GRID Security Review
A Computational GRID is a collection of heterogeneous computing resources spread across multiple administrative domains, serving the task of providing users with an easy access to these resources. Taking into account the advances in the area of high-speed networking, but also the increased computational power of current micro-processors, Computational GRIDs or meta-systems have gradually become more popular. However, together with the advantages that they exhibit they are also contributing to several problems associated with the design and implementation of a secure environment. The conventional approach to security, that of enforcing a single, system-wide policy, cannot be applied to large-scale distributed systems. This paper analyzes the security requirements of GRID Computing and reviews a number of security architectures that have been proposed. Furthermore, these architectures are evaluated in terms of addressing the major GRID security requirements that have been identified.
KeywordsSecurity Requirement Certification Authority Grid Service Security Architecture Method Invocation
Unable to display preview. Download preview PDF.
- 1.Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the GRID. Enabling Scalable Virtual Organizations. International J. Supercomputer Applications 15(3) (2001)Google Scholar
- 2.Foster, I., Kesselman, C.: The GRID: Blueprint for a Future Computing Infrastructure. Morgan Kaufman, San Francisco (1999)Google Scholar
- 3.Johnston, W.E., Jackson, K.R., Talwar, S.: Overview of security considerations for computational and data GRIDs. In: Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing (2001)Google Scholar
- 4.Nagaratnam, N., Janson, P., Dayka, J., Nadalin, A., Siebenlist, F., Welch, V., Foster, I., Tuecke, S.: The Security Architecture for Open GRID Services. Technical Paper, Open GRID Service Architecture Security Working Group (OGSA-SEC-WG) (July 2002)Google Scholar
- 5.Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A Security Architecture for Computational GRID. In: The Proceedings of the 5th ACM Conference on Computer and Communications Security Conference, pp. 83–92 (1998)Google Scholar
- 7.Ferrari, A., Knabe, F., Humphrey, M., Chapin, S., Grimshaw, A.: A Flexible Security System for Metacomputing Environments. Technical Report CS-98-36, Department of Computer Science, University of Virginia (December 1998)Google Scholar
- 8.Butler, R., Engert, D., Foster, I., Kesselman, C., Tuecke, S., Volmer, J., Welch, V.: A National- Scale Authentication Infrastructure. IEEE Computer 33(12), 60–66 (2000)Google Scholar
- 9.Tuecke, S.: GRID Security Infrastructure Roadmap. In: Internet Draft (February 2001)Google Scholar
- 10.van Steen, M., Homburg, P., Tanenbaum, A.S.: Globe: A Wide-Area Distributed System, pp. 70–78. IEEE Concurrency, Los Alamitos (1999)Google Scholar
- 11.Popescu, B.C., van Steen, M., Tanenbaum, A.S.: A Security Architecture for Object-Based Distributed Systems. In: The Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, NV ( December 2002)Google Scholar
- 12.Vahdat, A., Anderson, T., Dahlin, M., Culler, D., Belani, E., Eastham, P., Yoshikawa, C.: WebOS: Operating System Services For Wide Area Applications. In: The Seventh IEEE Symposium on High Performance Distributed Computing (July 1998)Google Scholar
- 13.Belani, E., Vahdat, A., Anderson, T., Dahlin, M.: The CRISIS Wide Area Security Architecture. In: The Proceedings of the 1998 USENIX Security Symposium (January 1998)Google Scholar