Jie Jiang,TieMing Chen,Bo Chen,Limin Jin,Deren Chen

2008-01-01

Abstract:In order to solve the security problems introduced by the dynamic characteristics of grid services in authentication and authorization, a security services access platform based on Grid Security Infrastructure is proposed, which can provide the security grid services including the single sign-on and unified authentication and dynamic authorization. In this platform, a self-signed proxy certificate technique and improved context-constrains role based access control mechanism are deployed. The application in Country Emergency Response Grid Service System shows that the proposed platform can satisfy the need of security for grid services access through the grid portal.

Jie Jiang,Deren Chen,Tim Chen,Xiaodong Shen

DOI: https://doi.org/10.1109/imsccs.2006.169

2006-01-01

Abstract:With the development of grid service, there are two key problems to be improved. One is to access Web grid service with friend interface for user. Another is the security authentication for grid resource share. Nowadays, a solution of Web universal entrance for grid service has been given through a Web framework named grid portal. PKI based grid security infrastructure has been widely used in order to guarantee grid security. However, although proxy certificate has been well applied in GSI, there is still no integrated model for security grid portal based on PKI and proxy mechanism. From the view of cooperation, a security grid portal is proposed based on PKI and online proxy certificate repository. It can successfully move the user's credential from the PKI public key certificates to its proxy certificate issued by online proxy certificate repository, which makes a Web user be easily authenticated through Web client to any grid service process

Qinghuai Zeng,Changqin Huang,Deren Chen,Hualiang Hu

DOI: https://doi.org/10.1109/CACWD.2004.1349224

2004-01-01

Abstract:In grid environments, the dynamic and multi-institutional nature introduces challenging security issues. In this paper, we propose subtask-based authorization service (SAS) architecture to fully secure a type of application oriented to engineering and scientific computing. We minimize privileges for task by decomposing the parallel task and re-allotting the privileges required for each subtask. Community authorization module describes and applies community policies of resource permission and privilege for resource usage or task management. It separates proxy credentials from identity credentials. We adopt a relevant policy and task management delegation to describe rules for task management. The ultimate privileges are formed by the combination of relevant proxy credential, subtask-level privilege certificate and community policy for this user, as well as they conform to resource policy. To enforce the architecture, we extend the RSL specification and the proxy certificate, modify Globus' gatekeeper, jobmanager and the GASS library to allow authorization callouts, and evaluate the user's job management requests and job's resource request in the context of policies.

Lc Huang,Zh Wu

DOI: https://doi.org/10.1007/978-3-540-24680-0_166

2004-01-01

Abstract:Scalable security is a vital important issue for scalable Grid. There are several issues to be solved for scalable Grid security such as mapping from global subjects to local subjects, centralized certificate authority center, large number of users, many heterogenous security policies. In this paper, we present a scalable Grid security infrastructure(SGSI) to solve the above problems. We here describe the models and related protocols for scalable Grid authentication and authorization.

Ma Tian-chi,Li Shan-ping

DOI: https://doi.org/10.1631/jzus.2005.a0405

2005-01-01

Journal of Zhejiang University SCIENCE A

Abstract:New challenges are introduced when people try to build a general-purpose mobile agent middleware in Grid environment. In this paper, an instance-oriented security mechanism is proposed to deal with possible security threats in such mobile agent systems. The current security support in Grid Security Infrastructure (GSI) requires the users to delegate their privileges to certain hosts. This host-oriented solution is insecure and inflexible towards mobile agent applications because it cannot prevent delegation abuse and control well the diffusion of damage. Our proposed solution introduces security instance, which is an encapsulation of one set of authorizations and their validity specifications with respect to the agent’s specific code segments, or even the states and requests. Applications can establish and configure their security framework flexibly on the same platform, through defining instances and operations according to their own logic. Mechanisms are provided to allow users delegating their identity to these instances instead of certain hosts. By adopting this instance-oriented security mechanism, a Grid-based general-purpose MA middleware, Everest, is developed to enhance Globus Toolkit’s security support for mobile agent applications.

TC Ma,SP Li

DOI: https://doi.org/10.1109/clustr.2003.1253356

2003-01-01

Cluster Computing

Abstract:In this paper, an instance-oriented security mechanism is proposed, to attack possible security threats in grid-based mobile agent system. The proposed delegation profile allows application systems to define their own security instances, while it provides mechanisms to delegate one's identity on those instances, instead of on certain hosts, just like the conventional delegation does. This can prevent the delegated host from abusing privileges. By adopting the new delegation profile kernel, a new trust framework is then proposed to enhance the security verification ability and provide more fine-grained authorization to mobile agent platforms.

