Adaptive trust negotiation and access control for grids (original) (raw)
Related papers
Adaptive Trust Negotiation and Access Control
2005
Electronic transactions regularly occur between business partners in separate security domains. Trust negotiation is an approach that provides an open authentication and access-control environment for such transactions, but it is vulnerable to malicious attacks leading to denial of service or leakage of sensitive information. This paper introduces an Adaptive Trust Negotiation and Access Control (ATNAC) framework to solve these problems. The framework combines two existing systems, TrustBuilder and GAA-API, to create a system with more flexibility and responsiveness to attack than either system currently provides.
Trust Based Authorization Framework for Grid Services
Grid computing allows sharing of services and resources distributed over geographically dispersed, heterogeneous, autonomous administrative domains. As a domain generally has no idea about the trustworthiness of other domains, it may hesitate in accessing shared services and resources provided by other domains. Accessing resources and services from untrusted domains may pose dangerous consequences to the source domain. Trust is an important parameter in achieving faithful domain to domain interaction. Domains must be able to determine the trustworthiness of each other for the access of a particular service. Domains must also provide trust based access to resources and services that they expose in the environment. This paper describes different facets associated with trust issues among different entities in a grid environment and proposes a trust model to establish and manage trust relationships. The trust model provides support to calculate direct as well as recommended trust. Based on this model, a trust based authorization framework is proposed that can be used to provide trust based access to grid services. The goal of the model is to encourage trust based domain to domain interaction and increase the confidence of domains in accessing shared resources provided by other domains. The framework has been implemented in .NET environment with the support of WSE 3.0 toolkit. The framework has been evaluated by implementing a scenario that involves enforcement of different trust policies. The time taken by the enforcement component to evaluate trust policies has been noted. The results obtained from the implementation imply that the approach is workable and can be used to provide trust based access to grid services.
Trust and security in grids: A state of the art
… White Paper Number …, 2008
The Trust and Security activity in CoreGRID runs as a horizontal integration activity related to all the research areas, making the Network participants aware of the use of the technologies associated with trust and security. This paper presents an overview of the different concepts and technologies relevant to trust and security in Grid systems. It analyses the relation between trust and security, describes trust and security challenges in the Grid, and introduces the existing mechanisms for managing trust and security. The core of the document is the trust and security requirements across the CoreGRID Institutes, and the description of the work being carried out to meet such requirements.
Dynamic Trust Federation in Grids
Lecture Notes in Computer Science, 2006
Grids are becoming economically viable and productive tools. They provide a way of utilizing a vast array of linked resources such as computing systems, databases and services online within Virtual Organizations (VO). However, today's Grid architectures are not capable of supporting dynamic, agile federation across multiple administrative domains and the main barrier, which hinders dynamic federation over short time scales is security. Federating security and trust is one of the most significant architectural issues in Grids. Existing relevant standards and specifications can be used to federate security services, but do not directly address the dynamic extension of business trust relationships into the digital domain. In this paper we describe an experiment which highlights those challenging architectural issues and forms the basis of an approach that combines a dynamic trust federation and a dynamic authorization mechanism for addressing dynamic security trust federation in Grids. The experiment made with the prototype described in this paper is used in the NextGRID 1 project to define the requirements of next generation Grid architectures adapted to business application needs.
Proceedings of the 1st …, 2007
This paper presents an overview of the different concepts and technologies for managing trust in Grids. It examines the relation between trust and security, introducing the current technology for managing trust. The classical Virtual Organisation lifecycle is augmented with trust management actions.
gSET: trust management and secure accounting for business in the grid
Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06), 2006
We developed gSET as solution for the unsolved prob- lems in the eld of dynamic trust management and secure accounting in commercial virtual organizations. gSET es- tablishes trust and privacy between entities in a Grid en- vironment by adapting the concept of Secure Electronic Transactions (SET) used for electronic credit card transfers in eBusiness. Trust is necessary for Grid participants in a business environment. It is also necessary to support the dy- namic manner of real markets. As distinguished function, in opposite to existing mechanisms as GSI/CAS/VOMS, gSET allows the user to obtain access to a service without disclos- ing his credentials to the service provider. This minimizes the service provider's administrative effort needed for user account management. gSET consists of Grid Services im- plemented with WSRF/GT4. gSET is an enabling step to make Grids a platform for commercial workows.
Proposed platform for improving grid security by trust management system
Computing Research Repository, 2009
With increasing the applications of grid system, the risk in security field is enhancing too. Recently Trust management system has been recognized as a noticeable approach in enhancing of security in grid systems. In this article due to improve the grid security a new trust management system with two levels is proposed. The benefits of this platform are adding new domain in grid system, selecting one service provider which has closest adaption with user requests and using from domains security attribute as an important factor in computing the trust value.
Security and Trust Management for Virtual Organisations: GridTrust Approach
IFIP Advances in Information and Communication Technology, 2009
The GridTrust Security Framework (GSF) offers security and trust management for the next generation Grids (NGG). It follows a vertical approach for Grid security from requirements level right down to application and middleware levels. New access control models for collaborative computing, such as the usage control model (UCON), are implemented for securing the Grid systems. The GSF is composed of security and trust services and tools provided at the middleware and Grid foundation middleware layers. GSF addresses three layers of the NGG architecture: the Grid application layer, the Grid service middleware layer, and the Grid foundation layer. The framework is composed of security and trust services and tools provided at the middleware and Grid foundation middleware layers. GSF provides policy-driven autonomic access control solutions that provide a continuous monitoring of the usage of resources by users.
Trust Based Access Control for Grid Resources
2011
For a highly computational resource sharing grid environment, reliable transactions between entities is a major requirement. This is possible when not only do the users of the grid have an appropriate mechanism to select resource providers but the grid users must also pass through proper access control mechanisms placed by the resource providers Traditional Identity based access control methods are not applicable for grids because relationship between users and resource providers are ad hoc and dynamic, no central policy will be applicable. In this paper, users identify reputed resource providers by applying Fuzzy inference system on recommendation taken from its trustworthy acquaintances. The resource providers apply binary logistic regression on factors that influence the decision whether to allow a requesting user to use the grid or not.
Trust management system for grid and cloud resources
2009 First International Conference on Advanced Computing, 2009
Page 1. Trust Management System for Grid and Cloud Resources Paul D Manuel", S. Thamarai Selve and Mostafa Ibrahim Abd-EI Barr' Paul D Manuel' Dept. of Information Science, College for Women, Kuwait University, Kuwait p.manuel@ku.edu.kw Abstract ...