Skip to main content
SpringerLink
Log in

An Authorization Architecture Oriented to Engineering and Scientific Computation in Grid Environments

  • Conference paper
Book cover Advances in Computer Systems Architecture (ACSAC 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3189))

Included in the following conference series:

Abstract

Large-scale scientific and engineering computation is normally accomplished through the interaction of collaborating groups and diverse heterogeneous resources. Grid computing is emerging as an applicable paradigm, whilst, there is a critical challenge of authorization in the grid infrastructure. This paper proposes a Parallelized Subtask-level Authorization Service architecture (PSAS) based on the least privilege principle, and presents a context-aware authorization approach and a flexible task management mechanism. The minimization of the privileges is conducted by decomposing the parallelizable task and re-allotting the privileges required for each subtask. The dynamic authorization is carried out by constructing a multi-value community policy and adaptively transiting the mapping. Besides applying a relevant management policy, a delegation mechanism collaboratively performs the authorization delegation for task management. In the enforcement mechanisms involved, the authors have extended the RSL specification and the proxy certificate, and have modified the Globus gatekeeper, jobmanager and the GASS library to allow authorization callouts. Therefore the authorization requirement of an application is effectively met in the presented architecture.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. International Journal of Supercomputer Applications 15(3), 200–222 (2001)

    Article  Google Scholar 

  2. Grimshaw, A., Wulf, W.A., et al.: The Legion Vision of a Worldwide Virtual Machine. Communications of the ACM 40(1), 39–45 (1997)

    Article  Google Scholar 

  3. Foster, I., Kesselman, C.: Globus: a metacomputing infrastructure toolkit. International Journal of Supercomputer Applications 11(2), 115–128 (1997)

    Article  Google Scholar 

  4. Tuecke, S., et al.: Internet X.509 Public Key Infrastructure Proxy Certificate Profile (2002)

    Google Scholar 

  5. Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A Security Architecture for Computational Grids. In: Proc. of 5th ACM Conference on Computer and Communications Security Conference (1998)

    Google Scholar 

  6. Kagal, L., Finin, T., Peng, Y.: A Delegation Based Model For Distributed Trust. In: IJCAI 2001 Workshop on Autonomy, Delegation, and Control (2001)

    Google Scholar 

  7. Salzer, J.R., Schroeder, M.D.: The Protection of Information in Computer Systems. Proc. of the IEEE (1975)

    Google Scholar 

  8. Pearlman, L., Welch, V., et al.: A Community Authorization Service for Group Collaboration. In: Proc. of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (2002)

    Google Scholar 

  9. Johnston, W., Mudumbai, S., et al.: Authorization and Attribute Certificates for Widely Distributed Access Control. In: Proc. of IEEE 7th International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (1998)

    Google Scholar 

  10. Alfieri, R., et al.: VOMS: an Authorization System for Virtual Organizations. In: Proc. of the 1st European Across Grids Conference (2003)

    Google Scholar 

  11. Lorch, M., Adams, D.B., et al.: The PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments. In: Proc. of the 4th International Workshop on Grid Computing (2003)

    Google Scholar 

  12. Lorch, M., Kafura, D.: Supporting Secure Ad-hoc User Collaboration in Grid Environments. In: Proc. of the 3rd IEEE/ACM International Workshop on Grid Computing (2002)

    Google Scholar 

  13. Zhang, G., Parashar, M.: Dynamic Context-aware Access Control for Grid Applications. In: Proc. of the 4th International Workshop on Grid Computing (2003)

    Google Scholar 

  14. Sandhu, R., Coyne, E., et al.: Role-based Access Control Models. In: Proc. of the 5th ACM Workshop on Role-Based Access Control (2000)

    Google Scholar 

  15. Keahey, K., Welch, V., et al.: Fine-Grain Authorization Policies in the Grid: Design and Implementation. In: Proc. of the1st International Workshop on Middleware for Grid Computing (2003)

    Google Scholar 

  16. Kim, S., Kim, J., Hong, S., et al.: Workflow-based Authorization Service in Grid. In: Proc. of the 4th International Workshop on Grid Computing (2003)

    Google Scholar 

  17. Romberg, M.: The UNICORE Architecture: Seamless Access to Distributed Resources. In: Proc. of the 8th IEEE International Symposium on High Performance Distributed Computing (1999)

    Google Scholar 

  18. Dey, A.K., Abowd, G.D.: The Context Toolkit: Aiding the Development of Context- Aware Applications. In: Proc. of Human Factors in Computing Systems: CHI 1999 (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computer Science, Zhejiang University, Hangzhou, 310027, P. R. China

    Changqin Huang, Guanghua Song, Yao Zheng & Deren Chen

  2. Center for Engineering and Scientific Computation, Zhejiang University, Hangzhou, 310027, P. R. China

    Changqin Huang, Guanghua Song & Yao Zheng

Authors
  1. Changqin Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guanghua Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yao Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Deren Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Minnesota, Minneapolis

    Pen-Chung Yew

  2. National ICT, Australia

    Jingling Xue

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Huang, C., Song, G., Zheng, Y., Chen, D. (2004). An Authorization Architecture Oriented to Engineering and Scientific Computation in Grid Environments. In: Yew, PC., Xue, J. (eds) Advances in Computer Systems Architecture. ACSAC 2004. Lecture Notes in Computer Science, vol 3189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30102-8_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30102-8_39

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23003-8

  • Online ISBN: 978-3-540-30102-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation