Access Control in Cloud-on-Grid Systems: The PerfCloud Case Study

Casola, Valentina; Lettiero, Raffaele; Rak, Massimiliano; Villano, Umberto

doi:10.1007/978-94-007-0641-5_20

Valentina Casola⁵,
Raffaele Lettiero⁶,
Massimiliano Rak⁶ &
…
Umberto Villano⁷

2031 Accesses
4 Citations

Abstract

Cloud computing is an emerging paradigm for the management of large distributed computing resources. Currently there is great interest in the integration of cloud and grid computing technologies. PerfCloud is a cloud implementation based on a cloud-on-grid approach, in that it exploits an underlying grid platform. PerfCloud provides a set of services for the creation of Virtual Clusters (VCs) and the execution and performance evaluation of user applications on the VC environment. This paper, after a discussion on security issues in clouds, focuses on the implications linked to the use of a cloud-on-grid approach. As a case study, the implementation of fine-grain access control mechanisms in PerfCloud is presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Hardcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Mell, P., and T. Grance. The NIST Definition of Cloud Computing. 2009.
2.
W3C Working Group. Web Services Architecture (2004), http://www.w3.org/TR/ws-arch/.
3.
Barham, P., et al., “Xen and the Art of Virtualization.” SIGOPS Operating Systems Review 37, (2003): 164–177.
4.
VMWare Staff, Virtualization overview. (White Paper) http://www.vmware.com/pdf/virtualization.pdf.
5.
Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing. (2009).
6.
Jha, S., A. Merzky, and G. Fox. “Using Clouds to Provide Grids Higher-Levels of Abstraction and Explicit Support for Usage Modes.” Concurrency and Computation: Practice & Experience 21, 8 (2009): 1087–1108.
7.
Foster, I., et al., “Virtual Clusters for Grid Communities.” In: CCGRID 2006, 513–520. IEEE Computer Society Press, 2006.
8.
Keahey, K., et al., “Virtual Workspaces: Achieving Quality of Service and Quality of Life in the Grid.” Scientific Programming 13 (2005): 265–275.
9.
Cherkasova, L., et al., “Optimizing Grid Site Manager Performance with Virtual Machines.” in Proc. of the 3rd USENIX Workshop on Real Large Distributed Systems (WORLDS06), (2006).
10.
Mancini, E.P., et al., “PerfCloud: Grid Services for Performance-Oriented Development of Cloud Computing Applications.” in Proc. of Emerging Technologies for Next generation GRID (ETNGRID-2009/WETICE-2009) (2009).
11.
Casola, V., et al., “PerfCloud: Performance-Oriented Integration of Cloud and Grid.” in Proc. of CloudComp 2009, Munich (DE) (2010).
12.
The Globus Security Team. Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective, http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI-Overview.pdf (2005).
13.
Thain, D., et al., “Distributed Computing in Practice: The Condor Experience.” Concurrency – Practice and Experience 17, (2005): 323–356.
14.
Henderson, R. “Job Scheduling Under the Portable Batch System.” in Job Scheduling Strategies for Parallel Processing, Lecture Notes in Computer Science 949. Springer, (1995): 279–294.
15.
Welch, V., et al., “X.509 proxy certificates for dynamic delegation.” in Proc. of the 3rd Annual PKI R&D Workshop, (2004).
16.
Welch, V., et al., “Security for Grid Services.” in Proc. of the 12th International Symposium on High Performance Distributed Computing (HPDC-12), (2003).
17.
Ferraiolo, D.F., and D. Richard Kuhn. “Role-based access control.” in Proc. of the 15th National Computer Security Conference, (1992).
18.
Lang, B., et al., “A Multipolicy Authorization Framework for Grid Security.” in Proc. of the Fifth IEEE Symposium on Network Computing and Application. IEEE Computer Society Press, (2006).
19.
Keahey, K., and V. Welch. “Fine-Grain Authorization for Resource Management in the Grid Environment.” in Proc. of the Grid2002 Workshop, Lecture Notes In Computer Science 2536. Springer, (2002).
20.
The OASIS technical committee. Xacml: extensible access control markup language (2005), http://www.oasisopen.org/committees/xacml/repository/.
21.
Chadwick, D.W., et al., “Permis: A Modular Authorization Infrastructure.” Concurrency and Computation: Practice and Experience 20, (2008).
22.
Barton, T., et al., “Identity Federation and Attribute-Based Authorization Through the Globus Toolkit, Shibboleth, Gridshib, and Myproxy.” in Proc. of 5th Annual PKI R&D Workshop, (2006).
23.
Amazon Inc., “Elastic Compute Cloud,” (2008), http://aws.amazon.com/ec2.
24.
IBM Inc., “Blue Cloud Project,” (2008), http://www03.ibm.com/press/us/en/pressrelease/22613.wss.
25.
Sun Microsystems, “Network.com,” http://www.network.com.
26.
Microsoft Co., “Azure Services Platform,” http://www.microsoft.com/azure/default.mspx.
27.
Google Inc., “Google Application Engine,” http://code.google.com/intl/it-IT/appengine.
28.
Dell Co., “Dell Cloud Computing Solutions,” http://www.dell.com/cloudcomputing.
29.
Reservoir Consortium: Reservoir Project, http://www03.ibm.com/press/us/en/pressrelease/23448.wss, (2009).
30.
Distributed Systems Architecture Research Group, Opennebula project. Technical report, Universidad Complutense de Madrid. http://www.opennebula.org, (2009).
31.
Barham, P., et al., “Xen and the Art of Virtualization.” SIGOPS Operating Systems Review 37, 5 (2003): 164–177.
32.
Sun Inc., “VirtualBox,” http://www.virtualbox.org/.
33.
Qumranet, “KVM,” http://www.linux-kvm.org/page/Main Page.
34.
Foster, I., et al., “Cloud Computing and Grid Computing 360-Degree Compared.” in Proc. of 2008 Grid Computing Environments Workshop. IEEE, (2008): 1–10.
35.
University of Chicago, “Nimbus Project,” http://workspace.globus.org/clouds/nimbus.html, (2009).

