Advertisement

Daonity: An Experience on Enhancing Grid Security by Trusted Computing Technology

  • Fei Yan
  • Weizhong Qiang
  • Zhidong Shen
  • Chunrun Chen
  • Huanguo Zhang
  • Deqing Zou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4158)

Abstract

A critical problem for grid security is how to gain secure solution for Grid virtual organization (VO). In Grid practice at present, issues of VO security rely on non-distributed policy management and related PKI mechanism. A practical but difficult solution is to enforce fine granularity policy over distributed sites. The emerging Trusted Computing (TC) technologies offer great potential to improve this situation. In our Project Daonity, Trusted Platform Module (TPM), as a tamper-resistance module, is shared as a strong secure resource among platforms of grid users. Based on the sharing mechanism, a TC-enabled architecture is proposed to improve Grid Security Infrastructure, especially authorization protection and single sign on are enhanced to demonstrate how to gain enhanced and distributed security in grid environment.

Keywords

Virtual Organization Trusted Platform Module Trust Computing Grid User Trust Computing Group 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Foster, I., et al.: A Security Architecture for Computational Grids. In: 5th ACM Conference on Computer and Communications Security (1998)Google Scholar
  2. 2.
    Department of Defense, Department of Defense Trusted Computer System Evaluation Criteria. DoD 5200.28-STD (December 1985)Google Scholar
  3. 3.
    Dyer, J., Lindemann, M., Perez, R., Sailer, R., Smith, S.W., van Doorn, L., Weingart, S.: Building the IBM 4758 Secure Coprocessor. IEEE Computer 34, 57–66 (2001)Google Scholar
  4. 4.
    Suh, G., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: Architecture for Tamper-Evident and Tamper-Resistant processing. In: Proceedings of the 17Int’l Conference on Supercomputing, pp. 160–171 (2003)Google Scholar
  5. 5.
    Smith, S.W.: Outbound Authentication for Programmable Secure Coprocessors. International Journal on information Security (2004)Google Scholar
  6. 6.
    Smith, S.W., Weingart, S.: Building a High-Performance, Programmable Secure Coprocessor. Computer Networks 31, 831–860 (1999)CrossRefGoogle Scholar
  7. 7.
    LaGrande Technology Architectural Overview (September 2003), http://www.intel.com/technology/security/
  8. 8.
    Mao, W., et al.: Daonity Specifications Part I Design (February 2006), https://forge.gridforum.org/projects/tc-rg/
  9. 9.
    Main, TPM, Part 1, Design Principles, Specification Version 1.2, Revision 85, Trusted Computing Group (February 13, 2005)Google Scholar
  10. 10.
    Main, TPM, Part 2, TPM Structures, Specification Version 1.2, Level 2 Revision 85, Trusted Computing Group (February 13, 2005)Google Scholar
  11. 11.
    Main, TPM, Part 3, Commands, Specification Version 1.2, Level 2 Revision 85, Trusted Computing Group (February 13, 2005)Google Scholar
  12. 12.
    Specification, TCG, Architecture Overview, Specifications Revision 1.2 (April 28, 2004)Google Scholar
  13. 13.
    Novotny, J., Tueke, S., Welch, V.: An Online Credential Repository for the Grid: MyProxy. In: Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC-10). IEEE Press, Los Alamitos (2001)Google Scholar
  14. 14.
    Lorch, M., Basney, J., Kafura, D.: A Hardware-secured Credential Repository for Grid PKIs. In: 4th IEEE/ACM International Symposium on Cluster Computing and the Grid (April 2004)Google Scholar
  15. 15.
    Marchesini, J., Smith, S.W.: SHEMP: Secure Hardware Enhanced MyProxy. In: Proceedings of Third Annual Conference on Privacy, Security and Trust (October 2005)Google Scholar
  16. 16.
    Sinclair, S., Smith, S.W.: PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness. In: 21st Annual Computer Security Applications Conference. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  17. 17.
    TCG Software Stack Specification Version 1.1, Trusted Computing Group (August 20, 2003)Google Scholar
  18. 18.
    Humphrey, M., Thompson, M., Jackson, K.R.: Security for Grids. Proceedings of the IEEE (Special Issue on Grid Computing) 93(3) (March 2005)Google Scholar
  19. 19.
    Marchesini, J., Smith, S.W., Wild, O., MacDonald, R.: Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear. Technical Report TR2003-476, Department of Computer Science, Dartmouth College (2003)Google Scholar
  20. 20.
    Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A Community Authorization Service for Group Collaboration. In: Proceedings of IEEE 3rd Int. Workshop on Policies for Distributed Systems and Networks (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Fei Yan
    • 1
  • Weizhong Qiang
    • 2
  • Zhidong Shen
    • 1
  • Chunrun Chen
    • 2
  • Huanguo Zhang
    • 1
  • Deqing Zou
    • 2
  1. 1.Computer SchoolWuhan UniversityWuhanChina
  2. 2.College of Computer Science and TechnologyHuazhong University of Science and TechnologyWuhanChina

Personalised recommendations