Skip to main content
Springer Nature Link
Log in

Access Control in Cloud-on-Grid Systems: The PerfCloud Case Study

  • Chapter
  • First Online:
Computers, Privacy and Data Protection: an Element of Choice

  • 2092 Accesses

Abstract

Cloud computing is an emerging paradigm for the management of large distributed computing resources. Currently there is great interest in the integration of cloud and grid computing technologies. PerfCloud is a cloud implementation based on a cloud-on-grid approach, in that it exploits an underlying grid platform. PerfCloud provides a set of services for the creation of Virtual Clusters (VCs) and the execution and performance evaluation of user applications on the VC environment. This paper, after a discussion on security issues in clouds, focuses on the implications linked to the use of a cloud-on-grid approach. As a case study, the implementation of fine-grain access control mechanisms in PerfCloud is presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Mell, P., and T. Grance. The NIST Definition of Cloud Computing. 2009.

  2. 2.

    W3C Working Group. Web Services Architecture (2004), http://www.w3.org/TR/ws-arch/.

  3. 3.

    Barham, P., et al., “Xen and the Art of Virtualization.” SIGOPS Operating Systems Review 37, (2003): 164–177.

  4. 4.

    VMWare Staff, Virtualization overview. (White Paper) http://www.vmware.com/pdf/virtualization.pdf.

  5. 5.

    Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing. (2009).

  6. 6.

    Jha, S., A. Merzky, and G. Fox. “Using Clouds to Provide Grids Higher-Levels of Abstraction and Explicit Support for Usage Modes.” Concurrency and Computation: Practice & Experience 21, 8 (2009): 1087–1108.

  7. 7.

    Foster, I., et al., “Virtual Clusters for Grid Communities.” In: CCGRID 2006, 513–520. IEEE Computer Society Press, 2006.

  8. 8.

    Keahey, K., et al., “Virtual Workspaces: Achieving Quality of Service and Quality of Life in the Grid.” Scientific Programming 13 (2005): 265–275.

  9. 9.

    Cherkasova, L., et al., “Optimizing Grid Site Manager Performance with Virtual Machines.” in Proc. of the 3rd USENIX Workshop on Real Large Distributed Systems (WORLDS06), (2006).

  10. 10.

    Mancini, E.P., et al., “PerfCloud: Grid Services for Performance-Oriented Development of Cloud Computing Applications.” in Proc. of Emerging Technologies for Next generation GRID (ETNGRID-2009/WETICE-2009) (2009).

  11. 11.

    Casola, V., et al., “PerfCloud: Performance-Oriented Integration of Cloud and Grid.” in Proc. of CloudComp 2009, Munich (DE) (2010).

  12. 12.

    The Globus Security Team. Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective, http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI-Overview.pdf (2005).

  13. 13.

    Thain, D., et al., “Distributed Computing in Practice: The Condor Experience.” Concurrency – Practice and Experience 17, (2005): 323–356.

  14. 14.

    Henderson, R. “Job Scheduling Under the Portable Batch System.” in Job Scheduling Strategies for Parallel Processing, Lecture Notes in Computer Science 949. Springer, (1995): 279–294.

  15. 15.

    Welch, V., et al., “X.509 proxy certificates for dynamic delegation.” in Proc. of the 3rd Annual PKI R&D Workshop, (2004).

  16. 16.

    Welch, V., et al., “Security for Grid Services.” in Proc. of the 12th International Symposium on High Performance Distributed Computing (HPDC-12), (2003).

  17. 17.

    Ferraiolo, D.F., and D. Richard Kuhn. “Role-based access control.” in Proc. of the 15th National Computer Security Conference, (1992).

  18. 18.

    Lang, B., et al., “A Multipolicy Authorization Framework for Grid Security.” in Proc. of the Fifth IEEE Symposium on Network Computing and Application. IEEE Computer Society Press, (2006).

  19. 19.

    Keahey, K., and V. Welch. “Fine-Grain Authorization for Resource Management in the Grid Environment.” in Proc. of the Grid2002 Workshop, Lecture Notes In Computer Science 2536. Springer, (2002).

  20. 20.

    The OASIS technical committee. Xacml: extensible access control markup language (2005), http://www.oasisopen.org/committees/xacml/repository/.

  21. 21.

    Chadwick, D.W., et al., “Permis: A Modular Authorization Infrastructure.” Concurrency and Computation: Practice and Experience 20, (2008).

  22. 22.

    Barton, T., et al., “Identity Federation and Attribute-Based Authorization Through the Globus Toolkit, Shibboleth, Gridshib, and Myproxy.” in Proc. of 5th Annual PKI R&D Workshop, (2006).

  23. 23.

    Amazon Inc., “Elastic Compute Cloud,” (2008), http://aws.amazon.com/ec2.

  24. 24.

