With the wide-spread deployment of Data Grids, storage services are becoming a critical aspect of the Grid infrastructure. Due to the sensitive and critical nature of the data being stored, security issues related with state of the art data storage services need to be studied thoroughly to identify potential vulnerabilities and attack vectors. In this paper, motivated by a typical use-case for Data Grid storage, we apply an extended framework for analyzing and evaluating security from the point of view of the data and metadata, considering the security capabilities provided by both the underlying Grid infrastructure and two commonly deployed Grid storage systems. This analysis leads to the identification of a set of potential security gaps, risks, and even redundant security features found in a typical Data Grid. These results are the starting point for our ongoing research on policies and mechanisms able to provide a fair balance between security and performance for Data Grid Storage Services.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
V. Welch. Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective. The Globus Security Team. 2005. http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI-Overview.pdf
EU DataGrid, VOMS Architecture v1.1.March,2007. http://grid-auth.infn.it/docs/VOMS-v1 1.pdf
OGSA-Data Working Group(OGSA-D-WG).March,2007. https://forge.gridforum.org/sf/projects/ogsa-d-wg
TrustandSecurityinCoreGRID.April,2007. http://www.coregrid.net/mambo/content/view/281/275/
D. Berry, et. al. OGSA Data Architecture Scenarios - version 0.15. March, 2007. https://forge.gridforum.org/sf/go/doc14073?nav=1
E. Riedel, M. Kallahalla, R. Swaminathan. A framework for evaluating storage system security. In Proceedings of the 1st Conference on File and Storage Technologies (FAST), Monterrey. CA, USA, January 2002.
BELIEF: Bringing Europe’s eLectronic Infrastructures to Expanding Frontiers. March, 2007. http://www.beliefproject.org/
GUMS- The Grid User Management System.April,2007. http://grid.racf.bnl.gov/GUMS/index.html
I. Foster. Globus Toolkit Version 4: Software for Service-Oriented Systems. In Springer-Verlag LNCS 3779, IFIP International Conference on Network and Parallel Computing, pages 2-13, 2005.
Security Association Markup Language (SAML) Specification v.1.0. April, 2007. http://www.oasis-open.org/committees/security/
S. Tuecke, et. al. Request For Comments 3820: Proxy Certificate Profile. Network Working Group, June 2004. http://www.ietf.org/rfc/3820.txt
D. Chadwick, O.Alexander. The PERMIS X.509 Role based privilege management in- frastructure. In ACM, SACMAT ’02: Proceedings of the 7th ACM symposium on Access control models and technologies, pages 135-140, Monterey, California, USA, June 2002. ACM Press
L. Pearlman, et al. A Community Authorization Service for Group Collaboration. In IEEE, Proceedings of 3rd International Workshop on Policies for Distributed Systems and Networks. 2002. IEEE Computer.
M. Lorch, et. al. The PRIMA system for privilege management, authorization and en- forcement in grid environments. In Proceedings of the 4th International Workshop on Grid Computing, Nov. 2003.
J. Vollbrecht, et. al. Request For Comments 2904: AAA Authorization Framework. Net- work Working Group, August 2000. http://www.ietf.org/rfc/rfc2904.txt
A. Rana. gPLAZMA : Introducing RBAC Security in dCache. In Computing in High Energy and Nuclear Physics 2006.
P. Fuhrmann and V. Gulzow. dCache, storage system for the future. In Europar 2006, Dresden.
A. Shoshani, A. Sim and J. Gu. Storage Resource Managers: Essential Components for the Grid. In Grid Resource Management: State of the Art and Future Trends, 2003. Kluwer Academic Publishers.
Perfectly Normal File System (PNFS). http://www-pnfs.desy.de/
J. Luna, O. Manso and M. Medina. Using OGRO and CertiVeR to improve OCSP valida- tion for Grids. In Springer-Verlag, Journal of Supercomputing: special issue Technology Deployments in Grid Computing. Netherlands, March 2007.
Disk Pool Manager. May 2007. http://www.gridpp.ac.uk/wiki/Disk Pool Manager
O. BSrring, et. al. Storage Resource Sharing with CASTOR. In IEEE, Proceedings of NASA Goddard 21st IEEE Conference on Mass Storage Systems and Technologies (MSST2004), Apr. 2004.
E. Corso, et. al. Storm, an SRM Implementation For LHC Analysis Farms. In Computing in High Energy and Nuclear Physics (CHEP 2006), Feb. 2006.
F. Schmuck and R. Haskin. GPFS: A Shared-disk File System for Large Computing Cen- ters. In USENIX Conference on File and Storage Technologies, pages 231-244, Monterey, CA, Jan. 2002.
G. Stewart, D. Cameron, G. Cowan and G. McCance. Storage and Data Management in EGEE. In Proceedings of Conferences in Research and Practice in Information Technology, Volume 68, pages 69-77, 2007.
G.A. Cowan, G. Stewart, and J. Ferguson. Optimisation of Grid Enabled Storage at Small Sites. In Proceedings of 6th UK eScience All Hands Meeting, Paper Number 664, 2006.
C.Baru, R. Moore, A. Rajasekar and M. Wan Michael. The SDSC Storage Resource Broker. In Proceedings of the 1998 Conference of the Centre for Advanced Studies on Collaborative Research (CASCON), Toronto, Canada, pages 5-17, 1998.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Luna, J. et al. (2008). An Analysis of Security Services in Grid Storage Systems. In: Grid Middleware and Services. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-78446-5_12
Download citation
DOI: https://doi.org/10.1007/978-0-387-78446-5_12
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-78445-8
Online ISBN: 978-0-387-78446-5
eBook Packages: Computer ScienceComputer Science (R0)