References

Amazon Inc., “Elastic Compute Cloud,” (2008), http://aws.amazon.com/ec2.
Barham, P., B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt and A. Warfield. “Xen and the Art of Virtualization.” SIGOPS Operating Systems Review 37, 5 (2003): 164–177.
Google Scholar
Barton, T., J. Basney, T. Freeman, T. Scavo, F. Siebenlist, V. Welch, R. Ananthakrishnan, B. Baker, M. Goode, and K. Keahey. “Identity Federation and Attribute-Based Authorization Through the Globus Toolkit, Shibboleth, Gridshib, and Myproxy.” In Proc. of 5th Annual PKI R&D Workshop, (2006).
Google Scholar
Casola, V., M. Rak, and U. Villano. “PerfCloud: Performance-Oriented Integration of Cloud and Grid.” In Proc. of CloudComp 2009, Munich (DE), Springer, (2010).
Google Scholar
Chadwick, D.W., G. Zhao, S. Otenko, R. Laborde, L. Su, and T.A. Nguyen. “Permis: A Modular Authorization Infrastructure.” Concurrency and Computation: Practice and Experience 20, (2008): 1341–1357.
Article Google Scholar
Cherkasova, L., D. Gupta, and A. Vahdat. “Optimizing Grid Site Manager Performance with Virtual Machines.” In Proc. of the 3rd USENIX Workshop on Real Large Distributed Systems (WORLDS06), (2006).
Google Scholar
Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing. 2009.
Google Scholar
Dell Co., “Dell Cloud Computing Solutions,” http://www.dell.com/cloudcomputing.
Distributed Systems Architecture Research Group. Opennebula Project. Technical report, Universidad Complutense de Madrid (2009). http://www.opennebula.org.
Ferraiolo, D.F., and D. Richard Kuhn. “Role-based access control.” In Proc. of the 15th National Computer Security Conference, (1992): 554–563.
Google Scholar
Foster, I., T. Freeman, K. Keahey, D. Scheftner, B. Sotomayor, and X. Zhang. “Virtual Clusters for Grid Communities.” In CCGRID 2006, 513–520. IEEE Computer Society Press, 2006.
Google Scholar
Foster, I., Y. Zhao, I. Raicu, S. Lu. “Cloud Computing and Grid Computing 360-Degree Compared.” In Proc. of 2008 Grid Computing Environments Workshop. IEEE, (2008): 1–10.
Google Scholar
Google Inc., “Google Application Engine,” http://code.google.com/intl/it-IT/appengine.
Henderson, R. “Job Scheduling Under the Portable Batch System.” In Job Scheduling Strategies for Parallel Processing, Lecture Notes in Computer Science 949. Springer, (1995): 279–294.
Google Scholar
IBM Inc., “Blue Cloud Project,” (2008), http://www03.ibm.com/press/us/en/pressrelease/22613.wss.
Jha, S., A. Merzky, and G. Fox. “Using Clouds to Provide Grids Higher-Levels of Abstraction and Explicit Support for Usage Modes.” Concurrency and Computation: Practice & Experience 21, 8 (2009): 1087–1108.
Article Google Scholar
Keahey, K., and V. Welch. “Fine-Grain Authorization for Resource Management in the Grid Environment.” In Proc. of the Grid2002 Workshop, Lecture Notes In Computer Science 2536. Springer, (2002): 199–206.
Google Scholar
Keahey, K., I. Foster, T. Freeman, and X. Zhang. “Virtual Workspaces: Achieving Quality of Service and Quality of Life in the Grid.” Scientific Programming 13 (2005): 265–27.
Google Scholar
Lang, B., I. Foster, F. Siebenlist, R. Ananthakrishnan, and T. Freeman. “A Multipolicy Authorization Framework for Grid Security.” In Proc. of the Fifth IEEE Symposium on Network Computing and Application. IEEE Computer Society Press, (2006): 269–272.
Google Scholar
Mancini, E.P., M. Rak, and U. Villano. “PerfCloud: Grid Services for Performance-Oriented Development of Cloud Computing Applications.” In Proc. of Emerging Technologies for Next generation GRID (ETNGRID-2009/WETICE-2009), 201-6. IEEE Computer Society Press, (2009).
Google Scholar
Mell, P., and T. Grance. The NIST Definition of Cloud Computing. 2009.
Google Scholar
Microsoft Co., “Azure Services Platform,” http://www.microsoft.com/azure/default.mspx.
Qumranet, “KVM,” http://www.linux-kvm.org/page/Main Page.
Reservoir Consortium. Reservoir Project (2009), http://www03.ibm.com/press/us/en/pressrelease/23448.wss.
Sun Inc., “VirtualBox,” http://www.virtualbox.org/.
Sun Microsystems, Network.com, http://www.network.com.
Thain, D., T. Tannenbaum, and M. Livny. “Distributed Computing in Practice: The Condor Experience.” Concurrency – Practice and Experience 17, (2005): 323–356.
Article Google Scholar
The Globus Security Team. Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective (2005), http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI-Overview.pdf.
The OASIS technical committee. Xacml: extensible access control markup language (2005), http://www.oasisopen.org/committees/xacml/repository/.
University of Chicago: Nimbus Project (2009) http://workspace.globus.org/clouds/nimbus.html.
VMWare Staff. Virtualization Overview, http://www.vmware.com/pdf/virtualization.pdf.
W3C Working Group. Web Services Architecture (2004), http://www.w3.org/TR/ws-arch/.
Welch, V., F. Siebenlist, I. Foster, J. Bresnahan, K. Czajkowski, J. Gawor, C. Kesselman, S. Meder, L. Pearlman, and S. Tuecke. “Security for Grid Services.” In Proc. of the 12th International Symposium on High Performance Distributed Computing (HPDC-12), 48. IEEE Computer Society Press, (2003).
Google Scholar
Welch, V., I. Foster, C. Kesselman, O. Mulmo, L. Pearlman, S. Tuecke, J. Gawor, and F. Siebenlist. “X.509 proxy certificates for dynamic delegation.” In Proc. of the 3rd Annual PKI R&D Workshop, (2004).
Google Scholar