    IBM Inc., “Blue Cloud Project,” (2008), http://www03.ibm.com/press/us/en/pressrelease/22613.wss.

  25. 25.

    Sun Microsystems, “Network.com,” http://www.network.com.

  26. 26.

    Microsoft Co., “Azure Services Platform,” http://www.microsoft.com/azure/default.mspx.

  27. 27.

    Google Inc., “Google Application Engine,” http://code.google.com/intl/it-IT/appengine.

  28. 28.

    Dell Co., “Dell Cloud Computing Solutions,” http://www.dell.com/cloudcomputing.

  29. 29.

    Reservoir Consortium: Reservoir Project, http://www03.ibm.com/press/us/en/pressrelease/23448.wss, (2009).

  30. 30.

    Distributed Systems Architecture Research Group, Opennebula project. Technical report, Universidad Complutense de Madrid. http://www.opennebula.org, (2009).

  31. 31.

    Barham, P., et al., “Xen and the Art of Virtualization.” SIGOPS Operating Systems Review 37, 5 (2003): 164–177.

  32. 32.

    Sun Inc., “VirtualBox,” http://www.virtualbox.org/.

  33. 33.

    Qumranet, “KVM,” http://www.linux-kvm.org/page/Main Page.

  34. 34.

    Foster, I., et al., “Cloud Computing and Grid Computing 360-Degree Compared.” in Proc. of 2008 Grid Computing Environments Workshop. IEEE, (2008): 1–10.

  35. 35.

    University of Chicago, “Nimbus Project,” http://workspace.globus.org/clouds/nimbus.html, (2009).

References

  • Amazon Inc., “Elastic Compute Cloud,” (2008), http://aws.amazon.com/ec2.

  • Barham, P., B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt and A. Warfield. “Xen and the Art of Virtualization.” SIGOPS Operating Systems Review 37, 5 (2003): 164–177.

    Google Scholar 

  • Barton, T., J. Basney, T. Freeman, T. Scavo, F. Siebenlist, V. Welch, R. Ananthakrishnan, B. Baker, M. Goode, and K. Keahey. “Identity Federation and Attribute-Based Authorization Through the Globus Toolkit, Shibboleth, Gridshib, and Myproxy.” In Proc. of 5th Annual PKI R&D Workshop, (2006).

    Google Scholar 

  • Casola, V., M. Rak, and U. Villano. “PerfCloud: Performance-Oriented Integration of Cloud and Grid.” In Proc. of CloudComp 2009, Munich (DE), Springer, (2010).

    Google Scholar 

  • Chadwick, D.W., G. Zhao, S. Otenko, R. Laborde, L. Su, and T.A. Nguyen. “Permis: A Modular Authorization Infrastructure.” Concurrency and Computation: Practice and Experience 20, (2008): 1341–1357.

    Article  Google Scholar 

  • Cherkasova, L., D. Gupta, and A. Vahdat. “Optimizing Grid Site Manager Performance with Virtual Machines.” In Proc. of the 3rd USENIX Workshop on Real Large Distributed Systems (WORLDS06), (2006).

    Google Scholar 

  • Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing. 2009.

    Google Scholar 

  • Dell Co., “Dell Cloud Computing Solutions,” http://www.dell.com/cloudcomputing.

  • Distributed Systems Architecture Research Group. Opennebula Project. Technical report, Universidad Complutense de Madrid (2009). http://www.opennebula.org.

  • Ferraiolo, D.F., and D. Richard Kuhn. “Role-based access control.” In Proc. of the 15th National Computer Security Conference, (1992): 554–563.

    Google Scholar 

  • Foster, I., T. Freeman, K. Keahey, D. Scheftner, B. Sotomayor, and X. Zhang. “Virtual Clusters for Grid Communities.” In CCGRID 2006, 513–520. IEEE Computer Society Press, 2006.

    Google Scholar 

  • Foster, I., Y. Zhao, I. Raicu, S. Lu. “Cloud Computing and Grid Computing 360-Degree Compared.” In Proc. of 2008 Grid Computing Environments Workshop. IEEE, (2008): 1–10.

    Google Scholar 

  • Google Inc., “Google Application Engine,” http://code.google.com/intl/it-IT/appengine.

  • Henderson, R. “Job Scheduling Under the Portable Batch System.” In Job Scheduling Strategies for Parallel Processing, Lecture Notes in Computer Science 949. Springer, (1995): 279–294.

    Google Scholar 

  • IBM Inc., “Blue Cloud Project,” (2008), http://www03.ibm.com/press/us/en/pressrelease/22613.wss.

  • Jha, S., A. Merzky, and G. Fox. “Using Clouds to Provide Grids Higher-Levels of Abstraction and Explicit Support for Usage Modes.” Concurrency and Computation: Practice & Experience 21, 8 (2009): 1087–1108.

