Skip to main content

Access Control in Cloud-on-Grid Systems: The PerfCloud Case Study

Abstract

Cloud computing is an emerging paradigm for the management of large distributed computing resources. Currently there is great interest in the integration of cloud and grid computing technologies. PerfCloud is a cloud implementation based on a cloud-on-grid approach, in that it exploits an underlying grid platform. PerfCloud provides a set of services for the creation of Virtual Clusters (VCs) and the execution and performance evaluation of user applications on the VC environment. This paper, after a discussion on security issues in clouds, focuses on the implications linked to the use of a cloud-on-grid approach. As a case study, the implementation of fine-grain access control mechanisms in PerfCloud is presented.

Keywords

  • Cloud computing
  • Grid
  • Security
  • Access control

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-94-007-0641-5_20
  • Chapter length: 18 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   149.00
Price excludes VAT (USA)
  • ISBN: 978-94-007-0641-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   199.99
Price excludes VAT (USA)
Hardcover Book
USD   279.99
Price excludes VAT (USA)
Fig. 20.1
Fig. 20.2
Fig. 20.3
Fig. 20.4
Fig. 20.5

Notes

  1. 1.

    Mell, P., and T. Grance. The NIST Definition of Cloud Computing. 2009.

  2. 2.

    W3C Working Group. Web Services Architecture (2004), http://www.w3.org/TR/ws-arch/.

  3. 3.

    Barham, P., et al., “Xen and the Art of Virtualization.” SIGOPS Operating Systems Review 37, (2003): 164–177.

  4. 4.

    VMWare Staff, Virtualization overview. (White Paper) http://www.vmware.com/pdf/virtualization.pdf.

  5. 5.

    Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing. (2009).

  6. 6.

    Jha, S., A. Merzky, and G. Fox. “Using Clouds to Provide Grids Higher-Levels of Abstraction and Explicit Support for Usage Modes.” Concurrency and Computation: Practice & Experience 21, 8 (2009): 1087–1108.

  7. 7.

    Foster, I., et al., “Virtual Clusters for Grid Communities.” In: CCGRID 2006, 513–520. IEEE Computer Society Press, 2006.

  8. 8.

    Keahey, K., et al., “Virtual Workspaces: Achieving Quality of Service and Quality of Life in the Grid.” Scientific Programming 13 (2005): 265–275.

  9. 9.

    Cherkasova, L., et al., “Optimizing Grid Site Manager Performance with Virtual Machines.” in Proc. of the 3rd USENIX Workshop on Real Large Distributed Systems (WORLDS06), (2006).

  10. 10.

    Mancini, E.P., et al., “PerfCloud: Grid Services for Performance-Oriented Development of Cloud Computing Applications.” in Proc. of Emerging Technologies for Next generation GRID (ETNGRID-2009/WETICE-2009) (2009).

  11. 11.

    Casola, V., et al., “PerfCloud: Performance-Oriented Integration of Cloud and Grid.” in Proc. of CloudComp 2009, Munich (DE) (2010).

  12. 12.

    The Globus Security Team. Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective, http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI-Overview.pdf (2005).

  13. 13.

    Thain, D., et al., “Distributed Computing in Practice: The Condor Experience.” Concurrency – Practice and Experience 17, (2005): 323–356.

  14. 14.

    Henderson, R. “Job Scheduling Under the Portable Batch System.” in Job Scheduling Strategies for Parallel Processing, Lecture Notes in Computer Science 949. Springer, (1995): 279–294.

  15. 15.

    Welch, V., et al., “X.509 proxy certificates for dynamic delegation.” in Proc. of the 3rd Annual PKI R&D Workshop, (2004).

  16. 16.

    Welch, V., et al., “Security for Grid Services.” in Proc. of the 12th International Symposium on High Performance Distributed Computing (HPDC-12), (2003).

  17. 17.

    Ferraiolo, D.F., and D. Richard Kuhn. “Role-based access control.” in Proc. of the 15th National Computer Security Conference, (1992).

  18. 18.

    Lang, B., et al., “A Multipolicy Authorization Framework for Grid Security.” in Proc. of the Fifth IEEE Symposium on Network Computing and Application. IEEE Computer Society Press, (2006).

  19. 19.

    Keahey, K., and V. Welch. “Fine-Grain Authorization for Resource Management in the Grid Environment.” in Proc. of the Grid2002 Workshop, Lecture Notes In Computer Science 2536. Springer, (2002).

  20. 20.

    The OASIS technical committee. Xacml: extensible access control markup language (2005), http://www.oasisopen.org/committees/xacml/repository/.

