Skip to main content
SpringerLink
Log in

Improving the Security Performance in Computer Grids

Architecture and Results

  • Conference paper
Grid Enabled Remote Instrumentation

Part of the book series: Signals and Communication Technology ((SCT))

  • 612 Accesses

Abstract

Security in computational Grids is mainly based on Grid Security Infrastructure (GSI) for authentication and Virtual Organization Membership Service for authorization. Although these mechanisms provide the required level of security, they lack in performance due to their dependence on public key cryptography. In our proposed security architecture we use a Kerberos-based approach (symmetric cryptography) to establish common secrets between grid services (exposed as web services) and clients. The architecture does not nullify GSI and VOMS, but allows a full mapping of GSI-VOMS to Kerberos credentials. The security architecture was designed to meet the specific quality of service (QoS) for nearly real-time control of distributed instruments that belong to different organizations by minimizing the impact of security processing. It is based on GSI and VOMS certificates for the initial login, translates them into Kerberos credentials for authentication and provides message level security implementing the OASIS Kerberos Token Profile. The security performance of our implementation, as shown in our measurements, outperforms the one when X509 Token Profile is used.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. R. Alfieri et al., “VOMS, an authorization system for virtual organizations”, Presented at the 1st European Across Grids Conf., Santiago de Compostela, Spain, Feb. 14, 2003.

    Google Scholar 

  2. R. Alfieri, R Cecchini, V. Ciaschini, F. Spataro, L. Dell’Agnello, A. Frohner, K. Lorentey, “From gridmap-file to VOMS: managing authorization in a Grid environment”, Future Generation Computer Systems, Vol. 21, no. 4, pp. 549–558. Apr. 2005.

    Article  Google Scholar 

  3. Apache AXIS – http://ws.apache.org/axis/

  4. Apache WSS4J – http://www.ws.apache.org/wss4j.

    Google Scholar 

  5. C. Coarfa, P. Druschel and D.S. Wallach, “Performance analysis of TLS web servers”, 9th Network and Systems Security Symposium, pp. 553–558, 2002.

    Google Scholar 

  6. I. Foster, C. Kesselman, S. Tuecke: “The anatomy of the grid: enabling scalable virtual organizations”, International Journal of Supercomputer Applications, Vol. 15, no. 3, pp. 200–222, 2001.

    Article  Google Scholar 

  7. GRIDCC Project web site – www.gridcc.org

    Google Scholar 

  8. Heimdal Kerberos Server – http://www.pdc.kth.se/heimdal/.

  9. IETF RFC 1510 – The Kerberos Network Authentication Service (V5).

    Google Scholar 

  10. IETF RFC 1508 – Generic Security Service Application Program Interface.

    Google Scholar 

  11. IETF RFC 2459 – Internet X.509 Public Key Infrastructure Certificate and CRL Profile.

    Google Scholar 

  12. IETF RFC 3820 – Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile.

    Google Scholar 

  13. IETF RFC 4556 – Public Key Cryptography for Initial Authentication in Kerberos (PKINIT).

    Google Scholar 

  14. A. Moralis, A. Lenis, M. Grammatikou, S. Papavassiliou, V. Maglaris, “A distributed Kerberized access architecture for real time grids”, 4th International Workshop on Security in Information Systems WOSIS, 2006.

    Google Scholar 

  15. R. Needham, M. Schroeder, “Using encryption for authentication in large networks of computers”, Communications of the ACM, Vol. 21, no. 12, pp. 993–999, Dec. 1978.

    Google Scholar 

  16. Oasis WS Security Standards – http://www.oasis-open.org/specs/index.php#wssv1.1

  17. Open Grid Forum – http://nfdump.sourceforge.net/.

  18. L. Pearlman, V. Welch, I. Foster, K. Kesselman, S. Tuecke, “A community authorization service for group collaboration”, IEEE Workshop on Policies for Distributed Systems and Networks, 2002.

    Google Scholar 

  19. The European Policy Management Authority for Grid Authentication in e-Science – http://www.eugridpma.org/

  20. W3C Web Services Activity – http://www.w3.org/2002/ws/

    Google Scholar 

  21. WS Security Kerberos Token Profile – http://www.oasis-open.org/committees/download. php/16788/wss-v1.1-spec-os-KerberosTokenProfile.pdf

    Google Scholar 

  22. WS-Security X509 Token Profile – http://www.oasis-open.org/committees/download. php/16785/wss-v1.1-spec-os-x509TokenProfile.pdf

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Technical University of Athens, Athens, Greece

    A. Moralis, V. Pouli, M. Grammatikou, S. Papavassiliou & V. Maglaris

Authors
  1. A. Moralis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. V. Pouli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. Grammatikou
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. S. Papavassiliou
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. V. Maglaris
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. CNIT, University of Genoa Research Unit, DIST-University of Genoa, Via Opera Pia 13, 16145 Genova, Italy

    Franco Davoli  & Sandro Zappatore  & 

  2. Poznań Supercomputing and Networking Center (PSNC), Institute of Bioorganic Chemistry Polish Academy of Sciences, ul. Noskowskiego 12/14, 61-704 Poznań, Poland

    Norbert Meyer

  3. Information Technology Department, Sincrotrone Trieste S.C.p.A, S.S. 14, km 163.5 Area Science Park, 34012 Basovizza (Trieste), Italy

    Roberto Pugliese

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer Science+Business Media, LLC

About this paper

Cite this paper

Moralis, A., Pouli, V., Grammatikou, M., Papavassiliou, S., Maglaris, V. (2009). Improving the Security Performance in Computer Grids. In: Davoli, F., Meyer, N., Pugliese, R., Zappatore, S. (eds) Grid Enabled Remote Instrumentation. Signals and Communication Technology. Springer, New York, NY. https://doi.org/10.1007/978-0-387-09663-6_24

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-09663-6_24

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-0-387-09662-9

  • Online ISBN: 978-0-387-09663-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation