Dynamic security perimeters for inter-enterprise service integration
Introduction
Application Service Provision (ASP) is a business model, originally derived from the idea of using the Internet or other wide area networks to provide online application services on a rental basis — commercially delivering computing as a service. The ASP model takes advantage of several technological breakthroughs that have made it feasible to sell computing as a service rather than a product. The traditional ASP model can be understood as an evolution of outsourcing — clients enjoy the benefit of offloading complex and expensive IT infrastructure to the ASPs while maintaining control and visibility of the business processes. However, performance, security, reliability and maintenance are still bound by the constraints of solutions originally designed for specialised in-house implementations.
More recently, a new form of ASP has emerged (called IBSP — Internet Business Service Provider in [1]), based on a Business Model that better exploits the wide adoption of the Internet and the Web. The IBSP model focuses on ASPs providing applications that are Internet-enabled by design and network-centric (e.g. being themselves a bundle of loosely coupled Internet-enabled services). IBSPs and Independent Software Vendors (ISV) [2] target economies of scale, in addition to economies of skill. They run their services in a multi-tenancy model, supporting thousands of customers on a single code basis; they reduce hardware and administration costs by partitioning and distributing resources, while reducing client-side development and maintenance investment by using standard Web technology at the client side interface as well.
In parallel to IBSP, utility computing has emerged as a paradigm where shared infrastructure can be provided on demand to multiple customers [12]. The business model lets companies pay for IT services as needed, charge customers per-use or by metered use, following an analogy to the “electric company” paradigm: “when usage spikes, so does the bill”. Supporting this charging model requires dynamic allocation of resources and integration of services.
Leveraging the convergence of Grid and Web services technologies, we anticipate the emergence of new business and scientific computing paradigms that are based on dynamic Virtual Organisations (VOs). These VOs span across organisational boundaries and enable the enactment of collaborative processes that integrate services, resources and knowledge in order to perform tasks that the VO partners could not undertake on their own. Such a dynamic and complex structure opens up several challenging problems related to the VO security. (See [8] for an indicative overview of these challenges.):
- -
collaborating services and resources may be based in different security domains;
- -
on-demand collaboration implies trust has to be established in real time on a P2P basis;
- -
collaborators need protection from other VO members, as well as from outsiders;
- -
the same service or resource may participate in different VOs, and hence different (potentially conflicting) security policies may apply;
- -
security conditions for a service or resource may differ throughout the life of the VO;
- -
no centralised administrative point implies a devolved policy management scheme combined with distributed enforcement at a peer level.
A suitable architecture must provide a security and trust management infrastructure that meets these requirements. We will introduce the basic elements of such an architecture, the underlying model of which has been analysed in [4], [5], [11], and gradually explain how it aims to address the above requirements by means of dynamic security perimeters.
According to [17], a security perimeter is defined as “the boundary of the domain (introduced by space or logical architecture of the system) in which security policy or security architecture applies”. Correspondingly (and in a context more applicable to the IBSP and ISV business models), dynamic security perimeters contain communities of agents, services and resources that collaborate in order to enact a business process, and may span across several organisational (security) domains. Each perimeter contains only those network entities that are involved in the enactment of a specific task at a time. Its lifetime is bound between the initiation and completion of that activity, and its membership may expand or shrink dynamically as the new services and resources are pulled-in and others (which are already in) are released after fulfilling their tasks, or are expelled for misbehaving. In the context of each perimeter, a network entity is allowed to perform actions and communicate in accordance with the roles that it may assume, as agreed by the contributing Organisations.
The results reported in this paper have been produced in the context of the European projects GRASP (www.eu-grasp.net) and TrustCoM (www.eu-trustcom.com), and are a part of a novel VO security solution that is currently in an advanced stage of prototype development.
The remainder of the paper is structured as follows: in Section 2, we summarise a business motivation and give an overview of a VO ecosystem used for prototyping the security solution presented in this paper. In Section 3, we describe the security models underpinning this security solution, and examine its architecture from various viewpoints: the underlying logical model, the underlying interaction and communication models, the life-cycle model of a “dynamic security perimeter” during the enactment of a collaborative activity, and the enforcement of both message-level security and access control decisions. In Section 4, we describe our experiences with a first prototype implementation that has been developed in the context of the EU project GRASP, and provide a more elaborate description of how the security protocol and enforcement mechanisms described in previous sections of the paper have been realised over a.NET based Web/Grid services platform. In Section 5, we review related work and we compare our work with the current “state-of-the-art” of Grid and VO security solutions. In Section 6, we conclude by summarising the main results and plans for future development.
Section snippets
Overview of a VO ecosystem for on-demand service composition
Before presenting the dynamic security perimeter solution, we provide a brief overview of the environment within which it is realised, focusing only on the services of interest for the purposes of this presentation. For a more comprehensive description of such an environment, including services for service location, orchestration, contract performance monitoring, and accounting, the reader is referred to papers [7], [8], [10].
The common objectives of the projects from which the security
The dynamic security perimeter architecture
Traditional Grid environments emerged in the scientific domain where simple, centralised user identity driven security models have been sufficient. As an example, the stakeholders in an analysis process of high-energy physics data sets have built a VO in order to ease their collaboration. Although the number of users may be large, the number of organisations that contribute to the VO is typically small. They have worked together in the past, and they are all committed to a common goal (e.g. the
Implementation of the security infrastructure
The prototyping the security infrastructure described in this paper has so far taken place in the context of the European project GRASP (www.eu-grasp.net), as a part of developing a platform for Grid enabled Application Service Provision. In the rest of this section, we provide an overview of the technology choices underpinning this prototype — which we refer to as GRASP Security Infrastructure (GRASP-SI). We also summarise results from the ongoing assessment of this prototype and lessons
Related work
In this section, we summarise related work and compare some of the more advanced approaches to Grid and VO security with the approach we described in this paper.