  21. 21.

    Chadwick, D.W., et al., “Permis: A Modular Authorization Infrastructure.” Concurrency and Computation: Practice and Experience 20, (2008).

  22. 22.

    Barton, T., et al., “Identity Federation and Attribute-Based Authorization Through the Globus Toolkit, Shibboleth, Gridshib, and Myproxy.” in Proc. of 5th Annual PKI R&D Workshop, (2006).

  23. 23.

    Amazon Inc., “Elastic Compute Cloud,” (2008), http://aws.amazon.com/ec2.

  24. 24.

    IBM Inc., “Blue Cloud Project,” (2008), http://www03.ibm.com/press/us/en/pressrelease/22613.wss.

  25. 25.

    Sun Microsystems, “Network.com,” http://www.network.com.

  26. 26.

    Microsoft Co., “Azure Services Platform,” http://www.microsoft.com/azure/default.mspx.

  27. 27.

    Google Inc., “Google Application Engine,” http://code.google.com/intl/it-IT/appengine.

  28. 28.

    Dell Co., “Dell Cloud Computing Solutions,” http://www.dell.com/cloudcomputing.

  29. 29.

    Reservoir Consortium: Reservoir Project, http://www03.ibm.com/press/us/en/pressrelease/23448.wss, (2009).

  30. 30.

    Distributed Systems Architecture Research Group, Opennebula project. Technical report, Universidad Complutense de Madrid. http://www.opennebula.org, (2009).

  31. 31.

    Barham, P., et al., “Xen and the Art of Virtualization.” SIGOPS Operating Systems Review 37, 5 (2003): 164–177.

  32. 32.

    Sun Inc., “VirtualBox,” http://www.virtualbox.org/.

  33. 33.

    Qumranet, “KVM,” http://www.linux-kvm.org/page/Main Page.

  34. 34.

    Foster, I., et al., “Cloud Computing and Grid Computing 360-Degree Compared.” in Proc. of 2008 Grid Computing Environments Workshop. IEEE, (2008): 1–10.

  35. 35.

    University of Chicago, “Nimbus Project,” http://workspace.globus.org/clouds/nimbus.html, (2009).

References

  • Amazon Inc., “Elastic Compute Cloud,” (2008), http://aws.amazon.com/ec2.

  • Barham, P., B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt and A. Warfield. “Xen and the Art of Virtualization.” SIGOPS Operating Systems Review 37, 5 (2003): 164–177.

    Google Scholar 

  • Barton, T., J. Basney, T. Freeman, T. Scavo, F. Siebenlist, V. Welch, R. Ananthakrishnan, B. Baker, M. Goode, and K. Keahey. “Identity Federation and Attribute-Based Authorization Through the Globus Toolkit, Shibboleth, Gridshib, and Myproxy.” In Proc. of 5th Annual PKI R&D Workshop, (2006).

    Google Scholar 

  • Casola, V., M. Rak, and U. Villano. “PerfCloud: Performance-Oriented Integration of Cloud and Grid.” In Proc. of CloudComp 2009, Munich (DE), Springer, (2010).

    Google Scholar 

  • Chadwick, D.W., G. Zhao, S. Otenko, R. Laborde, L. Su, and T.A. Nguyen. “Permis: A Modular Authorization Infrastructure.” Concurrency and Computation: Practice and Experience 20, (2008): 1341–1357.

    CrossRef  Google Scholar 

  • Cherkasova, L., D. Gupta, and A. Vahdat. “Optimizing Grid Site Manager Performance with Virtual Machines.” In Proc. of the 3rd USENIX Workshop on Real Large Distributed Systems (WORLDS06), (2006).

    Google Scholar 

  • Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing. 2009.

    Google Scholar 

  • Dell Co., “Dell Cloud Computing Solutions,” http://www.dell.com/cloudcomputing.

  • Distributed Systems Architecture Research Group. Opennebula Project. Technical report, Universidad Complutense de Madrid (2009). http://www.opennebula.org.

  • Ferraiolo, D.F., and D. Richard Kuhn. “Role-based access control.” In Proc. of the 15th National Computer Security Conference, (1992): 554–563.

    Google Scholar 

  • Foster, I., T. Freeman, K. Keahey, D. Scheftner, B. Sotomayor, and X. Zhang. “Virtual Clusters for Grid Communities.” In CCGRID 2006, 513–520. IEEE Computer Society Press, 2006.

    Google Scholar 

  • Foster, I., Y. Zhao, I. Raicu, S. Lu. “Cloud Computing and Grid Computing 360-Degree Compared.” In Proc. of 2008 Grid Computing Environments Workshop. IEEE, (2008): 1–10.

    Google Scholar 

  • Google Inc., “Google Application Engine,” http://code.google.com/intl/it-IT/appengine.

  • Henderson, R. “Job Scheduling Under the Portable Batch System.” In Job Scheduling Strategies for Parallel Processing, Lecture Notes in Computer Science 949. Springer, (1995): 279–294.

    Google Scholar 

  • IBM Inc., “Blue Cloud Project,” (2008), http://www03.ibm.com/press/us/en/pressrelease/22613.wss.

  • Jha, S., A. Merzky, and G. Fox. “Using Clouds to Provide Grids Higher-Levels of Abstraction and Explicit Support for Usage Modes.” Concurrency and Computation: Practice & Experience 21, 8 (2009): 1087–1108.

    CrossRef  Google Scholar 

  • Keahey, K., and V. Welch. “Fine-Grain Authorization for Resource Management in the Grid Environment.” In Proc. of the Grid2002 Workshop, Lecture Notes In Computer Science 2536. Springer, (2002): 199–206.

    Google Scholar 

  • Keahey, K., I. Foster, T. Freeman, and X. Zhang. “Virtual Workspaces: Achieving Quality of Service and Quality of Life in the Grid.” Scientific Programming 13 (2005): 265–27.

    Google Scholar 

  • Lang, B., I. Foster, F. Siebenlist, R. Ananthakrishnan, and T. Freeman. “A Multipolicy Authorization Framework for Grid Security.” In Proc. of the Fifth IEEE Symposium on Network Computing and Application. IEEE Computer Society Press, (2006): 269–272.

    Google Scholar 

  • Mancini, E.P., M. Rak, and U. Villano. “PerfCloud: Grid Services for Performance-Oriented Development of Cloud Computing Applications.” In Proc. of Emerging Technologies for Next generation GRID (ETNGRID-2009/WETICE-2009), 201-6. IEEE Computer Society Press, (2009).

    Google Scholar 

  • Mell, P., and T. Grance. The NIST Definition of Cloud Computing. 2009.

    Google Scholar 

  • Microsoft Co., “Azure Services Platform,” http://www.microsoft.com/azure/default.mspx.

  • Qumranet, “KVM,” http://www.linux-kvm.org/page/Main Page.

  • Reservoir Consortium. Reservoir Project (2009), http://www03.ibm.com/press/us/en/pressrelease/23448.wss.

  • Sun Inc., “VirtualBox,” http://www.virtualbox.org/.

  • Sun Microsystems, Network.com, http://www.network.com.

  • Thain, D., T. Tannenbaum, and M. Livny. “Distributed Computing in Practice: The Condor Experience.” Concurrency – Practice and Experience 17, (2005): 323–356.

    CrossRef  Google Scholar 

  • The Globus Security Team. Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective (2005), http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI-Overview.pdf.

  • The OASIS technical committee. Xacml: extensible access control markup language (2005), http://www.oasisopen.org/committees/xacml/repository/.

  • University of Chicago: Nimbus Project (2009) http://workspace.globus.org/clouds/nimbus.html.

  • VMWare Staff. Virtualization Overview, http://www.vmware.com/pdf/virtualization.pdf.

  • W3C Working Group. Web Services Architecture (2004), http://www.w3.org/TR/ws-arch/.

  • Welch, V., F. Siebenlist, I. Foster, J. Bresnahan, K. Czajkowski, J. Gawor, C. Kesselman, S. Meder, L. Pearlman, and S. Tuecke. “Security for Grid Services.” In Proc. of the 12th International Symposium on High Performance Distributed Computing (HPDC-12), 48. IEEE Computer Society Press, (2003).

    Google Scholar 

  • Welch, V., I. Foster, C. Kesselman, O. Mulmo, L. Pearlman, S. Tuecke, J. Gawor, and F. Siebenlist. “X.509 proxy certificates for dynamic delegation.” In Proc. of the 3rd Annual PKI R&D Workshop, (2004).

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Valentina Casola .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2011 Springer Science+Business Media B.V.

About this chapter

Cite this chapter

Casola, V., Lettiero, R., Rak, M., Villano, U. (2011). Access Control in Cloud-on-Grid Systems: The PerfCloud Case Study. In: Gutwirth, S., Poullet, Y., De Hert, P., Leenes, R. (eds) Computers, Privacy and Data Protection: an Element of Choice. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-0641-5_20

Download citation