust based access control framework for grid resource sharing. The framework is an integrated solution involving aspects of trust and recommendation models, based the discretionary access control (DAC), and are applied to grid resource-sharing systems. In this paper, we integrate technology of web services into idea of trust for describing resources.

Shangyuan Guan,Yiduo Mei,Xiaoshe Dong,Zhao Wang,Zhengdong Zhu

DOI: https://doi.org/10.1007/978-3-540-92719-8_42

2007-01-01

Abstract:Automated Trust Negotiation (ATN) is a promising approach to allowing strangers to access sensitive services in open environments. Although many ATN systems are proposed, some issues still remain to be addressed: 1) they are centralized and cannot scale well; and 2) their policy languages are coarse-grained. To address the above problems and secure grids, we present a novel automated trust negotiation framework, FORT, to establish trust relationship between service providers and service requesters. FORT is decentralized, so it scales well. Furthermore, we utilize attribute constraints to refine its language. This paper implements FORT and designs experiments to evaluate its performance. Experimental results show that FORT can effectively protect sensitive services at the cost of little performance of systems and scale well.

Shangyuan Guan,Xiaoshe Dong,Jing Zhao,Yiduo Mei,Xingjun Zhang

DOI: https://doi.org/10.1109/cscwd.2008.4537078

2008-01-01

Abstract:Trust has been recognized as an important factor for grid security. This paper proposes a decentralized automated trust negotiation framework, FORT, to establish trust relationship between service providers and service requesters in grids. FORT presents many innovative features. First, FORT is decentralized, so it scales well and is well-suited for large-scale grids. Second, FORT refines its policy language with attribute constraint, so it can provide the support for effective protection of sensitive information of the two negotiation parties and flexible limitation of delegation range. Last, we employ multithreaded technology to speed up negotiation. This paper depicts the implementation of FORT and designs experiments to evaluate its performance. Experimental results show that FORT can effectively protect sensitive services at the cost of little performance of systems and is scalable.

Wenjuan Li,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1109/iceie.2010.5559829

2010-01-01

Abstract:Security and interoperability is the biggest challenge to promote cloud computing currently. Trust has proved to be one of the most important and effective alternative means to construct security in distributed systems. In order to efficiently and safely construct entities' trust relationship in cloud and cross-clouds environment, this paper proposed a novel cloud trust model and a new cloud security framework. The propose trust model is domain-based. It divides one cloud provider's resource nodes into the same trust domain. It designs different trust strategies for different roles. Trust recommendation is treated as one type of cloud services just like computation or storage. Based on the proposed trust model, it introduced a novel cloud security framework with an independent trust management module. Using the proposed security model, it introduced some trust-based security mechanisms. Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy.

Shangyuan Guan,Xiaoshe Dong,Yiduo Mei,Weiguo Wu,Zhenghua Xue

DOI: https://doi.org/10.1109/ICNSC.2008.4525201

2008-01-01

Abstract:Trust is an important aspect of decision making for grid applications. It has been a fundamental but challenging problem to gain assurance of the trustworthiness of service providers or requesters. This paper proposes a novel trust negotiation framework, ENVOY, to establish trust relationship between service providers and requesters in grids. ENVOY supports various kinds of delegation by leveraging attribute-based credentials and defines delegation range expediently by using attribute constraint, and we develop a negotiation strategy based on protection tree to support ENVOY, which provides the support for protection of sensitive information of the two negotiation parties. Moreover, ENVOY employs multithreaded technology and trust ticket to speed up negotiation. This paper describes the implementation of ENVOY and designs experiments to evaluate its performance, and the experimental results show that it is applicable.

Shangyuan Guan,Xiaoshe Dong,Yiduo Mei,Zhao Wang,Zhengdong Zhu

DOI: https://doi.org/10.1109/HPCC.2008.117

2008-01-01

Abstract:It has been a fundamental but challenging problem to gain assurance of the trustworthiness of service providers or requesters and ensure their interests. We present the formal definition of trust management, and then propose a trust management, CASTTE, to secure sensitive services and requesters in grids. CASTTE verifies access trust by using trust negotiation so as to protect sensitive services, and protects sensitive information of the two negotiators effectively by using a negotiation strategy based on protection tree. Furthermore, we utilize trust force to specify provision trust and apply trust force to service selection. This paper implements CASTTE and designs experiments to evaluate its performance. The experimental results show that it can not only protect sensitive services at the cost of little performance of systems, but also identify good services from bad ones effectively.

