Security for Grid Services

Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations." The dynamic and multi-institutional nature of these environments introduces challenging security issues that demand new technical approaches. In particular, one must deal with diverse local mechanisms, support dynamic creation of services, and enable dynamic creation of trust domains. We describe how these issues are addressed in two generations of the Globus Toolkit. First, we review the Globus Toolkit version 2 (GT2) approach; then, we describe new approaches developed to support the Globus Toolkit version 3 (GT3) implementation of the Open Grid Services Architecture, an initiative that is recasting Grid concepts within a service oriented framework based on Web services. GT3's security implementation uses Web services security mechanisms for credential exchange and other purposes, and introduces a tight least-privilege model that avoids the need for any privileged network service.Comment: 10 pages; 4 figure

Single sign-on and authorization for dynamic virtual organizations

The vision of the Grid is to support the dynamic establishment and subsequent management of virtual organizations (VO). To achieve this presents many challenges for the Grid community with perhaps the greatest one being security. Whilst Public Key Infrastructures (PKI) provide a form of single sign-on through recognition of trusted certification authorities, they have numerous limitations. The Internet2 Shibboleth architecture and protocols provide an enabling technology overcoming some of the issues with PKIs however Shibboleth too suffers from various limitations that make its application for dynamic VO establishment and management difficult. In this paper we explore the limitations of PKIs and Shibboleth and present an infrastructure that incorporates single sign-on with advanced authorization of federated security infrastructures and yet is seamless and targeted to the needs of end users. We explore this infrastructure through an educational case study at the National e-Science Centre (NeSC) at the University of Glasgow and Edinburgh

A Secure and Fair Resource Sharing Model for Community Clouds

Cloud computing has gained a lot of importance and has been one of the most discussed segment of today\u27s IT industry. As enterprises explore the idea of using clouds, concerns have emerged related to cloud security and standardization. This thesis explores whether the Community Cloud Deployment Model can provide solutions to some of the concerns associated with cloud computing. A secure framework based on trust negotiations for resource sharing within the community is developed as a means to provide standardization and security while building trust during resource sharing within the community. Additionally, a model for fair sharing of resources is developed which makes the resource availability and usage transparent to the community so that members can make informed decisions about their own resource requirements based on the resource usage and availability within the community. Furthermore, the fair-share model discusses methods that can be employed to address situations when the demand for a resource is higher than the resource availability in the resource pool. Various methods that include reduction in the requested amount of resource, early release of the resources and taxing members have been studied, Based on comparisons of these methods along with the advantages and disadvantages of each model outlined, a hybrid method that only taxes members for unused resources is developed. All these methods have been studied through simulations

Restoring Trust Relationships within Collaborative Digital Preservation Federations

4th International Conference on Open RepositoriesThis presentation was part of the session : Conference PresentationsDate: 2009-05-19 01:00 PM – 02:30 PMThe authors extend their process for creating and establishing trust relationships to include steps for restoring trust relationships after catastrophic events. Part of this model will include best practices for business continuity relationships and will integrate trust models from Holland and Lockett (1998) and Ring and Van de Ven (1994) and how they can be applied to a process for trust restoration after periods of disaster or critical data loss. These models provide key frameworks for understanding how trust can be utilized for collaborative start points as well as for collaborative recovery points from physical natural disaster or critical data loss

A Cost-Benefit Analysis of Face-to-Face and Virtual Communication: Overcoming the Challenges

Virtual communication has become the norm for many organizations (Baltes, Dickson, Sherman, Bauer, & LaGanke, 2002; Bergiel, Bergiel, & Balsmeier, 2008; Hertel, Geister, & Konradt, 2005). As technology has evolved, time and distance barriers have dissolved, allowing for access to experts worldwide. The reality of business today demands the use of virtual communication for at least some work, and many professionals will sit on a virtual team at some point (Dewar, 2006). Although virtual communication offers many advantages, it is not without challenges. This article examines the costs and benefits associated with virtual and face-to-face communication, and identifies strategies to overcome virtual communication\u27s challenges

Towards trusted volunteer grid environments

Intensive experiences show and confirm that grid environments can be considered as the most promising way to solve several kinds of problems relating either to cooperative work especially where involved collaborators are dispersed geographically or to some very greedy applications which require enough power of computing or/and storage. Such environments can be classified into two categories; first, dedicated grids where the federated computers are solely devoted to a specific work through its end. Second, Volunteer grids where federated computers are not completely devoted to a specific work but instead they can be randomly and intermittently used, at the same time, for any other purpose or they can be connected or disconnected at will by their owners without any prior notification. Each category of grids includes surely several advantages and disadvantages; nevertheless, we think that volunteer grids are very promising and more convenient especially to build a general multipurpose distributed scalable environment. Unfortunately, the big challenge of such environments is, however, security and trust. Indeed, owing to the fact that every federated computer in such an environment can randomly be used at the same time by several users or can be disconnected suddenly, several security problems will automatically arise. In this paper, we propose a novel solution based on identity federation, agent technology and the dynamic enforcement of access control policies that lead to the design and implementation of trusted volunteer grid environments.Comment: 9 Pages, IJCNC Journal 201

Values-Based Network Leadership in an Interconnected World

This paper describes values-based network leadership conceptually aligned to systems science, principles of networks, moral and ethical development, and connectivism. Values-based network leadership places importance on a leader\u27s repertoire of skills for stewarding a culture of purpose and calling among distributed teams in a globally interconnected world. Values-based network leadership is applicable for any leader needing to align interdependent effort by networks of teams operating across virtual and physical environments to achieve a collective purpose. An open-learning ecosystem is also described to help leaders address the development of strengths associated with building trust and relationships across networks of teams, aligned under a higher purpose and calling, possessing moral fiber, resilient in the face of complexity, reflectively competent to adapt as interconnected efforts evolve and change within multicultural environments, and able to figure out new ways to do something never done before