Security for Grids

Proceedings of the IEEE

Volumn 93, Issue 3, 2005, Pages 644-652

  Humphrey, Marty ^a   Thompson, Mary R ^b   Jackson, Keith R ^b  

^a University of Virginia   (United States)

^b LAWRENCE BERKELEY NATIONAL LABORATORY   (United States)

Author keywords

Authentication; Authorization; Computational Grid security; Secure communication; Security policy; Trust management

Indexed keywords

COMPUTER NETWORKS; DATA STORAGE EQUIPMENT; DISTRIBUTED COMPUTER SYSTEMS; INTELLIGENT AGENTS; RESOURCE ALLOCATION; SECURITY OF DATA; SECURITY SYSTEMS; VIRTUAL REALITY;

AUTHENTICATION; AUTHORIZATION; COMPUTATIONAL GRID SECURITY; SECURITY POLICY; TRUST MANAGEMENT;

COMPUTATIONAL METHODS;

EID: 20744446447     PISSN: 00189219     EISSN: None     Source Type: Journal    
DOI: 10.1109/JPROC.2004.842776     Document Type: Conference Paper

References (85)

1. National Science Foundation TeraGrid [Online]. Available: http://www.teragrid.org
2. SETI@Home: The Search for Extraterrestrial Intelligence [Online]. Available: http://setiathome.ssl.berkeley.edu/
3. B. C. Neumann and T. Ts'o, "Kerberos: An authentication service for computer networks," IEEE Commun. Mag., vol. 32, no. 9, pp. 33-38, Sep. 1994.
4. M. Humphrey and M. Thompson, "Security implications of typical grid computing usage scenarios," in Proc. 10th Int. Symp. High Performance Distributed Computing (HPDC), San Francisco, CA, Aug. 7-9, 2001.
5. C. Landwehr, "Computer security," Int. J. Inf. Security, vol. 1, no. 1, pp. 3-13, Aug. 2001.
6. Frequently Asked Questions about Today's Cryptography, RSA Laboratories, Version 4.1. [Online]. Available: http://www.rsasecurity.com/rsalabs/faq/
7. P. Gutmann. Computer Security Tutorial [Online]. Available: http://www.cs.auckland.ac.nz/~pgut001/tutorial/
8. R. Rivest. The MD5 Message-Digest Algorithm. RFC 1321. [On-line]. Available: http://www.faqs.org/rfcs/rfc1321.html
9. American National Standard for Information Systems-Data Link Encryption, ANSI X3.106, American National Standards Institute, 1983.
10. Federal Information Processing Standards Publication 197 (2001, Nov.). [Online]. Available: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
11. R. Rivest, A. Shamir, and L. M. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Commun. ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978.
12. C. Adams, P. Cain, D. Pinkas, and R. Zuccherato. (2001, Aug.) Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP). RFC 3161. [Online]. Available: http://www.ietf.org/rfc/rfc3161.txt
13. MIT Distribution Center for PGP (Pretty Good Privacy) [Online]. Available: http://web.mit.edu/network/pgp.html
14. Information Technology - Open Systems Interconnection - The Directory, CCITT X.500 Series (1994) ISO/IEC 9594, 1994.
15. Information Technology - Open Systems Interconnection - The Directory: Authentication Framework, ITU-T Recommendation X.509 (1997E), Jun. 1997.
16. R. Housley, W. Polk, W. Ford, and D. Solo, "Internet X.509 Public Key Infrastructure: Certificate and CRL Profile," RFC 3280, Apr. 2002.
17. R. Rivest and B. Lampson. SDSI - A Simple Distributed Security Infrastructure. [Online]. Available: http://theory.lcs.mit.edu/ ~rivest/sdsi10.html
18. Shibboleth [Online]. Available: http://shibboleth.internet2.edu/
19. Passport [Online]. Available: http://www.passport.net/Consumer/Default. asp?lc=1033
20. Introduction to the Liberty Alliance Identity Architecture. Revision 1.0. Liberty Alliance Project. (2003, Mar.). [Online]. Available: http://www.projectliberty.org
