Skip to main content
SpringerLink
Log in

A Novel Two-Level Trust Model for Grid

  • Conference paper
Book cover Information and Communications Security (ICICS 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2836))

Included in the following conference series:

Abstract

Trust is hard to establish in a service-oriented grid architecture because of the need to support end user single sign-on and dynamic transient service. In order to enhance the security by the Grid Security Infrastructure (GSI), this paper proposes a two-level trust model and the corresponding trust metrics evaluation algorithms. The upper level defines the trust relationships among Virtual Organizations (VO) in a distributed manner. The lower level justifies the trust values within a grid domain. This novel model provides an integrated trust evaluation mechanism to support secure and transparent services across security domains. It is flexible, scalable and interoperable. We design the implementation of embedding the trust scheme into GSI. At this stage, we achieve additional authentication means between grid users and grid services.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A Security Architecture for Computational Grids. In: Proc. 5th ACM Conference on Computer and Communications Security Conference, pp. 83–92 (1998)

    Google Scholar 

  2. Butler, R., Engert, D., Foster, I., Kesselman, C., Tuecke, S., Volmer, J., Welch, V.: A National-Scale Authentication Infrastructure. IEEE Computer 33(12), 60–66 (2000)

    Google Scholar 

  3. Nagaratnam, N., et al.: Security Architecture for Open Grid Services. GGF OGSA Security Workgroup, http://www.ggf.org/ogsa-sec-wg

  4. Globus Toolkits V3.0 of the Globus project, http://www.globus.org

  5. Tuecke, S., et al.: Internet X.509 Public Key Infrastructure Proxy Certificate Profile. IETF Internet Draft (April 2003), http://www.ietf.org/internet-drafts/draftietf-pkix-proxy-05.txt

  6. Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280 (April 2002)

    Google Scholar 

  7. Surridge, M.: A Rough Guide to Grid Security. V1.1, IT Innovation Centre (2002)

    Google Scholar 

  8. Thompson, M., et al.: CA-based Trust Model for Grid Authentication and Identity Delegation. Grid Certificate Policy Working Group (October 2002)

    Google Scholar 

  9. Linn, J.: Generic Security Service Application Program Interface, Version 2, Update 1, RFC 2743 (January 2000)

    Google Scholar 

  10. Freier, A., Kariton, P., Kocher, P.: The SSL Protocol: Version 3.0. Netscape communications, Inc., CA (March 1996)

    Google Scholar 

  11. Foley, S.N.: Trust Management and Whether to Delegate. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2001. LNCS, vol. 2467, pp. 151–157. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  12. Kohl, J., Neuman, C.: The Kerberos Network Authentication Service (V5). RFC 1510 (September 1993)

    Google Scholar 

  13. Reiter, M., Stubblebine, S.: Resilient authentication using path independence. IEEE Transactions on computers 47(12) (December 1998)

    Google Scholar 

  14. Reiter, M.K., Stubblebine, S.G.: Authentication metric analysis and design. ACM Transactions on Information and System Security 2(2), 138–158 (1999)

    Article  Google Scholar 

  15. Ellison, C., et al.: Spki certificate theory (September 1999); Internet Request for Comments: 2693

    Google Scholar 

  16. Zimmermann, P.: Pretty Good Privacy (PGP), PGP User’s Guide, MIT (October 1994)

    Google Scholar 

  17. Aura, T.: Distributed Access-Rights Managements with Delegations Certificates. Secure Internet Programming 1999, 211–235 (1999)

    Google Scholar 

  18. Mendes, S., Huitema, C.: A new approach to the X.509 framework: Allowing a global authentication infrastructure without a global trust model. In: Proceedings of NDSS 1995 (1995)

    Google Scholar 

  19. Zhu, H., Feng, B., Deng, R.H.: Computing of Trust in Distributed Networks. Cryptology ePrint Archive: Report 2003/056

    Google Scholar 

  20. Maurer, U.: Modelling a Public-Key Infrastructure. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 325–350. Springer, Heidelberg (1996)

    Google Scholar 

  21. Biskup, J., Karabulut, Y.: Mediating Between Strangers: A Trust Management Based Approach. In: 2nd Annual PKI Research Workshop, http://middleware.internet2.edu/pki03/

Download references

Author information

Authors and Affiliations

  1. Infocomm Security Department, Institute for Infocomm Research I2R, 21 Heng Mui Keng Terrace, Singapore, 119613

    Tie-Yan Li & HuaFei Zhu

  2. School of Software, Tsinghua University, Beijing, 100084, PR China

    Kwok-Yan Lam

Authors
  1. Tie-Yan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. HuaFei Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kwok-Yan Lam
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Softwear, Chinese Academy of Sciences, 100080, Beijing, China

    Sihan Qing

  2. Institute for Security in Distributed Applications, Hamburg University of Technology, 21071, Hamburg, Germany

    Dieter Gollmann

  3. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Li, TY., Zhu, H., Lam, KY. (2003). A Novel Two-Level Trust Model for Grid. In: Qing, S., Gollmann, D., Zhou, J. (eds) Information and Communications Security. ICICS 2003. Lecture Notes in Computer Science, vol 2836. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39927-8_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-39927-8_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20150-2

  • Online ISBN: 978-3-540-39927-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation