Advertisement

Supporting Security-Oriented, Collaborative nanoCMOS Electronics Research

  • Richard O. Sinnott
  • Thomas Doherty
  • David Martin
  • Campbell Millar
  • Gordon Stewart
  • John Watt
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5101)

Abstract

Grid technologies support collaborative e-Research typified by multiple institutions and resources seamlessly shared to tackle common research problems. The rules for collaboration and resource sharing are commonly achieved through establishment and management of virtual organizations (VOs) where policies on access and usage of resources by collaborators are defined and enforced by sites involved in the collaboration. The expression and enforcement of these rules is made through access control systems where roles/privileges are defined and associated with individuals as digitally signed attribute certificates which collaborating sites then use to authorize access to resources. Key to this approach is that the roles are assigned to the right individuals in the VO; the attribute certificates are only presented to the appropriate resources in the VO; it is transparent to the end user researchers, and finally that it is manageable for resource providers and administrators in the collaboration. In this paper, we present a security model and implementation improving the overall usability and security of resources used in Grid-based e-Research collaborations through exploitation of the Internet2 Shibboleth technology. This is explored in the context of a major new security focused project at the National e-Science Centre (NeSC) at the University of Glasgow in the nanoCMOS electronics domain.

Keywords

Grid computing e-Research Security Virtual Organizations Shibboleth 

References

  1. 1.
    UK National Grid Service (NGS), http://www.grid-support.ac.uk/
  2. 2.
    Jensen, J.: The UK e-Science Certification Authority. In: Proceedings of the UK e-Science All-Hands Meeting, Nottingham, UK (September 2003)Google Scholar
  3. 3.
    UK Rutherford Appleton Laboratories (RAL), http://www.grid-support.ac.uk/content/view/23/55/
  4. 4.
    Sinnott, R.O., Jiang, J., Watt, J., Ajayi, O.: Shibboleth-based Access to and Usage of Grid Resources. In: Proceedings of IEEE International Conference on Grid Computing, Barcelona, Spain (September 2006)Google Scholar
  5. 5.
    Meetings the Design Challenges of nanoCMOS Electronics, http://www.nanocmos.ac.uk
  6. 6.
    Sinnott, R.O., Watt, J., Jiang, J., Stell, A.J., Ajayi, O.: Single Sign-on and Authorization for Dynamic Virtual Organizations. In: 7th IFIP Conference on Virtual Enterprises, PRO-VE 2006, Helsinki, Finland (September 2006)Google Scholar
  7. 7.
    Watt, J., Sinnott, R.O., Jiang, J., Ajayi, O., Koetsier, J.: A Shibboleth-Protected Privilege Management Infrastructure for e-Science Education. In: 6th International Symposium on Cluster Computing and the Grid CCGrid 2006, Singapore (May 2006)Google Scholar
  8. 8.
    Housley, R., Polk, T.: Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructures. Wiley Computer Publishing, Chichester (2001)Google Scholar
  9. 9.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29, 38–47 (1996)Google Scholar
  10. 10.
    Ninghui, L., Mitchell, J.C., Winsborough, W.H.: Design of a Role-based Trust-management Framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (2002)Google Scholar
  11. 11.
    Chadwick, D.W., Otenko, A.: The PERMIS X.509 Role Based Privilege Management Infrastructure. In: Future Generation Computer Systems, vol. 936, pp. 1–13. Elsevier Science BV, Amsterdam (2002)Google Scholar
  12. 12.
    Virtual Organization Membership Service (VOMS), http://hep-project-grid-scg.web.cern.ch/hep-project-grid-scg/voms.html
  13. 13.
    Sinnott, R.O., Stell, A.J., Chadwick, D.W., Otenko, O.: Experiences of Applying Advanced Grid Authorisation Infrastructures. In: Sloot, P.M.A., Hoekstra, A.G., Priol, T., Reinefeld, A., Bubak, M. (eds.) EGC 2005. LNCS, vol. 3470, pp. 265–275. Springer, Heidelberg (2005)Google Scholar
  14. 14.
    Sinnott, R.O., Stell, A.J., Watt, J.: Comparison of Advanced Authorisation Infrastructures for Grid Computing. In: Proceedings of International Conference on High Performance Computing Systems and Applications, Guelph, Canada (May 2005)Google Scholar
  15. 15.
  16. 16.
  17. 17.
    UK Access Management Federation, http://www.ukfederation.org.uk/
  18. 18.
    eduPerson Specification, http://www.educause.edu/eduperson/
  19. 19.
    Shibboleth Attribute Release Policy Editor, http://federation.org.au/twiki/bin/view/Federation/ShARPE
  20. 20.
  21. 21.
  22. 22.
    Integrating VOMS and PERMIS for Superior Secure Grid Management (VPMan), http://sec.cs.kent.ac.uk/vpman/
  23. 23.
  24. 24.
    Sinnott, R.O., Chadwick, D.W., Doherty, T., Martin, D., Stell, A., Stewart, G., Su, L., Watt, J.: Advanced Security for Virtual Organizations: Exploring the Pros and Cons of Centralized vs Decentralized Security Models. In: 8th IEEE International Symposium on Cluster Computing and the Grid (CCGrid 2008), Lyon, France (May 2008)Google Scholar
  25. 25.
    Sinnott, R.O., Watt, J., Chadwick, D.W., Koetsier, J., Otenko, O., Nguyen, T.A.: Supporting Decentralized, Security focused Dynamic Virtual Organizations across the Grid. In: 2nd IEEE International Conference on e-Science and Grid Computing, Amsterdam (December 2006)Google Scholar
  26. 26.
    Reid, D., Millar, C., Roy, G., Roy, S., Sinnott, R.O., Stewart, G., Asenov, A.: Supporting Statistical Semiconductor Device Analysis using EGEE and OMII-UK Middleware. In: 3rd EGEE User Conference, Clermont-Ferrand, France (February 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Richard O. Sinnott
    • 1
  • Thomas Doherty
    • 1
  • David Martin
    • 1
  • Campbell Millar
    • 1
  • Gordon Stewart
    • 1
  • John Watt
    • 1
  1. 1.National e-Science CentreUniversity of GlasgowScotland

Personalised recommendations