21. J. Linn, Ed., Liberty Trust Models Guidelines. Version 1.0. Liberty Alliance Project. [Online]. Available: http://www.projectliberty. org/specs/liberty-trust-models-guidelines-v1.0.pdf
22. Web Services [Online]. Available: http://www.w3.org/2002/ws/ or http://www.webservices.org/index.php/article/archive/61
23. T. Dierks and E. Rescorla. (2004, Mar.) The TLS Protocol Version 1.1. RFC 2246. [Online]. Available: http://www.ietf.org/internet-drafts/draft-ietf-tls- rfc2246-bis-06.txt
24. A. Frier, P. Karlton, and P. Kocher, "The SSL 3.0 Protocol," Netscape Communications Corp., Nov. 18, 1996.
25. C. Ellison et al.. SPKI Certificate Theory. IETF RFC 2693. [Online]. Available: http://www.ietf.org/rfc/rfc2693.txt
26. M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams, (1999, Jun.) X.509 Internet Public Key Infrastructure Online Certificate Status Protocol (OCSP). RFC 2560. [Online]. Available: http://www.ietf.org/rfc/rfc2560.txt
27. O. Kornievskaia, P. Honeyman, B. Doster, and K. Coffman, "Kerberized credential translation: A solution to web access control," in Proc. USENIX Security Symp., Washington, D.C., Aug. 2001.
28. B. Tung, C. Neuman, M. Hur, A. Medvinsky, S. Medvinski, J. Wray, and J. Trostle. (2004, Aug.) Public Key Cryptography for Initial Authentication in Kerberos. RFC 1510bis. [Online]. Available: http://www.ietf.org/internet-drafts/ draft-ietf-cat-kerberos-pk-init-18.txt
29. J. Novotny, S. Tuecke, and V. Welch, "An online credential repository for the grid: MyProxy," in Proc. 10th Int. Symp. High Performance Distributed Computing, Aug. 2001.
30. MyProxy Online Credential Repository [Online]. Available: http:// grid.ncsa.uiuc.edu/myproxy/
31. S. Kent and R. Atkinson. (1998, Nov.) Security Architecture for the Internet Protocol. RFC 2401. [Online]. Available: http://www.ietf.org/rfc/ rfc2401.txt
32. I. Foster, C. Kesselman, G. Tsudik, and S. Tuecke, "A security architecture for computational grids," in Proc. 5th ACM Conf. Computer and Communications Security, 1998, pp. 83-92.
33. R. Butler, D. Engert, I. Foster, C. Kesselman, S. Tuecke, J. Volmer, and V. Welch, "A national-scale authentication infrastructure," IEEE Computer, vol. 33, no. 12, pp. 60-66, Dec. 2000.
34. A. Ferrari, F. Knabe, M. Humphrey, S. Chapin, and A. Grimshaw, "A flexible security system for metacomputing environments," in Proc. High Performance Computing and Networking Europe, Amsterdam, The Netherlands, Apr. 1999.
35. A. S. Grimshaw, A. J. Ferrari, F. C. Knabe, and M. A. Humphrey, "Wide-area computing: Resource sharing on a large scale," IEEE Computer, vol. 32, no. 5, pp. 29-37, May 1999.
36. S. Tuecke, V. Welch, D. Engert, L. Pearlman, and M. Thompson. (2004, Jun.) Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. [Online]. Available: http://www.faqs.org/ rfcs/rfc3820.html
37. J. Linn. (2000, Jan.) Generic Security Service Application Program Interface Version 2, Update 1. RFC 2743. [Online]. Available: http:// www.ietf.org/rfc/rfc2743.txt
38. OpenSSL [Online]. Available: http://www.openssl.org
39. D. Harkins and D. Carrel. (1998, Nov.) The Internet Key Exchange (IKE). RFC 2409. [Online]. Available: http://www.ietf.org/rfc/rfc2409.txt
40. M. Gudgin, M. Hadley, N. Mendelsohn, J.-J. Moreau, and H. F. Nielsen. (2003, Jun.) SOAP version 1.2 part 1: Messaging framework. W3C Recommendation. [Online]. Available: http://www.w3.org/TR/soap12-part1/
41. I. Foster, C. Kesselman, J. Nick, and S. Tuecke. The Physiology of the Grid: An Open Grid Services Architecture for Distributed Systems Integration. Draft of 6/22/02. [Online]. Available: http://www.gridforum.org/ogsi-wg/drafts/ ogsa_draft2.9_2002-06-22.pdf
