Abstract
In a Computational Grid, or Grid, a user often requires a service to perform an action on his behalf. Currently, the user has few options but to grant the service the ability to wholly impersonate him, which opens the user to seemingly unbounded potential for security breaches if the service is malicious or errorful. To address this problem, eight approaches are explored for realizable, practical, and systematic restricted delegation, in which only a small subset of the user’s rights are given to an invoked service. Challenges include determining the rights to delegate and easily implementing such delegation. Approaches are discussed in the context of Legion, an object-based infrastructure for Grids. Each approach is suited for different situations and objectives. These approaches are of practical importance to Grids because they significantly limit the degree to which users are subject to compromise.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Berman, F., R. Wolski, S. Figueira, J. Schopf, and G. Shao. “Application-level Scheduling on Distributed Heterogeneous Networks”, in Proceedings of Supercomputing 96, 1996.
Chizmadia, David. A Quick Tour of the CORBA Security Service, http://www.omg.org/news/corbasec.htm , Reprinted from Information Security Bulletin-September 1998.
Erdos, M.E. and J.N. Pato. “Extending the OSF DCE Authorization System to Support Practical Delegation”, PSRG Workshop of Network and Distributed System Security, pages 93–100, February 1993.
Ferrari, Adam, Frederick Knabe, Marty Humphrey, Steve Chapin, and Andrew Grimshaw. “A Flexible Security System for Metacomputing Environments.” In Seventh International Conference on High Performance Computing and Networking Europe (HPCN Europe 99), pages 370–380, April 1999.
Foster, Ian, and Carl Kesselman. “Globus: a metacomputing infrastructure toolkit”. International Journal of Supercomputer Applications, 11(2): pages 115–128, 1997.
Foster, Ian, Carl Kesselman, Gene Tsudik, and Steven Tuecke. “A Security Architecture for Computational Grids.” In Proceedings of the 5th ACM Conference on Computer and Communications Security, pages 83–92, November 1998.
Gasser, Morrie, Andy Goldstein, Charlie Kaufman, and Butler Lampson. “The Digital Distributed System Security Architecture.” In Proceedings of 1989 National Computer Security Conference, 1989.
Grimshaw, Andrew S, Adam Ferrari, Frederick Knabe, and Marty Humphrey. “Wide-Area Computing: Resource Sharing on a Large Scale.” Computer, 32(5): pages 29–37, May 1999.
Linn, J. and M. Nystrom. “Attribute Certification: An Enabling Technology for Delegation and Role-Based Controls in Distributed Environments”, Proceedings of the Fourth ACM workshop on Role-Based Access Control, 1999, pages 121–130.
Neuman, B. Clifford. “Proxy-Based Authorization and Accounting for Distributed Systems,” Proceedings of the ICDCS’93, May 1993.
Ryutov, T.V., G. Gheorghiu, and B.C. Neuman. “An Authorization Framework for Metacomputing Applications”, Cluster Computing. Vol 2 (1999), pages 165–175.
Thompson, M., W. Johnston, S. Mudumbai, G. Hoo, K. Jackson, and A. Essiari. “Certificate-based Access Control for Widely Distributed Resources”, Proceedings of the Eighth Usenix Security Symposium, August 1999.
Wray, J. “Generic Security Services Application Programmer Interface (GSS-API), volume 2”. RFC 2078, January 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Stoker, G., White, B.S., Stackpole, E., Highley, T.J., Humphrey, M. (2001). Toward Realizable Restricted Delegation in Computational Grids1 . In: Hertzberger, B., Hoekstra, A., Williams, R. (eds) High-Performance Computing and Networking. HPCN-Europe 2001. Lecture Notes in Computer Science, vol 2110. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48228-8_4
Download citation
DOI: https://doi.org/10.1007/3-540-48228-8_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42293-8
Online ISBN: 978-3-540-48228-4
eBook Packages: Springer Book Archive