A flexible security system for metacomputing environments
A metacomputing environment is a collection of geographically distributed resources (people, computers, devices, databases) connected by one or more high-speed networks, and potentially spanning multiple administrative domains. Security is an essential part of metasystem design—high-level resources and services defined by the metacomputer must be protected from one another and from corrupted underlying resources, and underlying resources must minimize their vulnerability to attacks from the metacomputer level. We present the Legion security architecture, a flexible, adaptable framework for solving the metacomputing security problem. We demonstrate that this framework is sufficiently flexible to implement a wide range of security mechanisms and high-level policies.
KeywordsAccess Control Security Policy Access Control Policy File Object Security Architecture
Unable to display preview. Download preview PDF.
- 1.E. Belani, A. Vahdat, T. Anderson, and M. Dahlin. CRISIS: A wide area security architecture. In Seventh USENIX Security Symposium, Jan. 1998.Google Scholar
- 2.A. Ferrari, F. Knabe, M. Humphrey, S. Chapin, and A. Grimshaw. A flexible security system for metacomputing environments Technical Report CS-98-36, Department of Computer Science, University of Virginia, Charlottesville, Virginia, Dec. 1998.Google Scholar
- 3.I. Foster, C. Kesselman, G. Tsudik, and S. Tuecke. A security architecture for computational grids. In Fifth ACM Conference on Computers and Communications Security, Nov. 1998.Google Scholar
- 4.L. Gong, M. Mueller, H. Prafullchandra, and R. Schemers. Going beyond the sandbox: An overview of the new security architecture in the Java development kit 1.2. In USENIX Symposium on Internet Technologies and Systems, pagas 103–112, Dec. 1997.Google Scholar
- 5.A. S. Grimshaw and W. A. Wulf. Legion: A view from 50,000 feet. In Fifth IEEE Symposium on High Performance Distributed Computing, Aug. 1996.Google Scholar
- 7.M. Lewis and A. Grimshaw. The core Legion object model. In Fifth IEEE Symposium on High Performance Distributed Computing, Aug. 1996.Google Scholar
- 8.Object Management Group. CORBAservices: Common object services specification, security service specification. Version 97-12-12, 1998.Google Scholar
- 9.C. Viles, M. Lewis, A. Ferrari, A. Nguyen-Tuong, and A. Grimshaw. Enabling flexibility in the legion run-time library. In International Conference on Parallel and Distributed Processing Techniques and Applications, pages 265–274, June 1997.Google Scholar
- 10.W. A. Wulf, C. Wang, and D. Kienzle. A new model of security for distributed systems. Technical Report CS-95-34, Department of Computer Science, University of Virginia, Charlottesville, Virginia, Aug. 1995.Google Scholar