XU Jing-jing,DAI Hong-lei,ZHA Li,XU Zhi-wei

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.07.070

2006-01-01

Abstract:The Community-based VEGA Grid Operating System(VEGA GOS) is an environment and platform that support development and running of the grid applications.Combining with community that centralize the user and resource locally,we form a cross domain authorization model in subject,resource and operating space to solve the issues of versatile,autonomous control and easy-to-use in grid environment.This paper introduces the design and implementation of the community-based multi-grained authorization and access control mechanism,and take a measurement and analysis to the performance penalty due to the use of security mechanism.

Li Ma,Yongmei Zhang

DOI: https://doi.org/10.1109/AMS.2009.41

2009-01-01

Abstract:The grid is an heterogeneous distributed environment, it has many new characteristics that are different with the traditional Internet, for example, it have many users and resources. These characteristics have decided complexity of the grid safety mechanism. Thus security is an important element of the practical of grid computing technology. In paper, we described a hybrid model of authentication against centralized, hierarchical structure, other traditional forms of authentication features and combining grid security needs. Compare and analyzed the hybrid model authentication mechanisms, performance, and the implement methods of these models, and verified the safety and effectiveness of the hybrid mode. It described the design process of hybrid mode in detail . Given the specific systems certification flow and the performance analysis of application , it is great significance for grid security and management.

Tianchi Ma,Shanping Li

DOI: https://doi.org/10.1007/978-3-540-24679-4_153

2004-01-01

Abstract:An instance-oriented security mechanism is proposed to deal with security threats in building a general-purpose mobile agent middleware in Grid environment. The proposed solution imports security instance, which is an encapsulation of one set of authorizations and their validity specifications with respect to the agent's specific code segments, or even the states and requests. Study shows this mechanism can inject large flexibility and scalability into the security framework, and can avoid the inefficiency and potential damages obscuring in a conventional linear delegation model.

YAN Jian-wei,LIANG Li,LIU Yong

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.08.035

2005-01-01

Abstract:Introduces some prototypes of computational grid security. According to the domestic research actuality, this paper proposes a new grid security model with group authentication and collaboration. This model extends the current grid security model. The paper also discusses the security framework and collaboration mechanism in detail.

Yongkai Cai,Shaohua Tang

DOI: https://doi.org/10.1109/CIS.2008.187

2008-01-01

Abstract:A federated security scheme based on WS-Security standard for cross-domain Grid is proposed. It integrates the WS-Security standard and the Grid security mechanism. A trust model is established based on WS-Trust specification. A communication is established based on WS-SecureConversation specification. The architecture is implemented in a SAML-based federated authentication and authorization cross-domain Grid. Through experiment and analysis, it is shown that our scheme is secure, effective and efficient.

Zhengli Zhai,Yan Qiao,Mingwen Shao

DOI: https://doi.org/10.4156/AISS.vol4.issue23.30

2012-01-01

Abstract:Grid Computing is a newly developed technology; it connects distributed computer, networks, database and research facilities together with high speed network. Because of the mass data and the dynamic attributes the grid possesses, security environment of open grid must be taken into serious consideration. Definition of security patterns have been given by GSI and other grid infrastructure as well. In this article, we mainly discuss the PKI and three security patterns of the credential authentication, which includes Mutual Authentication, Short Lifespan and Single Sign-on. Based on these we finally put forward a security policy for a tourism agency, a typical Grid of enterprise.

Ajay Prasad,Saurabh Singh Verma,Ashok Kumar Sharma

DOI: https://doi.org/10.48550/arXiv.1007.0295

2010-07-02

Abstract:Services oriented grids will be more prominent among other kinds of grids in the present distributed environments. With the advent of online government services the governmental grids will come up in huge numbers. Apart from common security issues as in other grids, the authorization in service oriented grids faces certain shortcomings and needs to be looked upon differently. The CMMS model presented here overcomes all these shortcomings and adds to the simplicity of implementation because of its tight similarities with certain government services and their functioning. The model is used to prototype a State Police Information Grid (SPIG). Small technological restructuring is required in PKIX and X.509 certificates.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Wang Qianghua,Zhou Mingquan,Geng Guohua,Xu Ti

DOI: https://doi.org/10.3969/j.issn.1000-386X.2006.11.010

2006-01-01

Abstract:Grid is an open distributed system environment.The purpose of Grid is to provide for sharing the resources between virtual organizations with distributed,heterogeneous,dynamic characteristics.Security is one of the key factors in Grid environment.The Grid security include data integrity,data privacy,authentication,authorization and audit.In this paper,the security model and the authentication,authorization framework of open system environment are analyzed,the security protocols and infrastructures of the OGSA grid service are discussed.