42. Open Grid Services Architecture (OGSA) Working Group [Online]. Available: https://forge.gridforum.org/projects/ogsa-wg
43. Global Grid Forum [Online]. Available: http://www.ggf.org
44. S. Tuecke et al., "Open Grid Services Infrastructure (OGSI) Version 1.0. Global Grid Forum," GFD-R-P.15. Version as of Jun. 27, 2003.
45. I. Foster et al.. Modeling Stateful Resources with Web Services. [Online]. Available: http://www.globus.org/wsrf/ModelingState.pdf
46. D. Eastlake, J. Reagle, and D. Solo, Eds., (2002, Feb.) XML-signature syntax and processing. W3C Recommendation. [Online]. Available: http://www.w3.org/TR/xmldsig-core/
47. D. Eastlake and J. Reagle, Eds., (2002, Dec.) XML encryption syntax and processing. W3C Recommendation. [Online]. Available: http://www.w3.org/TR/ xmlenc-core/
48. Organization for the Advancement of Structured Information Standards (OASIS) [Online]. Available: http://www.oasis-open.org
49. A. Nadalin, C. Kaler, P. Hallam-Baker, and R. Monzillo, Eds., (2004, Mar.) Web Services Security: SOAP Message Security 1.0 (WS-Security 2004). [Online]. Available: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev= wss
50. G. Della-Libera et al.. (2002, Dec.) Web Services Secure Conversation Language (WS-SecureConversation). Version 1.0. [Online]. Available: http://msdn.microsoft.com/library/default.asp?urls/library/en-us/dnglobspec/ html/ws-secureconversation.asp
51. Globus Toolkit Version 3.x [Online]. Available: http://www.globus.org/ gt3/
52. Python OGSI Client and Implementation (pyGridWare) [Online]. Available: http://www-itg.lbl.gov/gtg/projects/pyGrid-Ware/index.html
53. G. Wasson, N. Beekwilder, M. Morgan, and M. Humphrey, "OGSI.NET: OGSI-compliance on the .NET framework," in Proc. 2004 IEEE Int. Symp. Cluster Computing and the Grid, Chicago, IL, Apr. 19-22, 2004.
54. OGSI.NET and WSRF.NET, University of Virginia. [Online]. Available: http://www.cs.virginia.edu/~humphrey/GCG/ogsi.net.ntml
55. M. Humphrey, G. Wasson, M. Morgan, and N. Beekwilder, "An early evaluation of WSRF and WS-notification via WSRF.NET," in Proc. Grid Computing Workshop (Associated with Supercomputing 2004), Pittsburgh, PA, Nov. 8, 2004.
56. M. Blaze, J. Feigenbaum, and A. D. Keromytis, "KeyNote: Trust management for public-key infrastructures," in Proceedings of the 1998 Security Protocols International Workshop. Cambridge, U.K.: Springer LNCS, Apr. 1998, vol. 1550, pp. 59-63.
57. Grid Policy Research Group, GGF [Online]. Available: https://forge. gridforum.org/projects/policy-rg/
58. H. Stem, M. Eisler, and R. Labiaga, Managing NFS and NIS, 2nd ed: O'Reilly, Jul. 2001.
59. M. Satyanarayanan, "Scalable, secure, and highly available distributed file access," IEEE Comput., vol. 23, no. 5, pp. 9-18, 20-21, May 1990.
60. M. Wahl, T. Howes, and S. Kille. (1997, Dec.) Lightweight Directory Access Protocol (v3). RFC 2251. [Online]. Available: http://www.ietf.org/rfc/ rfc2251.txt
61. L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke, "A community authorization service for group collaboration," Proc. IEEE 3rd Int. Workshop on Policies for Distributed Systems and Networks, 2002.
62. Virtual Organization Membership Service (VOMS) [Online]. Available: http://hep-project-grid-scg.web.cern.ch/hep-project-grid-scg/voms.html
63. M. Thompson, W. Johnston, S. Mudumbai, G. Hoo, and K. Jackson, "Certificate-based access control for widely distributed resources," in Proc. 8th Usenix Security Symp., Aug. 1999.
64. D. Chadwick and A. Otenko, "The PERMIS X.509 role based privilege management infrastructure," in Future Gen. Comput. Syst. (Selected papers from the TERENA Networking Conference 2002), vol. 19, Feb. 2003, pp. 277-289.
65. Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1. OASIS Standard, Organization for the advancement of structured information standards (OASIS), Sep. 2, 2003.
66. OpenSAML - An Open Source Security Assertion Markup Language Implementation. Internet2 [Online]. Available: http://www.opensaml.org/
67. Extensible Access Control Markup Language (XACML) Version 1.0. OASIS Standard (2003, Feb. 18). [Online]. Available: http://www.oasis-open.org/ committees/xacml/
68. Sun's XACML Implementation [Online]. Available: http://sunx-acml. sourceforge.net/
69. Global Grid Forum OGSA Authorization Working Group [Online]. Available: https://forge.gridforum.org/projects/ogsa-authz
70. K. Czajkowski, A. Dan, J. Rofrano, S. Tuecke, and M. Xu, "Agreement-based service management (WS-agreement)," Global Grid Forum Draft-ggf-Graap-Agreement-1, Feb. 8, 2004.
71. G. Della-Libera et al.. (2002, Dec.) Web Services Security Policy (WS-SecurityPolicy). [Online]. Available: http://www-106.ibm.com/developerworks/ library/ws-secpol/
72. D. Box et al.. (2003, May) Web Services Policy Framework (WS-Policy). [Online]. Available: http://www-106.ibm.com/developerworks/library/ws-polfram/
73. N. Dulay, E. Lupu, M. Sloman, and N. Damianou, "A policy deployment model for the ponder language," in Proc. IEEE/IFIP Int. Symp. Integrated Network Management (IM'2001), 2001.
74. C. Bettini, S. Jajodia, X. S. Wang, and D. Wijesekera, "Obligation monitoring in policy management," in Policy 2002 Workshop, 2002.
75. B. Sundaram and B. Chapman, "XML-based policy engine framework for usage policy management in grids," in Proc. Third Int. Workshop on Grid Computing (Grid 2002), Baltimore, MD, Nov. 2002.
76. D. Verma, S. Sahu, S. Calo, M. Beigi, and I. Chang, "A policy service for GRID computing," in Proc. Third Int. Workshop on Grid Computing (Grid 2002).
77. G. Wasson and M. Humphrey, "Policy and enforcement in virtual organizations," in Proc. 4th Int. Workshop on Grid Computing (Grid2003) (Associated With Supercomputing 2003), Phoenix, AZ, Nov. 17, 2003.
78. Information Technology-OSI-Security Frameworks for Open Systems: Access Control Framework, E. F. Michiels, Ed., 1995.
79. D. Durham, Ed., (2000, Jan.) The COPS (Common Open Policy Service) Protocol. RFC 2748. [Online]. Available: http://www. ietf.org/rfc/rfc2748.txt
80. I. Djordjevic, T. Dimitrakos, and C. Philips, "An architecture for dynamic security perimeters of virtual collaborative networks," in Proc. 9th IEEE/IFIP Network Operations and Management Symp. (NOMS 2004), Apr. 2004.
81. Grid-Like Architecture for Application Service Providers, GRASP project. [Online]. Available: http://www.bitd.clrc.ac.uk/Activity/ ACTIVITY=GRASP
82. V. Paxson, "Bro: A system for detecting network intruders in real-time," Comput. Netw., vol. 31, no. 23-24, pp. 2435-2463, Dec. 14, 1999.
83. Security in a Web Services World: A Proposed Architecture and Roadmap, IBM and Microsoft, version 1.0. (2002, Apr. 7). [Online]. Available: http://www-106.ibm.com/developerworks/library/ ws-secmap/
84. N. Nagaratnam et al., "Security Architecture for Open Grid Services," Global Grid Forum Working Draft, Revision as of 6/5/2003.
85. F. Siebenlist et al., "OGSA Security Roadmap: Global Grid Forum Specification Roadmap Toward a Secure OGSA," Global Grid Forum Working Draft, Jul. 2002.