Abstract
A central problem for Grid (or web) services is how to gain confidence that a remote principal (user or system) will behave as expected. In Grid security practice at present, issues of confidentiality and data integrity rely on weak social trust mechanisms of “reputation maintenance”: a principal who is introduced by a reputable party should hopefully behave in “best effort” to maintain the reputation of the introducer. As will be discussed in this paper, this gentleman’s notion of trust is insufficient for a large class of problems in Grid services.
The emerging Trusted Computing (TC) technologies offer great potential to improve this situation. The TC initiative developed by the Trusted Computing Group (TCG) takes a distributed-system-wide approach to the provisions of integrity protection for systems, resources and services. Trust established from TC is much stronger than that described above: it is about conformed behaviors of a principal such that the principal is prohibited from acting against the granted interests of other principals it serves.
We consider that this stronger notion of trust from TC naturally suits the security requirements for Grid services or science collaborations. We identify and discuss in this paper a number of innovations that the TC technologies could offer for improving Grid security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alfieri, R., Cecchini, R.L., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., Lõrentey, K., Spataro, F.: VOMS, an authorization system for virtual organizations. In: Fernández Rivera, F., Bubak, M., Gómez Tato, A., Doallo, R. (eds.) Across Grids 2003. LNCS, vol. 2970, pp. 33–40. Springer, Heidelberg (2004)
Anderson, D.P.: BOINC: A system for public-resource computing and storage. In: Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing, Pittsburgh, PA (November 2004)
Anderson, R.: TCPA/Palladium frequently asked questions (2003)
Arbaugh, B.: Improving the TCPA specification. IEEE Computer, 77–79 (2002)
Chadwick, D.W.: RBAC policies in XML for X.509 based privilege management. In: Proceedings of SEC 2002 (2002)
Garfunkel, T., Rosenblum, M., Boneh, D.: Flexible OS support and applications for Trusted Computing. In: The 9th Hot Topics in Operating Systems, HOTOS-IX (2003)
Goldberg, R.: Survey of virtual machine research. IEEE Computer Magazine 7, 34–45 (1974)
Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation — a virtual machine directed approach to trusted computing. In: VM 2004. USENIX (2004)
Marchesini, J., Smith, S., Wild, O., MacDonald, R.: Experimenting with TCPA/TCG hardware, or: How I learned to stop worrying and love the bear. Technical Report TR2003-476, Department of Computer Science, Dartmouth College, Hanover, New Hampshire (December 2003)
Martin, A., Cook, C.: Grids and Private Networks are Antithetical. In: Chivers, H., Martin, A. (eds.) Workshop on Grid Security Practice and Experience, Oxford, UK (July 2004)
Safford, D.: Clarifying misinformation on TCPA (October 2002)
Saltzer, J.H., Reed, D.P., Clark, D.D.: End-to-End Arguments in System Design. ACM Transactions in Computer Systems 2(4), 277–288 (1984)
Stainforth, D., Martin, A., Simpson, A., Christensen, C., Kettleborough, J., Aina, T., Allen, M.: Security principles for public-resource modelling research. In: IASTED (2002)
Atkinson, B., et al.: Specification: Web Services Security (WS-Security), Version 1.0, April 5 (2002)
Bair, R. (ed.), Agarwal, D., et. al (contributors): National Collaboratories Horizons, Report of the August 10-12, National Collaboratories Program Meeting, the U.S. Department of Energy Office of Science (2004)
Bellovin, S.: Distributed Firewalls. In: login: pp. 39-47 (November 1999)
Bolosky, W.J., Douceur, J.R., Ely, D., Theimer, M.: Feasibility of a service distributed file system deployed on an existing set of desktop PCs. In: Proceedings of International Conference on Measurement and Modelling of Computer Systems, pp. 34–43 (2000)
Foster, I., Kesselman, C.: Computational Grids. In: The Grid: Blueprint for a New Computing Infrastructure, Ch. 2, pp. 15–51. Morgan Kaufmann, San Francisco (1999)
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for Computational Grids. In: 5th ACM Conference on Computer and Communications Security, pp. 83–92 (1998)
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the Grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications 15(3), 200–222 (2001)
Freier, A.O., Karlton, P., Kocher, P.C.: The SSL Protocol, Version 3.0. INTERNET-DRAFT, draft-freier-ssl-version3-02.txt (November 1996)
Globus Toolkit, http://www-unix.globus.org/toolkit/
ITU-T.Rec. X.509 (revised) the Directory — Authentication Framework. International Telecommunication Union, Geneva, Switzerland (equivalent to ISO/IEC 9594-8:1995) (1993)
Novotny, J., Teucke, S., Welch, V.: An Online Credential Repository for the Grid: MyProxy. In: Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC-10), August 2001. IEEE Press, Los Alamitos (2001)
Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A Community Authorization Service for Group Collaboration. In: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks, p. 50 (2002)
RSA Security. PKCS#11 v2.20: Cryptographic Token Interface Standard. June 28 (2004), http://www.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment. ACM Transactions on Information and System Security (TISSEC) 6(4), 566–588 (2003)
Korpela, E., Werthimer, D., Anderson, D., Cobb, J., Lebofsky, M.: SETI@home - massively distributed computing for SETI. Computing in Science and Engineering 3(1), 78–83 (2001)
Stainforth, D.A., Aina, T., Christensen, C., Collins, M., Faul, N., Frame, D.J., Kettleborough, J.A., Knight, S., Martin, A., Murphy, J.M., Piani, C., Sexton, D., Smith, L.A., Spicer, R.A., Thorpe, A.J., Allen, M.R.: Uncertainty in the predictions of the climate response to rising levels of greenhouse gases. Nature 433, 403–406 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mao, W., Martin, A., Jin, H., Zhang, H. (2009). Innovations for Grid Security from Trusted Computing. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2006. Lecture Notes in Computer Science, vol 5087. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04904-0_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-04904-0_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04903-3
Online ISBN: 978-3-642-04904-0
eBook Packages: Computer ScienceComputer Science (R0)