Hongbin Cai,Fan Min,Qihe Liu,Chunlan Fang

DOI: https://doi.org/10.1109/ICCGI.2007.56

2007-01-01

Abstract:A Grid Information Service (GIS) stores information about the resources of a distributed computing environment and answers questions about it. Currently, no enough attention has been devoted to the security issue. We are developing SecureGIS, a new GIS pattern combining digital certificate with Universal Description, Discovery, and Integration (UDDI) and Role-Based Access Control (RBAC) technologies. SecureGIS checks user identity, confirms the authenticity of service information and ensures the privacy of private and/or secret grid services. Furthermore, since UDDI is adopted, grid service and web service information can be stored and managed in a unified manner.

Weifeng Sun,Boxiang Dong,Zhenquan Qin,Juanyun Wang,Mingchu Li

DOI: https://doi.org/10.1109/iihmsp.2010.184

2010-01-01

Abstract:Computational grids are a promising platform for solving platform for solving large-scale resource intensive problems. Security problems become an urgent and complex undertaking for the application of grid computing. Traditional approaches to proving certificates validity such as CRL and OCSP are problematic in some areas. A new mechanism LSSM(Low-level Security Solving Method) which can efficiently solve problems of security, time accuracy and overhead is introduced in detail. LSSM is able to realize better security and faster revocation without bringing about too much cost.

Wei Jie,Zhenghong Huang,Michael Daw,Rob Procter,Xiaorong Li,Lianggui Tang,Sheng Lu

DOI: https://doi.org/10.1109/CEC-EEE.2007.84

2007-01-01

Abstract:Grid Information Service (GIS) is a core functional component of a Grid that provides information about various resources and their status. Security underpins a GIS making secure access to a GIS an important issue. On the basis of our existing work on a GIS architecture, we further propose a security framework which leverages Shibboleth as the authentication infrastructure and combines PERMIS authorization technology. As a result, this security framework integrates the advantages of both Shibboleth cross-domain identity federation and PERMIS policy driven role based access control, thus presenting a new security model for secure access to a GIS.

Du Bin,Zhang Xu,Huang Zhenchun,Fan Dongpu

DOI: https://doi.org/10.3321/j.issn:1001-7488.2006.z1.032

2006-01-01

Abstract:User and digital certification management plays an important role in the information grid system. It is the foundation of the authority management and security service invocation of grids and gives the basic support for grid portal and high level business process. In this paper,we put forward a framework for user management in forestry grid which coued support two-dimension role management,digital certification management and security service call. User and digital management module for digital forestry grid has been implemented based on the framework,and it will offer very good support for user authentication and workflow in forestry grid.

YANG Shengwen,SHI Meilin,JIANG Jinlei,XU Jun

DOI: https://doi.org/10.3321/j.issn:1000-0054.2005.10.034

2005-01-01

Abstract:Security is a challenging issue in grid systems.A service-oriented security architecture was developed to provide security in learning assessment grid(LAGrid),an e-Learning oriented grid system.A symmetric key infrastructure was used in for single sign on enabled authentication and role-based authorization.A security token service was designed to give message-level encryption and signature mechanisms.The service-oriented security architecture has been successfully implemented in LAGrid system which supports wide-area resource sharing and large-scale cross-organizational collaborative work.In addition,the system provides a secure,transparent and web-based user environment.

Min Li,Yi-sheng Zhang,Nian-sheng Cheng

DOI: https://doi.org/10.1109/iccsit.2008.166

2008-01-01

Abstract:In modern Collaborative Manufacturing, different security mechanisms of systems bring usage complexities and security risks. Grid Security Infrastructure (GSI) enables secure authentication and communication over computer networks. It is designed and developed on the technology of Java GSS-API, JAAS, Kerberos. The key technologies such as integrating with application server are specially discussed. The application in a blanking processing factory verifies the practicability of the security service.