Wenjuan Li,Lingdi Ping

DOI: https://doi.org/10.1007/978-3-642-10665-1_7

2009-01-01

Abstract:Trust is one of the most important means to improve security and enable interoperability of current heterogeneous independent cloud platforms. This paper first analyzed several trust models used in large and distributed environment and then introduced a novel cloud trust model to solve security issues in cross-clouds environment in which cloud customer can choose different providers' services and resources in heterogeneous domains can cooperate. The model is domain-based. It divides one cloud provider's resource nodes into the same domain and sets trust agent. It distinguishes two different roles cloud customer and cloud server and designs different strategies for them. In our model, trust recommendation is treated as one type of cloud services just like computation or storage. The model achieves both identity authentication and behavior authentication. The results of emulation experiments show that the proposed model can efficiently and safely construct trust relationship in cross-clouds environment.

Shangyuan Guan,Xiaoshe Dong

2007-01-01

Abstract:Trust isanimportant aspect ofdecision makingfor gridapplications. Ithasbeenafundamental butchallenging problemtogainassurance ofthetrustworthiness ofservice providers orrequesters. Thispaperproposes a noveltrust negotiation framework, ENVOY,toestablish trust relationship betweenservice providers andrequesters ingrids. ENVOY supportsvariouskindsof delegation by leveraging attribute-based credentials and defines delegation range expediently byusingattribute constraint, andwe develop a negotiation strategy basedon protection treetosupport ENVOY,whichprovides thesupport forprotection ofsensitive information ofthetwonegotiation parties. Moreover, ENVOY employs multithreaded technology andtrust ticket tospeedup negotiation. Thispaperdescribes theimplementation of ENVOY anddesigns experiments toevaluate itsperformance, andtheexperimental results showthatitisapplicable. I.INTRODUCTION GRIDemphasizes large scale resource sharing across Jadministrative domains orsecurity domains inaflexible, secure, andcoordinated fashion (1). Asgrid transfers froma purely scientific community toaheterogeneous, commercial, opencommunity, itenters an environment ofmutual suspicion (2). Malicious users maydamage grids bystealing sensitive information. Therefore, themostsignificant challenge forgrid computing istodevelop acomprehensive setofmechanisms andpolicies forsecuring grids, oneof whichistheenforcement ofaccess control. Accesscontrol ingrids istypically provided by a combination ofidentity certificates andlocal accounts (3). Unfortunately, traditional access control methods based on theidentity ofusersisineffective andcannot scale well because thenumberofusers andservices islarge andtheir population isdynamic. Furthermore, service provider and usermaybefromdifferent security domains whichmight maintain different security policies, possibly without prior knowledge ofeachother. Therefore, ithasbeena fundamental butchallenging problem togain assurance ofthe trustworthiness oftheservice provider orusers. A promising approach toaccess control, Automated Trust Negotiation (ATN)(4), iswell-suited forgrids because it allows thetwonegotiation parties establish trust bygradually andinteractively disclosing credentials andaccess control policies while preserving their privacy. However, there are somelimitations ondelegation andnegotiation strategy in

Yan He,Miaoliang Zhu

DOI: https://doi.org/10.4108/infoscale.2007.888

2007-01-01

Abstract:Traditional security model, where the identity of all possible requesting subjects must be pre-registered in advance, is not suitable for the distributed applications with strong real-time requirements, especially recently popular P2P networks and Grid computing. A promising approach is represented by automated trust negotiation, which establishes trust between strangers through the exchange of digital credentials and the use of access control policies. An automated trust negotiation strategy needs to be adopted to establish trust between two parties based on their disclosure policies. Previously proposed negotiation strategies may fail when in fact success is possible, disclose irrelevant credentials, or have high communication or computational complexity. In this paper, we model the policies participating trust negotiation as Negotiation Petri Net and propose a trust negotiation Strategy based on Negotiation Petri Net (SNPN) by combining the characteristics of Negotiation Petri Net architecture with the behaviors of auto trust negotiation. We prove that SNPN is efficient with O(n) communication complexity and O(nm) computational complexity including Negotiation Petri Net building process and the negotiation process in the worst case, where n is the number of credentials and m is the size of the credential disclosure policies. Meanwhile SNPN is complete and makes sure that no irrelevant credentials will be disclosed during negotiations.

