Abstract
Trust is hard to establish in a service-oriented grid architecture because of the need to support end user single sign-on and dynamic transient service. In order to enhance the security by the Grid Security Infrastructure (GSI), this paper proposes a two-level trust model and the corresponding trust metrics evaluation algorithms. The upper level defines the trust relationships among Virtual Organizations (VO) in a distributed manner. The lower level justifies the trust values within a grid domain. This novel model provides an integrated trust evaluation mechanism to support secure and transparent services across security domains. It is flexible, scalable and interoperable. We design the implementation of embedding the trust scheme into GSI. At this stage, we achieve additional authentication means between grid users and grid services.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A Security Architecture for Computational Grids. In: Proc. 5th ACM Conference on Computer and Communications Security Conference, pp. 83–92 (1998)
Butler, R., Engert, D., Foster, I., Kesselman, C., Tuecke, S., Volmer, J., Welch, V.: A National-Scale Authentication Infrastructure. IEEE Computer 33(12), 60–66 (2000)
Nagaratnam, N., et al.: Security Architecture for Open Grid Services. GGF OGSA Security Workgroup, http://www.ggf.org/ogsa-sec-wg
Globus Toolkits V3.0 of the Globus project, http://www.globus.org
Tuecke, S., et al.: Internet X.509 Public Key Infrastructure Proxy Certificate Profile. IETF Internet Draft (April 2003), http://www.ietf.org/internet-drafts/draftietf-pkix-proxy-05.txt
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280 (April 2002)
Surridge, M.: A Rough Guide to Grid Security. V1.1, IT Innovation Centre (2002)
Thompson, M., et al.: CA-based Trust Model for Grid Authentication and Identity Delegation. Grid Certificate Policy Working Group (October 2002)
Linn, J.: Generic Security Service Application Program Interface, Version 2, Update 1, RFC 2743 (January 2000)
Freier, A., Kariton, P., Kocher, P.: The SSL Protocol: Version 3.0. Netscape communications, Inc., CA (March 1996)
Foley, S.N.: Trust Management and Whether to Delegate. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2001. LNCS, vol. 2467, pp. 151–157. Springer, Heidelberg (2002)
Kohl, J., Neuman, C.: The Kerberos Network Authentication Service (V5). RFC 1510 (September 1993)
Reiter, M., Stubblebine, S.: Resilient authentication using path independence. IEEE Transactions on computers 47(12) (December 1998)
Reiter, M.K., Stubblebine, S.G.: Authentication metric analysis and design. ACM Transactions on Information and System Security 2(2), 138–158 (1999)
Ellison, C., et al.: Spki certificate theory (September 1999); Internet Request for Comments: 2693
Zimmermann, P.: Pretty Good Privacy (PGP), PGP User’s Guide, MIT (October 1994)
Aura, T.: Distributed Access-Rights Managements with Delegations Certificates. Secure Internet Programming 1999, 211–235 (1999)
Mendes, S., Huitema, C.: A new approach to the X.509 framework: Allowing a global authentication infrastructure without a global trust model. In: Proceedings of NDSS 1995 (1995)
Zhu, H., Feng, B., Deng, R.H.: Computing of Trust in Distributed Networks. Cryptology ePrint Archive: Report 2003/056
Maurer, U.: Modelling a Public-Key Infrastructure. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 325–350. Springer, Heidelberg (1996)
Biskup, J., Karabulut, Y.: Mediating Between Strangers: A Trust Management Based Approach. In: 2nd Annual PKI Research Workshop, http://middleware.internet2.edu/pki03/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, TY., Zhu, H., Lam, KY. (2003). A Novel Two-Level Trust Model for Grid. In: Qing, S., Gollmann, D., Zhou, J. (eds) Information and Communications Security. ICICS 2003. Lecture Notes in Computer Science, vol 2836. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39927-8_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-39927-8_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20150-2
Online ISBN: 978-3-540-39927-8
eBook Packages: Springer Book Archive