Trustless Grid Computing in ConCert (original) (raw)

Security and Certification Issues in Grid Computing

Grid computing is concerned with the sharing and coordinated use of diverse resources in dynamic, distributed \virtual organizations." The dynamic nature of Grid environments introduces challenging security concerns that demand new technical approaches. In this brief overview, we review key Grid security issues and outline the technologies that are being developed to address those issues. We focus in particular on work being done within the context of the Open Grid Services Architecture, a new initiative aimed at recasting key Grid concepts within a serviceoriented framework. This work involves a tight i n tegration with Web services mechanisms and appears particularly relevant t o t h e c o n c e r n s of e-services.

Iktara in ConCert: Realizing a certified grid computing framework from a programmer’s perspective

2002

Abstract With the vast amount of computing resources distributed throughout the world today, the prospect of effectively harnessing these resources has captivated the imaginations of many and motivated both industry and academia to pursue this dream. We believe that fundamental to the realization of this dream is the establishment of trust between application developers and resource donors, for donors often receive little or no direct reward for their contributions.

Grid computing security implementation challenge

Grid networks are today's more focusing area of research for the researchers due to the services it provides with its cost effectiveness in the most advanced technologies in an innovative use. Even though it is providing various level of services, still it is facing a very big challenges, due to the security concerns, that may arise in a collaborative environment for creating a level of trust among the organization that will be part of the grid. This paper will review the literature of the work done in past and currently for tackling the security concerns and will lay a foundation for making the security and privacy more tighten in such a large collaborative environment that can grow to a very large scale. This work will mainly focus on the current trends in grid network for coping with the security and privacy issues.

Trusted Grid Computing with Security Binding and Trust Integration

Journal of Grid Computing, 2005

Trusted Grid computing demands robust resource allocation with security assurance at all resource sites. Large-scale Grid applications are being hindered by lack of security assurance from remote resource sites. We developed a security-binding scheme through site reputation assessment and trust integration across Grid sites. We do not treat the trust factor deterministically. Instead, we apply fuzzy theory to handle the fuzziness or uncertainties behind all trust attributes. The binding is achieved by periodic exchange of site security information and matchmaking to satisfy user job demands. PKI-based trust model supports Grids in multi-site authentication and single sign-on operations. However, cross certificates are inadequate to assess local security conditions at Grid sites. We propose a new fuzzy-logic trust model for distributed trust aggregation through fuzzification and integration of security attributes. We introduce the trust index of a Grid site, which is determined by site reputation from its track record and self-defense capability attributed to the risk conditions and hardware and software defenses deployed at a Grid site. A Secure Grid Outsourcing (SeGO) system is designed for secure scheduling a large number of autonomous and indivisible jobs to Grid sites. Significant performance gains are observed after trust aggregation, which is evaluated by running scalable NAS and PSA workloads over simulated Grids. Our security-binding scheme scales well with increasing user jobs and Grid sites. The new scheme can guide the security upgrade of Grid sites and predict the Grid performance of large workloads under risky conditions.

Grid-computing portals and security issues

Journal of Parallel and Distributed Computing, 2003

Computational grids provide computing power by sharing resources across administrative domains. This sharing, coupled with the need to execute untrusted code from arbitrary users, introduces security hazards. Grid environments are built on top of platforms that control access to resources within a single administrative domain, at the granularity of a user. In wide-area multidomain grid environments, the overhead of maintaining user accounts is prohibitive, and securing access to resources via user accountability is impractical. Typically, these issues are handled by implementing checks that guarantee the safety of applications, so that they can run in shared user accounts. This work shows that safety checks-language-based, compile-time, link-time or loadtime-currently implemented in most grid environments are either inadequate or limit allowed grid users and applications. A survey of various grid systems is presented, highlighting the problems and limitations of current grid environments. A runtime process monitoring technique is also proposed. The approach allows setting-up an execution environment that supports the full legitimate use allowed by the security policy of a shared resource. For shell-based applications, performance measurements of the proposed scheme show up to 2:14 times less overheads as compared to the case where all applications including the shell are monitored. r

Security Standards and Issues for Grid Computing

IGI Global eBooks, 2012

Security in grid environments that are built using Service Oriented Architecture (SOA) technologies is a great challenge. On one hand, the great diversity in security technologies, mechanisms and protocols that each organization follows and on the other hand, the different goals and policies that these organizations adopt, comprise a complex security environment. Authenticating and authorizing users and services, identity management in a multi-organizational scenario and secure communication define the main context of the problem. In this chapter, we provide an overview of the security protocols and technologies that can be applied on a Web Service (WS) based grid environment.

Introducing robust and private computation into grid technology

13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2004

We propose to adapt the recently published model for secure multi-agent computation from [4] to Grid technology. Since the model is based on secure multi-party computation we achieve computations that are robust against a (userdefined) maximum number of wrong or missing inputs. Furthermore, all computations and data stay private until they are returned to their originator. Being able to use mobile agents in a per se non-trusted environment like a Grid opens up a variety of possibilities for sensitive applications.

Fine-Grain Access Control for Securing Shared Resources in Computational Grids

2002

Computational grids provide computing power by sharing resources across administrative domains. This sharing, coupled with the need to execute untrusted code from arbitrary users, introduces security hazards. This paper addresses the security implications of making a computing resource available to untrusted applications via computational grids. It highlights the problems and limitations of current grid environments and proposes a technique that employs run-time monitoring and a restricted shell. The technique can be used for setting up an execution environment that supports the full legitimate use allowed by the security policy of a shared resource. Performance analysis shows up to 2.14 times execution overhead improvement for shell-based applications. The approach proves effective and provides a substrate for hybrid techniques that combine static and dynamic mechanisms to minimize monitoring overheads.

Security Mechanisms for Precious Data Protection of Divergent Heterogeneous Grid Computing Resources

This paper portrays security advancements and components utilized as part of Grid computing environment. The Grid Security Infrastructure (GSI) executed in the Globus Toolkit also, is portrayed in detail. The principle concentrate is on strategies for distinguishing proof, verification and approval, in view of X.509 endorsements and SSL/TLS conventions. At long last an answer of group based get to control over the network assets is displayed, which is make over on the usage of the Globus Toolkit.