Sunan Shen,Shaohua Tang

DOI: https://doi.org/10.1109/CIS.2008.185

2008-01-01

Abstract:As grid’s dynamic, distributed and open nature, the issue of mutual trust among grid entities is challenging, not only because of the entities in different domains, but also because the fact that those domains may deploy different security mechanisms. A federal authentication and authorization scheme based upon trust management and delegation is proposed. Different security domains can join in the federation through the interface that our approach provides. The establishment of trust relationship among domains is based on trust negotiation and PKI cross-certification. We make authorization relay on dynamic role translation and on delegation. The Security Assertion Markup Language (SAML) is adopted by exploiting its AttributeStatement to create Delegation Assertion for grid.

Yu Zhang,Jinpeng Huai,Yunhao Liu,Li Lin

DOI: https://doi.org/10.1109/ICCCN.2006.286307

2006-01-01

Abstract:In order to maximize resource utilization as well as providing trust management in grid, we propose a novel framework - Trust-Incentive Resource Management (TIM). Having child model, club model, bid model and trust model, TIM dynamically manages grid resource by integrating values of prices, trust, and incentive. In this mechanism, providers set the price according to demand and supply, and consumers maximize the surplus upon budget and deadline. A weighted voting scheme is also proposed to secure the grid system by declining the join request from malicious nodes. A TIM prototype has been successfully implemented in a real grid system, CROWN grid. We evaluate the proposed approach through comprehensive experiments and achieve improved results in resource allocation efficiency, system completion time, and aggregated resource utilization.

Shangyuan Guan,Yiduo Mei,Nan Qin,Xiaoshe Dong

DOI: https://doi.org/10.3321/j.issn:1671-4512.2007.z2.013

2007-01-01

Abstract:The existing automated trust negotiation systems are centralized, so they don t scale well and are not suited for the large-scale grid environment. To address the above problem, this paper presents a mechanism of Distributed Automated Trust Negotiation (DATN) which scales well. This paper describes the prototype implementation of DATN. DTAN runs on DAWNING 4000L in the Xi'an Jiaotong University Node of the ChinaGrid, and the experimental results show that it is scalable.

Wenbao Jiang,Chen Li,Shuang Hao,Yiqi Dai

DOI: https://doi.org/10.1007/978-3-540-31979-5_25

2005-01-01

Abstract:Delegation is an important tool for authorization in large distributed environments. However, current delegation mechanisms used in emerging Grids have problems to allow for flexible and secure delegation. This paper presents a framework to realize restricted delegation using a specific attribute certificate with trust value in grid environments. The framework employs attribute certificates to convey rights separately from identity certificates used for authentication, and enables chained delegations by using attribute certificate chains. In the framework the verifier can enforce securely authorization with delegation by checking the trust values of AC chains, and judge if a delegation is a trusted delegation by evaluating the reputation value of the delegation chain. The paper discusses the way of computing trust and reputation for delegation, and describes some details of delegation, including the creation of delegation credential and the chained delegation protocol.

YM Zhu,JS Han,YH Liu,LM Ni,CM Hu,JP Huai

DOI: https://doi.org/10.1109/icdcsw.2005.136

2005-01-01

Abstract:In typical distributed environments, there are two parties: consumers and providers. Consumers have computational jobs while may lack of computational resources. Providers have relatively underutilized resources. With the rapid advancement in high-speed networks, how to enable the effective and secure interaction between consumers and providers has become increasingly important. Because of the distributed ownership of resources, however, it is a very challenging problem. We propose the TruGrid, a Self-sustaining Trustworthy Grid, to solve it. The TruGrid is a novel loosely connected grid system, which guarantees the incentive of every participant and therefore it is a self-sustaining system. We also identify two security challenges arising in the TruGrid, i.e., free-rider and boaster. The proposed trustworthiness management and the penalty model successfully overcome the challenges. Simulation results demonstrate that the TruGrid is a promising actuator to enable the interaction between autonomous consumers and providers.

