Abstract
In this paper we present a computational infrastructure, the Security Backbone, which is able to satisfy security requirements arising from resource sharing and services interoperability in Grid-like environments, without having to rely on a Public-Key Infrastructure (PKI). Motivation of our approach is rooted in the well-known difficulties encountered to show that interoperability of PKIs is effective or efficient in real-world environments.
The proposed solution uses a security layer, lying between the communication and the application level, which provides confidentiality, integrity and authentication services in a fully transparent way from the application point of view, thus enabling the deployment of distributed network applications satisfying the highest security constraints, at a very low organizational and financial cost.
Moreover, we have designed a service for scalable and flexible management of authorization policies governing access to resources shared by members of a Virtual Organization, by improving on the Community Authorization Service distributed with the Globus Toolkit.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Grid.,I : Enabling platforms for high-performance computational grids oriented to scalable virtual rganizations, http://grid.it:080/InFIow
Ahn, G.-J.: Specification and Classification of Role-based Authorization Policies. In: Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, Linz, Austria, June 09 - 11 (2003)
Ambrosi Creazione di, E.: un sistema plug-in di AA in Globus ed aggregazione di-namica di porzioni di griglie computazionali attraverso CAS: Analisi di fattibilita’. Master’s thesis, Advanced Master Thesis in Network Security, Univ. Roma Tor Vergata and INFN -Frascati, submitted for partial fullfilmcnt of the Master Degree, aigital Government Research (dg.o20Q4), May 24-26, Seattle, Washington, USA (2004)
Arcieri, F., Fioravanti, F., Nardelli, E., Talamo, M.: Inter-organizational e-services accounting management. In: 3rd IF1P conference on e-Commerce, e-Business, and e-Government (I3E 2003) Sao Paolo, Brasil, Kluwar Academic Publishers .Boston(September 2003)
Arcieri, F., Fioravanti, F., Nardelli, E., Talamo, M.: A layered it infrastructure for secure interoperability in personal data registry digital government services. In: 14th Int. Workshop on Research Issues on Data Engineering: Web Services for E-Conimerce and E-Government Applications (RIDE 2004), March 28-29, IEEE Computer Society, Los Alamitos (2004)
Arcieri, F., Fioravanti, F., Nardelli, E., Talamo, M.: A layered it infrastructure for secure interoperability in personal data registry digital government services. In: 14th Int. Workshop on Research Issues on Data Engineering: Web Services for E-Conimerce and E-Government Applications (RIDE 2004), Boston, USA, March 28-29, IEEE Computer Society, Los Alamitos (2004)
Arcieri, F., Fioravanti, F., Nardelli, E., Talamo, M.: Certifying performance of cooperative services in a digital government framework. In: 3rd International Symposium on Applications and the Internet (SAINT 2003), Orlando, Florida, USA, January 2003, pp. 249–256. IEEE Computer Society Press, Los Alamitos (2003)
Arcieri, F., Cappadozzi, E., Nardelli, E., Talamo, M.: SIM: a working example of an c-govcrnmcnt service infrastructure for mountain communities. In: Workshop Electronic Government (DEXA-eGov 200I), associated to the 2001 Conference on Databases and Expert System Applications (DEXA 2001), Munich, Germany, September 2001, pp. 407–411. IEEE Computer Society Press, Los Alamitos (2001)
Arcieri, F., Melideo, G., Nardelli, E., Talamo, M.: Experiences and issues in the realization of c-govcrnmcnt services. In: 12th Int. Workshop on Research Issues on Data Engineering: Engineering E-Commerce/E-Business Systems (RIDE 2002), pp. 143–150. IEEE Computer Society Press, Los Alamitos (2002) ,An extended version is published in the journal Distributed and Parallel Databases
Arcieri, F., Melideo, G., Nardelli, E., Talamo, M.: A reference architecture for the certification of e-scrviccs in a digital government infrastructure. Distributed and Parallel Databases 12, 217–234 (2002) ;A preliminary version was published in the proceedings of the 12th Int. Workshop on Research Issues on Data Engineering (RIDE 2002)
U.S. Federal Bridge Certification Authority, http://csrcnist.gov/pki/fbca/wclcomc.html .
