Abstract
A central security requirement for grid computing can be referred to as behaviour conformity. This is an assurance that ad hoc related principals (users, platforms or instruments) forming a grid virtual organisation (VO) must each act in conformity with the rules for the VO constitution. Existing grid security practice has little means to enforce behaviour conformity and consequently falls short of satisfactory solutions to a number of problems.
Trusted Computing (TC) technology can add to grid computing the needed property of behaviour conformity. With TC using an essentially in-platform (trusted) third party, a principal can be imposed to have conformed behaviour and this fact can be reported to interested parties who may only need to be ad hoc related to the former. In this paper we report the Daonity system, a TC enabled emerging work in grid security standard, to manifest how behaviour conformity can help to improve grid security.
An Open Grid Forum Project (https://forge.gridforum.org/projects/tc-rg/) for developing a grid security standard, led by HP Labs China and participated by Wuhan University, Huazhong University of Science and Technology, Fudan University and Oxford University.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, Á., Gianoli, A., Lörentey, K., Spataro, F.: VOMS, an authorization system for virtual organizations. In: Fernández Rivera, F., Bubak, M., Gómez Tato, A., Doallo, R. (eds.) Across Grids 2003. LNCS, vol. 2970, pp. 33–40. Springer, Heidelberg (2004)
Anderson, R.: TCPA/Palladium frequently asked questions (2003)
Arbaugh, B.: Improving the TCPA specification. In: IEEE Computer, pp. 77–79 (August 2002)
Atkinson, B., et al.: Specification: Web Services Security (WS-Security), Version 1.0, (April 05 2002)
Bair, R. (ed.), D. Agarwal, et al (contributors). National Collaboratories Horizons, Report of the August 10-12, National Collaboratories Program Meeting, the U.S. Department of Energy Office of Science (2004)
Bellovin, S.: Distributed Firewalls. ;login: pp. 39-47 (November 1999)
Bolosky, W.J., Douceur, J.R., Ely, D., Theimer, M.: Feasibility of a service distributed file system deployed on an existing set of desktop PCs. In: Proceedings of International Conference on Measurement and Modelling of Computer Systems, pp. 34–43 (2000)
Chadwick, D.W.: RBAC policies in XML for X.509 based privilege management. In: Proceedings of SEC 2002 (2002)
Foster, I., Kesselman, C.: The Grid: Blueprint for a New Computing Infrastructure. In: Computational Grids. ch. 2, pp. 15–51. Morgan Kaufmann, San Francisco (1999)
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for Computational Grids. In: 5th ACM Conference on Computer and Communications Security, pp. 83–92 (1998)
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the Grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications 15(3), 200–222 (2001)
Freier, A.O., Karlton, P., Kocher, P.C.: The SSL Protocol, Version 3.0. INTERNET-DRAFT, draft-freier-ssl-version3-02. txt (November 1996)
Garfunkel, T., Rosenblum, M., Boneh, D.: Flexible OS support and applications for Trusted Computing. In: The 9th Hot Topics in Operating Systems, (HOTOS-IX) (2003)
Globus Toolkit 4, http://www-unix.globus.org/toolkit/
Goldberg, R.: Survey of virtual machine research. IEEE Computer Magazine 7, 34–45 (1974)
Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation — a virtual machine directed approach to trusted computing. In: VM 2004, USENIX (2004)
ITU-T. Rec. X.509 (revised) the Directory — Authentication Framework, International Telecommunication Union, Geneva, Switzerland (equivalent to ISO/IEC 9594-8:1995) (1993)
Marchesini, J., Smith, S., Wild, O., MacDonald, R.: Experimenting with TCPA/TCG hardware, or: How I learned to stop worrying and love the bear. Technical Report TR2003-476, Department of Computer Science, Dartmouth College, Hanover, New Hampshire (December 2003)
Martin, A., Cook, C.: Grids and VPNs are antithetical. In: Chivers, H., Martin, A. (eds.) Workshop on Grid Security Practice and Experience (2004)
Novotny, J., Teucke, S., Welch, V.: An Online Credential Repository for the Grid: MyProxy. In: Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC-10), IEEE Press, Los Alamitos (August 2001)
Open Grid Forum. Overview of the GSI, http://www.globus.org/security/overview.html
Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A Community Authorization Service for Group Collaboration. In: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks, p. 50 (2002)
RSA Security. PKCS#11 v2.20: Cryptographic Token Interface Standard (June 2004), http://www.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
Safford, D.: Clarifying misinformation on TCPA (October 2002)
Servers Unilization, http://www.serverwatch.com/
Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment. ACM Transactions on Information and System Security (TISSEC) 6(4), 566–588 (2003)
TrouSerS. The Open-Source TCG Software Stack, http://www.trousers.sourceforge.net/
Trusted Computing Group, http://www.trustedcomputinggroup.org
Trusted Computing Research Group, Open Grid Forum, http://www.forge.gridforum.org/projects/tc-rg/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mao, W., Yan, F., Yi, C., Chen, H. (2010). Daonity: Protocol Solutions to Grid Security Using Hardware Strengthened Software Environment. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2007. Lecture Notes in Computer Science, vol 5964. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17773-6_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-17773-6_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17772-9
Online ISBN: 978-3-642-17773-6
eBook Packages: Computer ScienceComputer Science (R0)