The Grid Security Infrastructure (GSI) is used by the Globus Toolkit for enabling secure authentication and communication over an open network. GSI provides a number of useful services for Grids, including mutual authentication and single sign-on. The primary motivations behind the GSI are:
- -
The need for secure communication
Conclusion
In this paper we have presented a novel solution enabling the dynamic formation and self-management of security perimeters protecting communities of users, services and resources. The interaction model of the proposed architecture integrates a layered peer-to-peer model (between the managers administering network entities and between the administered entities), with a centralised community management model (between community members and their local security managers) and a master/slave model
Acknowledgements
The authors wish to thank all partners of the GRASP and TrustCoM consortia for their useful comments towards improving this paper. We are particularly thankful to Giuseppe Laria, Bassem Serhan and Francesco Verdino for their contribution in coordinating the development of the GRASP platform and in reviewing the contents of this paper. Also, we thank the anonymous reviewers for their comments and suggestions for improving the paper.
Ivan Djordjevic, Ph.D., CISSP is at the SOA Security team of Security Research Centre, British Telecom, working on SOA/Web Services security design. He holds Ph.D. on Secure Collaborative Working from University of London (2004), and Dipl.Eng in Telecommunications from the Faculty of Electronic and Electrical Engineering, University of Belgrade (1999). Prior to joining BT, Ivan was an ERCIM Research Fellow at Rutherford Appleton Laboratory, CCLRC, working on the security and membership
References (35)
- Summit Strategies, Market Analysis Report, Traditional ISVs: Moving along the software-as-services curve....
- L. McCabe, Out of the box: Top nine net-native software-as-services design differentiators, Market Strategy Report,...
- et al.
Policy-driven access control over a distributed firewall architecture
- I. Djordjevic, T. Dimitrakos, C. Phillips, An architecture for dynamic security perimeters of virtual collaborative...
- et al.
Towards dynamic security perimeters for virtual collaborative networks
- T. Dimitrakos, I. Djordjevic, Z. Milosevic, A. Jøsang, C. Phillips, Contract performance assessment for secure and...
- et al.
An emerging architecture enabling Grid-based application service provision
- et al.
Trust, security and contract management challenges for Grid-based application service provision
- S. Tuecke, K. Czajkowski, I. Foster, J. Frey, S. Graham, C. Kesselman, Grid service specification, Open Grid Service...
- et al.
Towards a platform enabling Grid based application service provision
Cited by (0)
Ivan Djordjevic, Ph.D., CISSP is at the SOA Security team of Security Research Centre, British Telecom, working on SOA/Web Services security design. He holds Ph.D. on Secure Collaborative Working from University of London (2004), and Dipl.Eng in Telecommunications from the Faculty of Electronic and Electrical Engineering, University of Belgrade (1999). Prior to joining BT, Ivan was an ERCIM Research Fellow at Rutherford Appleton Laboratory, CCLRC, working on the security and membership management services for Virtual Organisations. He has authored over twenty five scientific publications in international conferences and journals, and has been involved in several EC IST collaborative projects (BEinGRID, TrustCoM, GRASP, CORAS, iTrust).
Dr Theo Dimitrakos is leading the SOA Security team of the Security Research Centre, BT. The work of his team focuses on the solutions for Grid and Web Services Security. Before joining BT, he was with CCLRC, leading R&D programme on Web Services and Grid Computing, and lecturing at the University of London on the same topic; prior to that he was with Logica UK, working on e-commerce messaging and EDI products. Theo is the scientific coordinator of the FP6 Integrated project TrustCoM, and has been involved in several other EC collaborative projects (TrustCoM, Akogrimo, ELeGI, GRASP, SWAD-EUROPE, CORAS, iTRUST, ELeGI). He has edited four books in the areas Trust & Security and Grid Computing and authored over forty scientific publications in international conferences and journals. He has a Ph.D. (1998) from Imperial College, London, on Foundations of Software Engineering.
Nadia Romano obtained the B.S. degree in Computer Science at Salerno University in 2002. Currently, she is a holder of a research contract at the Department of Computer Engineering and Applied Mathematics of the University of Salerno, working on “Distributed Architecture for E-Learning Platform”. She collaborates with CRMPA since 2002, during which period she has been involved in several EC IST collaborative projects (GRASP, ELeGI, Akogrimo). The main focus of her work relates to the security issues in Grid environments, as well as the service requirements for managing Virtual Organisations (VO) and Virtual Learning Community (VLC) according to the OGSA specification.
Damian Mac Randal has been contributing to the research at national and international level for over 20 years, working in the areas of intelligent user interfaces, computer aided design, business process support, ambient computing, web and grid services. Also, he has been working on the design and implementation of commercial systems for business process support and web-based e-learning systems. Damian has been scientific coordinator for several large multinational EU projects and overall coordinator of several national and international research consortia, and has contributed numerous publications in international conferences and journals. Most recently, he has been involved in Smarthomes, Grasp, Akogrimo and e-LeGE projects funded under IST.
Pierluigi Ritrovato obtained the B.S. degree in Computer Science at the University of Salerno in 1992. At present he is Researcher in Engineering & Computer Science at University of Salerno and Responsible for International Research Cooperation and Technology Innovations for the CRMPA. In the last five years, he has been focusing his scientific research on Grid technologies and their use for business taking into account aspects related to the operational management of Virtual Organisation, services orchestration and security. He is the Chair of the Service Orchestration, SLA usage and Workflow — Technical Group for the EU FP6 Grid projects. He is editor of the book Towards the Learning Grid: Advances in Human Learning Services.