Bellwood, T., Clement, L., Ehncbuskc, D., Hately, A., Hondo, M., Husband, Y., Januszcwski, K., Lee, S., McKcc, B., Muntcr, J., von Ricgcn, C.: Universal description, discovery and integration of web sendees (UDDI) version 3 (2002), http://uddi.org/pubs/uddi_v3.htm
Boot, D., Champion, M., Ferris, C., McCabe, F., Newcomer, E., Orchard, D.: Web services architcctu rc (2002), http://www.w3.org/TR/ws-arch
Box, D., Ehncbuske, D., Kakivaya, G., Layman, A., Mendelsohn, N., Frystyk Nielsen, H., Thatte, S., Winer, D.: Simple object access protocol (soap) 1.1 (2000), http://www3.org/TRrmSOAP
Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E.: extensible Markup Language (XML) 1.0, Second Edition (2000), http://www.w3.org/TR/REC-xml
Burr, W.E.: Public key infrastructure (PKI) technical specifications: Part a - technical concepts of operations. US Federal Public Key Infrastructure Tech. working group (September 1998)
Casati, F., Sayal, M., Shan, M.-C.: Developing e-services for composing c-scrviccs. In: Proceedings of CAISE 2001, Interlaken, Switzerland (June 2001)
Christen, E.: sen, F, Curbera, G. Meredith, and S. Weerawarana. Web Services Description Language (WSDL) 1,1 (2001), http://www.w3.org/TR/wsdl
IBM Corporation and Microsoft Corporation. Security in a web services world: A proposed architecture and roadmap (2002) ftp://www6.software.ibm.com/sofUvare/secmap.pdf.
Dicrks, T., Allen, C.: The TLS Protocol Version 1.0. RFC 2246 (January 1999)
Duffield, N., Lund, C., Thorup, M.: Charging from sampled network usage. In: ACM-SIGCOMM Internet Measurement Workshop (IMW 200l), San Francisco, Ca., USA (November 2001)
Estan, C., Varghese, G.: New directions in traffic measurement and accounting. In: ACM-SIGCOMMInternet Measurement Workshop (IMW 20Ol), San Francisco, Ca., USA (November 2001)
Myers, M., et al.: Online Certificate Status Protocol (OCSP). RFC 2560 (June 1999)
Ashley, P., et al.: Enterprise Privacy Authorization Language (EPAL) , http://www.zurich.ibin.com/security/enterprise-privacy/epal/
Foster, I., Kesselman, C.: Globus; A metacomputing infrastructure toolkit. International Journal of Supercomputer Applications 2(1I), 115–129 (1998)
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: Enabling scalable virtual organization. International Journal of Supercomputer Applications 15(3), 200–222 (2001)
Guhnann, P.: Plug-and-Play PKI: A PKI your Mother can Use. In: Proceedings of the 12th USENIX Security Symposium, pp. 45-58 (2003)
Guttman, P.: PKI: It’s Not Dead, Just Resting. IEEE Computer, 41–49 (2002)
Linn, J.: Generic Security Service Application Programming Interface (OSSAPI). RFC 2743 (January 2000)
P. Moore, W.Johnson, R. Detry, Adapting Globus and Kerberos for a Secure ASCI Grid. In Proceedings of the 2001 ACM/IEEE conference on Supercomputing Denver, Colorado, 2001.
Nardelli, E., Talamo, M.: Proceedings of the First International Workshop on Certification and Security in E-Services (CSES 2002), Montreal, Canada, August 28-29. Kluwer Academic, Dordrecht (2002)
Nardelli, E., Talamo, M., Vocca, P.: Efficient searching for multidimensional datii made simple. In: Nešetřil, J. (ed.) ESA 1999. LNCS, vol. 1643, pp. 339–353. Springer, Heidelberg (1999)
OASIS, extensible Access Control Markup Language (XACML). http://www.oasis-opcn.org/committees/xacml/.
OASIS, Security Assertion Markup Language (SAML), http://www.oasis-open.org/
Pearhnan, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration (2002)
Pearlman., L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: The community authorization service: Status and future. In: CHEP 2003, La Jolla, California, March 24-28 (2003)
Polk, W., Hastings, N.: Bridge certification authorities: Connecting b2b public key infrastructures. US National Institute of Standards and Technology (2001)
Polk, W., Hastings, N., Malpani, A.: Public key infrastructures that satisfy security goals. IEEE Internet Computing , 60–67 (August 2003)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Cisco Systems. Netflow, http://ww.cisco.coni/wai/public/732/Tech/miip/netflow/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Arcieri, F., Fioravanti, F., Nardelli, E., Talamo, M. (2004). A Specification for Security Services on Computational Grids. In: Jeckle, M., Kowalczyk, R., Braun, P. (eds) Grid Services Engineering and Management. GSEM 2004. Lecture Notes in Computer Science, vol 3270. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30190-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-30190-5_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23301-5
Online ISBN: 978-3-540-30190-5
eBook Packages: Springer Book Archive