Advertisement

An Analysis of Security Services in Grid Storage Systems

  • Jesus Luna
  • Michail D. Flouris
  • Manolis Marazakis
  • Angelos Bilas
  • Federico Stagni
  • Alberto Forti
  • Antonia Ghiselli
  • Luca Magnoni
  • Riccardo Zappi

With the wide-spread deployment of Data Grids, storage services are becoming a critical aspect of the Grid infrastructure. Due to the sensitive and critical nature of the data being stored, security issues related with state of the art data storage services need to be studied thoroughly to identify potential vulnerabilities and attack vectors. In this paper, motivated by a typical use-case for Data Grid storage, we apply an extended framework for analyzing and evaluating security from the point of view of the data and metadata, considering the security capabilities provided by both the underlying Grid infrastructure and two commonly deployed Grid storage systems. This analysis leads to the identification of a set of potential security gaps, risks, and even redundant security features found in a typical Data Grid. These results are the starting point for our ongoing research on policies and mechanisms able to provide a fair balance between security and performance for Data Grid Storage Services.

Keywords

Data Grid Grid security OGSA security security analysis storage systems 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

 References

  1. [1]
    V. Welch. Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective. The Globus Security Team. 2005. http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI-Overview.pdf
  2. [2]
    EU DataGrid, VOMS Architecture v1.1.March,2007. http://grid-auth.infn.it/docs/VOMS-v1 1.pdf
  3. [3]
    OGSA-Data Working Group(OGSA-D-WG).March,2007. https://forge.gridforum.org/sf/projects/ogsa-d-wg
  4. [4]
    TrustandSecurityinCoreGRID.April,2007. http://www.coregrid.net/mambo/content/view/281/275/
  5. [5]
    D. Berry, et. al. OGSA Data Architecture Scenarios - version 0.15. March, 2007. https://forge.gridforum.org/sf/go/doc14073?nav=1
  6. [6]
    E. Riedel, M. Kallahalla, R. Swaminathan. A framework for evaluating storage system security. In Proceedings of the 1st Conference on File and Storage Technologies (FAST), Monterrey. CA, USA, January 2002.Google Scholar
  7. [7]
    BELIEF: Bringing Europe’s eLectronic Infrastructures to Expanding Frontiers. March, 2007. http://www.beliefproject.org/
  8. [8]
    GUMS- The Grid User Management System.April,2007. http://grid.racf.bnl.gov/GUMS/index.html
  9. [9]
    I. Foster. Globus Toolkit Version 4: Software for Service-Oriented Systems. In Springer-Verlag LNCS 3779, IFIP International Conference on Network and Parallel Computing, pages 2-13, 2005.Google Scholar
  10. [10]
    Security Association Markup Language (SAML) Specification v.1.0. April, 2007. http://www.oasis-open.org/committees/security/
  11. [11]
    S. Tuecke, et. al. Request For Comments 3820: Proxy Certificate Profile. Network Working Group, June 2004. http://www.ietf.org/rfc/3820.txt
  12. [12]
    D. Chadwick, O.Alexander. The PERMIS X.509 Role based privilege management in- frastructure. In ACM, SACMAT ’02: Proceedings of the 7th ACM symposium on Access control models and technologies, pages 135-140, Monterey, California, USA, June 2002. ACM PressGoogle Scholar
  13. [13]
    L. Pearlman, et al. A Community Authorization Service for Group Collaboration. In IEEE, Proceedings of 3rd International Workshop on Policies for Distributed Systems and Networks. 2002. IEEE Computer.Google Scholar
  14. [14]
    M. Lorch, et. al. The PRIMA system for privilege management, authorization and en- forcement in grid environments. In Proceedings of the 4th International Workshop on Grid Computing, Nov. 2003.Google Scholar
  15. [15]
    J. Vollbrecht, et. al. Request For Comments 2904: AAA Authorization Framework. Net- work Working Group, August 2000. http://www.ietf.org/rfc/rfc2904.txt
  16. [16]
    A. Rana. gPLAZMA : Introducing RBAC Security in dCache. In Computing in High Energy and Nuclear Physics 2006.Google Scholar
  17. [17]
    P. Fuhrmann and V. Gulzow. dCache, storage system for the future. In Europar 2006, Dresden.Google Scholar
  18. [18]
    A. Shoshani, A. Sim and J. Gu. Storage Resource Managers: Essential Components for the Grid. In Grid Resource Management: State of the Art and Future Trends, 2003. Kluwer Academic Publishers.Google Scholar
  19. [19]
    Perfectly Normal File System (PNFS). http://www-pnfs.desy.de/
  20. [20]
    J. Luna, O. Manso and M. Medina. Using OGRO and CertiVeR to improve OCSP valida- tion for Grids. In Springer-Verlag, Journal of Supercomputing: special issue Technology Deployments in Grid Computing. Netherlands, March 2007.Google Scholar
  21. [21]
    Disk Pool Manager. May 2007. http://www.gridpp.ac.uk/wiki/Disk Pool Manager
  22. [22]
    O. BSrring, et. al. Storage Resource Sharing with CASTOR. In IEEE, Proceedings of NASA Goddard 21st IEEE Conference on Mass Storage Systems and Technologies (MSST2004), Apr. 2004.Google Scholar
  23. [23]
    E. Corso, et. al. Storm, an SRM Implementation For LHC Analysis Farms. In Computing in High Energy and Nuclear Physics (CHEP 2006), Feb. 2006.Google Scholar
  24. [24]
    F. Schmuck and R. Haskin. GPFS: A Shared-disk File System for Large Computing Cen- ters. In USENIX Conference on File and Storage Technologies, pages 231-244, Monterey, CA, Jan. 2002.Google Scholar
  25. [25]
    G. Stewart, D. Cameron, G. Cowan and G. McCance. Storage and Data Management in EGEE. In Proceedings of Conferences in Research and Practice in Information Technology, Volume 68, pages 69-77, 2007.Google Scholar
  26. [26]
    G.A. Cowan, G. Stewart, and J. Ferguson. Optimisation of Grid Enabled Storage at Small Sites. In Proceedings of 6th UK eScience All Hands Meeting, Paper Number 664, 2006.Google Scholar
  27. [27]
    C.Baru, R. Moore, A. Rajasekar and M. Wan Michael. The SDSC Storage Resource Broker. In Proceedings of the 1998 Conference of the Centre for Advanced Studies on Collaborative Research (CASCON), Toronto, Canada, pages 5-17, 1998.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Jesus Luna
    • 1
  • Michail D. Flouris
    • 1
  • Manolis Marazakis
    • 1
  • Angelos Bilas
    • 1
  • Federico Stagni
    • 2
  • Alberto Forti
    • 3
  • Antonia Ghiselli
    • 3
  • Luca Magnoni
    • 3
  • Riccardo Zappi
    • 3
  1. 1.Institute of Computer ScienceFoundation for Research and Technology – HellasGreece
  2. 2.Istituto Nazionale di Fisica Nucleare sez. di FerraraItaly
  3. 3.Istituto Nazionale di Fisica Nucleare CNAFItaly

Personalised recommendations