Abstract
Privilege Management Infrastructures (PMI), used in conjunction with PKIs, allow for an effective, efficient and scalable enforcement of access control in complex distributed systems like grids. We propose a PMI-aware extension for the SSH service, in order to obtain a certificate-based system entry service supporting the direct delegation functionality. Our design uses the PAM and NSS frameworks, so that such extension could be easily generalized to encompass any other system entry service. Indeed, as detailed in a previous work, we look at it as a starting point of a fully integrated design, strictly adhering to modern computing security principles, in which distributed security-oriented OSs act as building blocks of grid-like architectures encompassing advanced resource-sharing and collaborative environments.
Partially supported by the SCoPE Italian PON Project.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Boeyen, S., Howes, T., Richard, P.: Internet X.509 Public Key Infrastructure LDAPv2 Schema. RFC 2587 (1999)
Chadwick, D.W., Otenko, O.: The Permis X.509 Role Based Privilege Management Infrastructure. Future Gener. Comput. Syst. 19, 277–289 (2003)
Chadwick, D.W.: Authorization in Grid Computing. Information Security Technical Report 10, 33–40 (2005)
Globus Toolkit 4 Security Documentation, http://www.globus.org/toolkit/docs/4.0/security/index.html
Lorch, M., Kafura, D.: Supporting Secure ad hoc User Collaborations in Grid Environments. In: Parashar, M. (ed.) GRID 2002. LNCS, vol. 2536, Springer, Heidelberg (2002)
ISO-IEC Std. 9594-8 | ITU-T Rec. X.509 (1993)
ISO-IEC Std. 9594-8 | ITU-T Rec. X.509 (2001)
ISO-IEC Std. 10181-3 | ITU-T Rec. X.812 (1995)
Laccetti, G., Schmid, G.: A Framework Model for Grid Security. Future Gener. Comput. Syst. 23, 702–713 (2007)
Mauro, J., McDougall, R.: Solaris Internals, 2nd edn. Sun Microsystem Press (2005)
Samar, V., Lai, C.: Making Login Services Independent of Authentication Technologies. In: Proceedings of the SunSoft Developers Conference (1996)
nss_ldap module web page: http://www.padl.com/OSS/nss_ldap.html
Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompsonet, M.: Internet X.509 Public-Key Infrastructure (PKI) Proxy Certificate Profile. RFC 3820 (2004)
Ylonen, T.: The Secure Shell (SSH) Protocol Architecture. RFC 4251 (2006)
Ylonen, T.: The Secure Shell (SSH) Authentication Protocol. RFC 4252 (2006)
Ylonen, T.: The Secure Shell (SSH) Transport Layer Protocol. RFC 4253 (2006)
Zeilenga, K.: Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 Certificates. RFC 4523 (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Laccetti, G., Schmid, G. (2008). A PMI-Aware Extension for the SSH Service. In: Wyrzykowski, R., Dongarra, J., Karczewski, K., Wasniewski, J. (eds) Parallel Processing and Applied Mathematics. PPAM 2007. Lecture Notes in Computer Science, vol 4967. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68111-3_99
Download citation
DOI: https://doi.org/10.1007/978-3-540-68111-3_99
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68105-2
Online ISBN: 978-3-540-68111-3
eBook Packages: Computer ScienceComputer Science (R0)