Abstract
We envision that many grid usage scenarios will be based on small, dynamic working groups for which the ability to establish transient collaboration is a key requirement. Current grid security mechanisms support individual users as members of well-defined virtual organizations. Recent research seeks to provide manageable grid security services for self-regulating, stable communities. Our prior work with component-based systems for grid computation demonstrated a need to support spontaneous, limited, short-lived collaborations which rely on shared or delegated fine grained access privileges. Our mechanisms enable the high-level management of such fine grained privileges based on PKIX attribute certificates and enforce resulting access policies through readily available POSIX operating system extensions. In combination, our mechanisms leverage other work in the grid computing and security communities, reduce administrative costs to resource providers, enable ad-hoc collaboration through incremental trust relationships and can be used to provide improved security service to long-lived communities.
This research is funded by the Virginia Commonwealth Information Security Center (CISC)
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
L. Pearlman et al., “A Community Authorization Service for Group Collaboration”, 2002 IEEE Workshop on Policies for Distributed Systems and Networks
I. Foster, C. Kesselman, and S. Tuecke, “The Anatomy of the Grid: Enabling Scalable Virtual Organizations,” International Journal of Supercomputer Applications, 2001.
I. Foster et al, “A Security Architecture for Computational Grids”, ACM Conference Proceedings, Computers and Security, ACM Press, NY, pp. 83–91, 1998
M. Romberg “UNICORE: Beyond Web-based Job-Submission” Proceedings of the 42nd Cray User Group Conference, May 22–26,2000, Noordwijk
M. Lorch, D. Kafura, “Symphony-A Java-Based Composition and Manipulation Framework for Computational Grids”, In Proc. Second Int. Symposium on Cluster Computing and the Grid, Berlin, Germany, May 2002
M. Thompson et al., “Certificate based Access Control for Widely Distributed Resources”, Proceedings of the 8th Usenix Security Symposium, 1999
OASIS, “extensible Access Control Markup Language”, http://www.oasis-open.org/committees/xacml/index.shtml, visited August 10th, 2002
T.V. Ryutov, G. Gheorghiu and B.C. Neuman, “An Authorization Framework for Metacomputing Applications”, Cluster Computing Journal, Vol. 2 Nr. 2, 1999, pp. 15–175
I. Foster, C. Kesselman, “Globus: A Toolkit-Based Grid Architecture”, The Grid, Blueprint for a Future Computing Infrastructure, Morgan Kaufmann, San Francisco, 1999, 259–278
A. Grimshaw et al., “Legion: An Operating System for Wide-Area Computing”, IEEE Computer, 32:5, May 1999: pp. 29–37.
S. Farrell, R. Housley, “An Internet Attribute Certificate Profile for Authorization”, IETF RFC, April 2002
I. Foster et al, “The Physiology of the Grid-An Open Grid Services Architecture for Distributed Systems Integration”, presented at the Global Grid Forum 4, February 2002, http://www.globus.org/research/papers/ogsa.pdf, visited August 10th, 2002
J. R. Salzer and M. D. Schroeder, “The Protection of Information in Computer Systems”, Proceedings of the IEEE, Sept. 1975
M Myers et al. “Online Certificate Status Protocol, Version 2”, IETF PKIX Working Group draft, March 2001, http://www.ietf.org/internet-drafts/draft-ietf-pkix-ocspv2-02.txt
T. Hacker, B. Athey, “A Methodology for Account Management in Grid Computing Environments”, In Proc. 2nd Int. Workshop on Grid Computing, Denver, USA, Nov. 2001
I. Goldberg et. al, “A secure environment for untrusted helper applications” Proceedings of the Sixth USENIX UNIX Security Symposium, July 1996
D. Thain, M. Livny, “Multiple Bypass: Interposition Agents for Distributed Computing”, Journal of Cluster Computing, Volume 4, pp. 39–47, 2001
J. Basney, M. Livny, T. Tannenbaum, “High Throughput Computing with Condor”, HPCU news, Volume 1(2), June 1997.
G. von Laszewski et al., “A Java Commodity Grid Kit”, Concurrency and Computation: Practice and Experience, Volume 13, Issue 8–9, pp. 643–662, 2001.
J. Linn “Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures ”, IETF RFC, February 1993
M. Thompson, “Akenti Policy Language”, White paper, http://www-itg.lbl.gov/Akenti/Papers/, visited August 10th, 2002
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lorch, M., Kafura, D. (2002). Supporting Secure Ad-hoc User Collaboration in Grid Environments. In: Parashar, M. (eds) Grid Computing — GRID 2002. GRID 2002. Lecture Notes in Computer Science, vol 2536. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36133-2_16
Download citation
DOI: https://doi.org/10.1007/3-540-36133-2_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00133-1
Online ISBN: 978-3-540-36133-6
eBook Packages: Springer Book Archive