ABSTRACT
Distributed computation systems have become an important tool for scientific simulation, and a similarly distributed replica management system may be employed to increase the locality and availability of storage services. While users of such systems may have low expectations regarding the security and reliability of the computation involved, they expect that committed data sets resulting from complete jobs will be protected against storage faults, accidents and intrusion. We offer a solution to the distributed storage security problem that has no global view on user names or authentication specifics. Access control is handled by a rendition protocol, which is similar to a rendezvous protocol but is driven by the capability of the client user to effect change in the data on the underlying storage. In this paper, we discuss the benefits and liabilities of such a system.
- The American Heritage Dictionary of the English Language, Fourth Edition Houghton Mifflin Company.Google Scholar
- WordNet 2.0 Princeton University.Google Scholar
- A.L. Chervenak, N. Palavalli, S. Bharathi, C. Kesselman, and R. Schwartzkopf. Performance and scalability of a replica location service. In Proceedings of the International Symposium on High Performance Distributed Computing 2004. Google ScholarDigital Library
- I. Foster and C. Kesselman. Globus: A metacomputing infrastructure toolkit. International Journal of Supercomputer Applications 11, 1997.Google Scholar
- I. Foster, C. Kesselman, G. Tsudik, and S. Tuecke. A security architecture for computational grids. ACM Conference on Computers and Security 1998. Google ScholarDigital Library
- Garth A. Gibson and Rodney Van Meter. Network attached storage architecture. Communications of the ACM November 2000. Google ScholarDigital Library
- The Globus Alliance. http://www.globus.org.Google Scholar
- J. Howard, M. Kazar, S. Menees, D. Nichols, M. Satyanarayanan, R. Sidebotham, and M. West. Scale and performance in a distributed file system. ACM Transactions on Computer Systems 6, 1988. Google ScholarDigital Library
- M. Litzkow, M. Livny, and M. Mutka. Condor -A hunter of idle workstations. In Proceedings of the 8th International Conference of Distributed Computing Systems 1988.Google ScholarCross Ref
- B. Clifford Neuman and Theodore Ts'o. Kerberos: An authentication service for computer networks. IEEE Communications 32, 1994.Google Scholar
- A. Rajasekar, M. Wan, R. Moore, G. Kremenek, and T. Guptill. Data grids, collections and grid bricks. In 20th IEEE/11th NASA Goddard Conference on Mass Storage Systems and Technologies 2003. Google ScholarDigital Library
- Tatyana Ryutov, Grig Gheorghiu, and Clifford Neuman. An authorization framework for metacomputing applications. In Proceedings of Cluster Computing 1999. Google ScholarDigital Library
- G. Singh, S. Bharati, A. Chervenak, E. Deelman, C. Kesselman, M. Manohar, S. Patil, and L. Pearlman. A metadata catalog service for data intensive applications. In Proceedings of Supercomputing 2003. Google ScholarDigital Library
- K. Tai, S. Murdock, B. Wu, M. Ng, S. Johnston, H. Fanghor, S.J. Cox, P. Jeffreys, J.W. Essex, and M.S.P. Sansom. BioSimGrid: towards a worldwide repository for biomolecular simulations. Org. Biomol. Chem. 2, 2004.Google Scholar
- D. Thain, S. Klous, J. Wozniak, P. Brenner, A. Striegel, and J. Izaguirre. Separating abstractions from resources in a tactical storage system. In Proceedings of Supercomputing 2005. Google ScholarDigital Library
- Brian S. White, Michael Walker, Marty Humphrey, and Andrew S. Grimshaw. LegionFS: A secure and scalable file system supporting cross-domain high-performance applications. In Proceedings of Supercomputing 2001. Google ScholarDigital Library
- J.M. Wozniak, P. Brenner, D. Thain, A. Striegel, and J.A. Izaguirre. Generosity and gluttony in GEMS: Grid-Enabled Molecular Simulation. In Proceedings of the International Symposium on High Performance Distributed Computing 2005. Google ScholarDigital Library
- J.M. Wozniak, P. Brenner, D. Thain, A. Striegel, and J.A. Izaguirre. Applying feedback control to a replica management system. In Proceedings of the 38th Southeastern Symposium on System Theory 2006. Google ScholarDigital Library
Index Terms
- Access control for a replica management database
Recommendations
Replica Management in Object-based Systems
ICOIN '01: Proceedings of the The 15th International Conference on Information NetworkingIn object-based systems, objects are encapsulations of data and procedures named methods and methods are invoked in a nested manner. We discuss how to lock replicated objects by using the quorum-based scheme. If a pair of methods op1 and op2 are ...
Dynamic mandatory access control for multiple stakeholders
SACMAT '09: Proceedings of the 14th ACM symposium on Access control models and technologiesIn this paper, we present a mandatory access control system that uses input from multiple stakeholders to compose policies based on runtime information. In the emerging open cell phone system environment, many devices run software whose access ...
Comments