Qing Ding,Xi Li,Ming Jiang,Xuehai Zhou

DOI: https://doi.org/10.4156/jdcta.vol3.issue1.ding

2009-01-01

Abstract:Peer-to-peer (P2P) Grid Computing has gained its popularity in many large scale distributed applications. Within such an environment, trust management is a complex and difficult task since the Grid harnesses a large variety of geographically distributed resources in virtual organizations (VOs) across multiple domains. This paper proposes a reputation framework for trust management in the P2P Grid. In order to efficiently collect locally-generated feedbacks and aggregate them to yield the global reputation scores, the proposed model integrates two known concepts: distributed eigenvectors method and the central method. A novel FARW algorithm based on DHT network is designed to efficiently aggregate global reputations within one VO, and the ring algorithm is suggested to elect the coordinator, which is responsible for reputation calculation across multi-VOs. To validate our system, a context-related reputation function is designed to facilitate an efficient mechanism for service provider selection in this P2P Grid environment. Network simulation experiments show that significant performance gains can be gotten using this framework.

Xl Gui,B Xie,Yn Li,Dp Qian

DOI: https://doi.org/10.1007/978-3-540-30207-0_60

2004-01-01

Abstract:Computational Grids need support the distributed high performance computing with security and reliability. While the fact is when malicious users apply computational resources or illegally modify their secure levels, they can get system-level data or outputs belong to other applications by running cock-horse, even more they can destroy the whole system. For solving these security problems in Grids, a Grid security model with users behaviors and trusts is introduced. And by improving the components of reputation in traditional trust [1], [2] model, a new trust model with mathematical description is presented, and the grid security infrastructure with this trust model is described.

LI Wen-juan,WANG Xiao-dong,FU Yang-geng,FU Zhi-xiang

DOI: https://doi.org/10.3969/j.issn.1000-2243.2006.02.009

2006-01-01

Abstract:We firstly analyze three trust models in grid environment, compare their constructs, advanta|ges and disadvantages, then bring forward some advice such as defining identity weight, realizing authen|tication in the initialization, regarding trust recommendation as one type of trade context, enhancing self-determination of grid entities and establishing trust management layer, and based on the former analy|sis develop framework of a novel grid trust model.

Yan Li,Huiping Sun,Zhong Chen,Jinqiang Ren,Haining Luo

DOI: https://doi.org/10.1109/SecTech.2008.50

2008-01-01

Abstract:With the development of grid technology, sensitive files and data protection become difficult tasks multi-domains. Traditional access control mechanisms are not suitable to such distributed environment. Several models and mechanisms utilize trust to assist access control decision. But few explicitly consider trust and risk as two separate factors which affect interactions between peers. In this paper, we present a novel mechanism which considers both trust and risk as two vital parameters to assist access control decision. In addition, a novel model of trust evaluation is proposed to represent the confidence in the peer. And to appease people’s anxiety about loss, a new model of risk assessment is also presented to indicate impacts on resources. At the end of this paper, simulation results will indicate that our mechanism is able to secure local system more efficiently and reliably.

Yongkai Cai,Shaohua Tang

DOI: https://doi.org/10.1109/CIS.2008.187

2008-01-01

Abstract:A federated security scheme based on WS-Security standard for cross-domain Grid is proposed. It integrates the WS-Security standard and the Grid security mechanism. A trust model is established based on WS-Trust specification. A communication is established based on WS-SecureConversation specification. The architecture is implemented in a SAML-based federated authentication and authorization cross-domain Grid. Through experiment and analysis, it is shown that our scheme is secure, effective and efficient.

Hailong Sun,Yanmin Zhu,Chunming Hu,Jinpeng Huai,Yunhao Liu,Jianxin Li

DOI: https://doi.org/10.1007/11573937_33

2005-01-01

Abstract:CROWN Grid aims to empower in-depth integration of resources and cooperation of researchers nationwide and worldwide. In such a distributed environment, to facilitate adoption of services, remote and hot service deployment is highly desirable. Furthermore, when the deployer and the target container are from different domains, great security challenges arise when a service is deployed to the remote container. In this paper, we present ROST, an original scheme of Remote & hOt Service deployment with Trustworthiness. By dynamically updating runtime environment configurations, ROST avoids restarting the runtime system during deployment. Moreover, we adopt trust negotiation in ROST to assure the security of service deployment. We conduct experiments in a real grid environment, and evaluate ROST comprehensively.