A Security Auditing Approach Based on Mobile Agent in Grid Environments
Due to the dynamic and multi-institutional nature, auditing is fundamental and difficult to solve in grid computing. In this paper, we identify security-auditing requirements, and propose a Cross-Domain Security Auditing (CDSA) architecture, in which mobile agent is applied to help gathering security information in the grid environment. Whilst a new authorization mechanism is presented to improve the performance by changing the traditional manner "route once, switch many" over the network into the "audit once, authorize many" in the Grid, and a multi-value trust relationship model is constructed in order to carry out the dynamic auditing. The system enforces these mechanisms to enable cross-domain security in the aid of special services based on Globus Toolkit version 3.0 and IBM Aglet.
KeywordsMobile Agent Trust Relationship Grid Resource Grid Environment Virtual Organization
Unable to display preview. Download preview PDF.
- 1.Welch, V., Siebenlist, F., Foster, I., et al.: Security for Grid Services. In: Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing (HPDC 2003), pp. 48–57 (2003)Google Scholar
- 2.GGF SAAAR RG: Grid Authentication Authorization and Accounting Requirements Draft 5. At current (2006), https://forge.gridforum.org/projects/saaa-rg/document/draft-ggf-saaar-reqs-5.txt/en/1
- 3.Thompson, M., Olson, D., Cowles, R., et al.: CA-Based Trust Model for Grid Authentication and Identity Delegation. In: Proceedings of Grid Certificate Policy Working Group (2002)Google Scholar
- 4.Mendes, S., Huitema, C.: A New Approach to The X.509 Framework: Allowing A Global Authentication Infrastructure Without A Global Trust Model. In: Proceedings of NDSS 1995, pp. 172–190 (1995)Google Scholar
- 5.Ellison, C., Frantz, B., Lampson, B., et al. (eds.): SPKI Certificate Theory, Internet Request for Comments, p. 2693 (1999)Google Scholar
- 7.Azzedin, F., Maheswaran, M.: Evolving and Managing Trust in Grid Computing Systems. In: Canadian Conference on Electrical and Computer Engineering, Proceedings of IEEE CCECE 2002, pp. 1424–1429 (2002)Google Scholar
- 8.Foster, I., Kessslman, C., Nick, J., et al.: The Physiology of the Grid: An Open Grid Services Architecture for Distributed System Integration. Global Grid Forum (2002), http://www.nesc.ac.uk/talks/ggf5_hpdcll/physio_o_grid220702.pdf
- 10.Gou, X.T., Jin, W.D., Zhang, G.X.: Multi-agent Based Security Auditing System of Broadband MAN. In: Proceedings of the 2004 International Conference On Intelligent Mechatronics and Automation, pp. 939–944 (2004)Google Scholar