    Article  Google Scholar 

  • Keahey, K., and V. Welch. “Fine-Grain Authorization for Resource Management in the Grid Environment.” In Proc. of the Grid2002 Workshop, Lecture Notes In Computer Science 2536. Springer, (2002): 199–206.

    Google Scholar 

  • Keahey, K., I. Foster, T. Freeman, and X. Zhang. “Virtual Workspaces: Achieving Quality of Service and Quality of Life in the Grid.” Scientific Programming 13 (2005): 265–27.

    Google Scholar 

  • Lang, B., I. Foster, F. Siebenlist, R. Ananthakrishnan, and T. Freeman. “A Multipolicy Authorization Framework for Grid Security.” In Proc. of the Fifth IEEE Symposium on Network Computing and Application. IEEE Computer Society Press, (2006): 269–272.

    Google Scholar 

  • Mancini, E.P., M. Rak, and U. Villano. “PerfCloud: Grid Services for Performance-Oriented Development of Cloud Computing Applications.” In Proc. of Emerging Technologies for Next generation GRID (ETNGRID-2009/WETICE-2009), 201-6. IEEE Computer Society Press, (2009).

    Google Scholar 

  • Mell, P., and T. Grance. The NIST Definition of Cloud Computing. 2009.

    Google Scholar 

  • Microsoft Co., “Azure Services Platform,” http://www.microsoft.com/azure/default.mspx.

  • Qumranet, “KVM,” http://www.linux-kvm.org/page/Main Page.

  • Reservoir Consortium. Reservoir Project (2009), http://www03.ibm.com/press/us/en/pressrelease/23448.wss.

  • Sun Inc., “VirtualBox,” http://www.virtualbox.org/.

  • Sun Microsystems, Network.com, http://www.network.com.

  • Thain, D., T. Tannenbaum, and M. Livny. “Distributed Computing in Practice: The Condor Experience.” Concurrency – Practice and Experience 17, (2005): 323–356.

    Article  Google Scholar 

  • The Globus Security Team. Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective (2005), http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI-Overview.pdf.

  • The OASIS technical committee. Xacml: extensible access control markup language (2005), http://www.oasisopen.org/committees/xacml/repository/.

  • University of Chicago: Nimbus Project (2009) http://workspace.globus.org/clouds/nimbus.html.

  • VMWare Staff. Virtualization Overview, http://www.vmware.com/pdf/virtualization.pdf.

  • W3C Working Group. Web Services Architecture (2004), http://www.w3.org/TR/ws-arch/.

  • Welch, V., F. Siebenlist, I. Foster, J. Bresnahan, K. Czajkowski, J. Gawor, C. Kesselman, S. Meder, L. Pearlman, and S. Tuecke. “Security for Grid Services.” In Proc. of the 12th International Symposium on High Performance Distributed Computing (HPDC-12), 48. IEEE Computer Society Press, (2003).

    Google Scholar 

  • Welch, V., I. Foster, C. Kesselman, O. Mulmo, L. Pearlman, S. Tuecke, J. Gawor, and F. Siebenlist. “X.509 proxy certificates for dynamic delegation.” In Proc. of the 3rd Annual PKI R&D Workshop, (2004).

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica e Sistemistica, Università degli studi di Napoli Federico II, Napoli, Italy

    Valentina Casola

  2. Dipartimento di Ingegneria dell’Informazione, Seconda Università di Napoli, Naples, Italy

    Raffaele Lettiero & Massimiliano Rak

  3. Dipartimento di Ingegneria, Università del Sannio, Benevento, Italy

    Umberto Villano

Authors
  1. Valentina Casola
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raffaele Lettiero
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Massimiliano Rak
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Umberto Villano
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Valentina Casola .

Editor information

Editors and Affiliations

  1. Law, Science, Technology & Society, (LSTS), Vrije Universiteit Brussels, Pleinlaan 2, Bruxelles, 1050, Belgium

    Serge Gutwirth

  2. Research Centre for Information, Technology & Law, University of Namur, Rempart de la Vierge 5, Namur, 5000, Belgium

    Yves Poullet

  3. Center for Law, Science, Technology, and Society Studies (LSTS), Vrije Universiteit Brussel, Pleinlaan 2, Brussels, 1050, Belgium

    Paul De Hert

  4. , TILT, Tilburg University, Warandelaan 2, Tilburg, 5037 AB, Netherlands

    Ronald Leenes

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer Science+Business Media B.V.

About this chapter

Cite this chapter

Casola, V., Lettiero, R., Rak, M., Villano, U. (2011). Access Control in Cloud-on-Grid Systems: The PerfCloud Case Study. In: Gutwirth, S., Poullet, Y., De Hert, P., Leenes, R. (eds) Computers, Privacy and Data Protection: an Element of Choice. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-0641-5_20

Download citation

Publish with us

Policies and ethics