Abstract
Due to the dynamic and multi-institutional nature, auditing is fundamental and difficult to solve in grid computing. In this paper, we identify security-auditing requirements, and propose a Cross-Domain Security Auditing (CDSA) architecture, in which mobile agent is applied to help gathering security information in the grid environment. Whilst a new authorization mechanism is presented to improve the performance by changing the traditional manner "route once, switch many" over the network into the "audit once, authorize many" in the Grid, and a multi-value trust relationship model is constructed in order to carry out the dynamic auditing. The system enforces these mechanisms to enable cross-domain security in the aid of special services based on Globus Toolkit version 3.0 and IBM Aglet.
The work is supported by the Scientific Research Fund of Hunan Provincial Education Department(Grant No. 04A037), and the Hunan Natural Science Fund (Grant No. 05JJ40098).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Welch, V., Siebenlist, F., Foster, I., et al.: Security for Grid Services. In: Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing (HPDC 2003), pp. 48–57 (2003)
GGF SAAAR RG: Grid Authentication Authorization and Accounting Requirements Draft 5. At current (2006), https://forge.gridforum.org/projects/saaa-rg/document/draft-ggf-saaar-reqs-5.txt/en/1
Thompson, M., Olson, D., Cowles, R., et al.: CA-Based Trust Model for Grid Authentication and Identity Delegation. In: Proceedings of Grid Certificate Policy Working Group (2002)
Mendes, S., Huitema, C.: A New Approach to The X.509 Framework: Allowing A Global Authentication Infrastructure Without A Global Trust Model. In: Proceedings of NDSS 1995, pp. 172–190 (1995)
Ellison, C., Frantz, B., Lampson, B., et al. (eds.): SPKI Certificate Theory, Internet Request for Comments, p. 2693 (1999)
Li, T.-Y., Zhu, H., Lam, K.-Y.: A novel two-level trust model for grid. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 214–225. Springer, Heidelberg (2003)
Azzedin, F., Maheswaran, M.: Evolving and Managing Trust in Grid Computing Systems. In: Canadian Conference on Electrical and Computer Engineering, Proceedings of IEEE CCECE 2002, pp. 1424–1429 (2002)
Foster, I., Kessslman, C., Nick, J., et al.: The Physiology of the Grid: An Open Grid Services Architecture for Distributed System Integration. Global Grid Forum (2002), http://www.nesc.ac.uk/talks/ggf5_hpdcll/physio_o_grid220702.pdf
Raghnnathan, S., Mikler, A., Cozzolino, C.: Secure Agent Computation: X.509 Proxy Certificates in a Multi-lingual Agent Framework. The Journal of Systems and Software 75(1-2), 125–137 (2005)
Gou, X.T., Jin, W.D., Zhang, G.X.: Multi-agent Based Security Auditing System of Broadband MAN. In: Proceedings of the 2004 International Conference On Intelligent Mechatronics and Automation, pp. 939–944 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xiao, Z., Huang, C., Xu, F. (2006). A Security Auditing Approach Based on Mobile Agent in Grid Environments. In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3984. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751649_26
Download citation
DOI: https://doi.org/10.1007/11751649_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34079-9
Online ISBN: 978-3-540-34080-5
eBook Packages: Computer ScienceComputer Science (R0)