Hierarchical and Declarative Security for Grid Applications

  • Isabelle Attali
  • Denis Caromel
  • Arnaud Contes
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2913)


Grid applications must be able to cope with large variations in deployment: from intra-domain to multiple domains, going over private, to virtually-private, to public networks. As a consequence, the security should not be tied up in the application code, but rather easily configurable in a flexible, and abstract manner. Moreover, any large scale Grid application using hundreds or thousands of nodes will have to cope with migration of computations, for the sake of load balancing, change in resource availability, or just node failures.

To cope with those issues, this article proposes a high-level and declarative security framework for object-oriented Grid applications. In a rather abstract manner, it allows to define a hierarchical policy based on various entities (domain, host, JVM, activity, communication, ...) in a way that is compatible with a given deployment. The framework also accounts for open and collaborative applications, multiple principles with dynamic negotiation of security attributes and mobility of computations. This application-level security relies on a Public Key infrastructure (PKI).


Security Policy Security Attribute Active Object Security Model Virtual Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Caromel, D., Klauser, W., Vayssière, J.: Towards Seamless Computing and Metacomputing in Java. Concurrency Practice and Experience 10, 1043–1061 (1998)CrossRefGoogle Scholar
  2. 2.
    Baude, F., Caromel, D., Mestre, L., Huet, F., Vayssière, J.: Interactive and descriptor-based deployment of object-oriented grid applications. In: Proceedings of the 11th IEEE International Symposium on High Performance Distributed Computing, Edinburgh, Scotland, pp. 93–102. IEEE Computer Society, Los Alamitos (2002)CrossRefGoogle Scholar
  3. 3.
    Grimshaw, A., Wulf, W., et al.: The Legion Vision of aWorld-wide Virtual Computer. Communications of the ACM 40 (1997)Google Scholar
  4. 4.
    Foster, I., Kesselman, C.: The Globus project: a status report. Future Generation Computer Systems 15, 607–621 (1999)CrossRefGoogle Scholar
  5. 5.
    Foster, I.T., Kesselman, C., Tsudik, G., Tuecke, S.: A Security Architecture for Computational Grids. In: ACM Conference on Computer and Communications Security, pp. 83–92 (1998)Google Scholar
  6. 6.
    Wesley, A. (ed.):.NET Framework Security. Addison Wesley Professional, Reading (2002)Google Scholar
  7. 7.
    Puliafito, A., Tomarchio, O.: Security Mechanisms for the MAP Agent System. In: 8th Euromicro Workshop on Parallel and Distributed Processing, PDP 2000 (2000)Google Scholar
  8. 8.
    Karnik, N.M., Tripathi, A.R.: Security in the Ajanta Mobile Agent System. Software, Practice and Experience 31, 301–329 (2001)zbMATHCrossRefGoogle Scholar
  9. 9.
    Karjoth, G., Lange, D., Oshima, M.: A Security Model for Aglets. IEEE Internet Computing 1, 68–77 (1997)CrossRefGoogle Scholar
  10. 10.
    Baumann, J., Hohl, F., Rothermel, K.: Mole - Concepts of a Mobile Agent System. Technical Report TR-1997-15, University of Stuttgart, Institute of Parallel and Distributed High-Performance Systems, Distributed Systems (1997)Google Scholar
  11. 11.
    Sun Microsystems: Remote methode invocation (2000),

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Isabelle Attali
    • 1
  • Denis Caromel
    • 1
  • Arnaud Contes
    • 1
  1. 1.INRIA Sophia Antipolis, CNRS - I3SUniv. Nice Sophia AntipolisSophia Antipolis CedexFrance

Personalised recommendations