Hierarchical and Declarative Security for Grid Applications
- 305 Downloads
Grid applications must be able to cope with large variations in deployment: from intra-domain to multiple domains, going over private, to virtually-private, to public networks. As a consequence, the security should not be tied up in the application code, but rather easily configurable in a flexible, and abstract manner. Moreover, any large scale Grid application using hundreds or thousands of nodes will have to cope with migration of computations, for the sake of load balancing, change in resource availability, or just node failures.
To cope with those issues, this article proposes a high-level and declarative security framework for object-oriented Grid applications. In a rather abstract manner, it allows to define a hierarchical policy based on various entities (domain, host, JVM, activity, communication, ...) in a way that is compatible with a given deployment. The framework also accounts for open and collaborative applications, multiple principles with dynamic negotiation of security attributes and mobility of computations. This application-level security relies on a Public Key infrastructure (PKI).
KeywordsSecurity Policy Security Attribute Active Object Security Model Virtual Node
Unable to display preview. Download preview PDF.
- 2.Baude, F., Caromel, D., Mestre, L., Huet, F., Vayssière, J.: Interactive and descriptor-based deployment of object-oriented grid applications. In: Proceedings of the 11th IEEE International Symposium on High Performance Distributed Computing, Edinburgh, Scotland, pp. 93–102. IEEE Computer Society, Los Alamitos (2002)CrossRefGoogle Scholar
- 3.Grimshaw, A., Wulf, W., et al.: The Legion Vision of aWorld-wide Virtual Computer. Communications of the ACM 40 (1997)Google Scholar
- 5.Foster, I.T., Kesselman, C., Tsudik, G., Tuecke, S.: A Security Architecture for Computational Grids. In: ACM Conference on Computer and Communications Security, pp. 83–92 (1998)Google Scholar
- 6.Wesley, A. (ed.):.NET Framework Security. Addison Wesley Professional, Reading (2002)Google Scholar
- 7.Puliafito, A., Tomarchio, O.: Security Mechanisms for the MAP Agent System. In: 8th Euromicro Workshop on Parallel and Distributed Processing, PDP 2000 (2000)Google Scholar
- 10.Baumann, J., Hohl, F., Rothermel, K.: Mole - Concepts of a Mobile Agent System. Technical Report TR-1997-15, University of Stuttgart, Institute of Parallel and Distributed High-Performance Systems, Distributed Systems (1997)Google Scholar
- 11.Sun Microsystems: Remote methode invocation (2000), http://java.sun.com/products/jdk/rmi