Download references

Author information

Authors and Affiliations

Dipartimento di Informatica e Sistemistica, Università degli studi di Napoli Federico II, Napoli, Italy
Valentina Casola
Dipartimento di Ingegneria dell’Informazione, Seconda Università di Napoli, Naples, Italy
Raffaele Lettiero & Massimiliano Rak
Dipartimento di Ingegneria, Università del Sannio, Benevento, Italy
Umberto Villano

Authors

Valentina Casola
View author publications
You can also search for this author in PubMed Google Scholar
Raffaele Lettiero
View author publications
You can also search for this author in PubMed Google Scholar
Massimiliano Rak
View author publications
You can also search for this author in PubMed Google Scholar
Umberto Villano
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Valentina Casola .

Editor information

Editors and Affiliations

Law, Science, Technology & Society, (LSTS), Vrije Universiteit Brussels, Pleinlaan 2, Bruxelles, 1050, Belgium
Serge Gutwirth
Research Centre for Information, Technology & Law, University of Namur, Rempart de la Vierge 5, Namur, 5000, Belgium
Yves Poullet
Center for Law, Science, Technology, and Society Studies (LSTS), Vrije Universiteit Brussel, Pleinlaan 2, Brussels, 1050, Belgium
Paul De Hert
, TILT, Tilburg University, Warandelaan 2, Tilburg, 5037 AB, Netherlands
Ronald Leenes

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Casola, V., Lettiero, R., Rak, M., Villano, U. (2011). Access Control in Cloud-on-Grid Systems: The PerfCloud Case Study. In: Gutwirth, S., Poullet, Y., De Hert, P., Leenes, R. (eds) Computers, Privacy and Data Protection: an Element of Choice. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-0641-5_20

Download citation

DOI: https://doi.org/10.1007/978-94-007-0641-5_20
Published: 22 February 2011
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-0640-8
Online ISBN: 978-94-007-0641-5
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)

Publish with us

Policies and ethics