5,165 research outputs found
A Mediated Definite Delegation Model allowing for Certified Grid Job Submission
Grid computing infrastructures need to provide traceability and accounting of
their users" activity and protection against misuse and privilege escalation. A
central aspect of multi-user Grid job environments is the necessary delegation
of privileges in the course of a job submission. With respect to these generic
requirements this document describes an improved handling of multi-user Grid
jobs in the ALICE ("A Large Ion Collider Experiment") Grid Services. A security
analysis of the ALICE Grid job model is presented with derived security
objectives, followed by a discussion of existing approaches of unrestricted
delegation based on X.509 proxy certificates and the Grid middleware gLExec.
Unrestricted delegation has severe security consequences and limitations, most
importantly allowing for identity theft and forgery of delegated assignments.
These limitations are discussed and formulated, both in general and with
respect to an adoption in line with multi-user Grid jobs. Based on the
architecture of the ALICE Grid Services, a new general model of mediated
definite delegation is developed and formulated, allowing a broker to assign
context-sensitive user privileges to agents. The model provides strong
accountability and long- term traceability. A prototype implementation allowing
for certified Grid jobs is presented including a potential interaction with
gLExec. The achieved improvements regarding system security, malicious job
exploitation, identity protection, and accountability are emphasized, followed
by a discussion of non- repudiation in the face of malicious Grid jobs
Proxy dynamic delegation in grid gateway
Nowadays one of the main obstacles the research comes up against is the
difficulty in accessing the required computational resources. Grid is able to
offer the user a wide set of resources, even if they are often too hard to
exploit for non expert end user. Use simplification has today become a common
practice in the access and utilization of Cloud, Grid, and data center
resources. With the launch of L-GRID gateway, we introduced a new way to deal
with Grid portals. L-GRID is an extremely light portal developed in order to
access the EGI Grid infrastructure via Web, allowing users to submit their jobs
from whatever Web browser in a few minutes, without any knowledge about the
underlying Grid infrastructure.Comment: 6 page
GridCertLib: a Single Sign-on Solution for Grid Web Applications and Portals
This paper describes the design and implementation of GridCertLib, a Java
library leveraging a Shibboleth-based authentication infrastructure and the
SLCS online certificate signing service, to provide short-lived X.509
certificates and Grid proxies. The main use case envisioned for GridCertLib, is
to provide seamless and secure access to Grid/X.509 certificates and proxies in
web applications and portals: when a user logs in to the portal using
Shibboleth authentication, GridCertLib can automatically obtain a Grid/X.509
certificate from the SLCS service and generate a VOMS proxy from it. We give an
overview of the architecture of GridCertLib and briefly describe its
programming model. Its application to some deployment scenarios is outlined, as
well as a report on practical experience integrating GridCertLib into portals
for Bioinformatics and Computational Chemistry applications, based on the
popular P-GRADE and Django softwares.Comment: 18 pages, 1 figure; final manuscript accepted for publication by the
"Journal of Grid Computing
EMI Security Architecture
This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project
A Credential Store for Multi-tenant Science Gateways
Science Gateways bridge multiple computational grids and clouds, acting as overlay cyberinfrastructure. Gateways have three logical tiers: a user interfacing tier, a resource tier and a bridging middleware tier. Different groups may operate these tiers. This introduces three security challenges. First, the gateway middleware must manage multiple types of credentials associated with different resource providers. Second, the separation of the user interface and middleware layers means that security credentials must be securely delegated from the user interface to the middleware. Third, the same middleware may serve multiple gateways, so the middleware must correctly isolate user credentials associated with different gateways. We examine each of these three scenarios, concentrating on the requirements and implementation of the middleware layer. We propose and investigate the use of a Credential Store to solve the three security challenges
The Dropout Crisis: Promising Approaches in Prevention and Recovery
The number of high school age students who do not complete high school is receiving increased attention as a serious challenge facing the educational system. This is happening for several reasons. New research estimates that about 30 percent of high school students fail to earn a diploma in the standard number of years, a higher figure than state and local education officials typically cite. In many states, barely half of African-Americans and Latinos graduate from high school. The magnitude of the challenge is becoming clear at the same time that a consensus is emerging that education beyond high school is critical to economic self-sufficiency and success in today's knowledge-intensive economy. The U.S. Bureau of Labor Statistics projects that 60 percent of jobs created between now and 2010 will require at least some postsecondary education. In the emerging economy, a high school dropout or a young person who earns a GED, but no further postsecondary credential, has extremely few opportunities for a family-supporting career. Addressing the dropout crisis will require responding to a dual challenge: state education systems must promote and support both dropout prevention strategies and dropout recovery efforts. This brief describes current practice in both prevention and recovery, highlighting promising approaches in each area that can help reduce stubbornly high dropout rates. It concludes with several suggestions for how state policymakers can help promote a more systemic approach to the dropout crisis
Investigation of Driver License Issuance Alternatives
This study develops an alternative model for issuing driver licenses and personal identifications in Kentucky. Under the current model, most licenses are distributed by circuit court clerks at 142 offices across the state while the Kentucky Transportation Cabinet (KYTC) provides central and regional support for specific license types. Given the cumbersome administrative structure and impending REAL ID requirements, both circuit clerks and KYTC administrators would like to explore an alternative distribution model. Researchers at the Kentucky Transportation Center (KTC) projected the costs of transitioning from the current issuance model to a centralized DMV model where licenses are distributed at 18 to 24 regional field offices. In FY 2020, the cost for having circuit clerks distribute licenses was roughly 10.4 and $16.4 million depending on the number of offices and employee compensation levels. If switching from a 4-year to 8-year license renewal cycle, the ensuing revenues would more than cover costs, although the License Fund allocation from each license sale should be adjusted so that all costs are covered and do not require additional Road Fund supplements. Optimizing the centralized issuance model will depend on transitioning from 4-year to 8-year license renewal intervals, completely transitioning issuance to KYTC and avoiding a hybrid distribution system and duplication of infrastructure, increasing allocations to the License Fund, implementing an online driver license renewal system in the near future, and transitioning away from the dated mainframe driver licensing database to a newer, more dynamic system
The credentialed workforce: Examining success rates across short-term noncredit training programs aligned with industry credentials
A new grant program implemented to provide subsidized training costs for students enrolling in short-term noncredit programs aligned with high-demand industry credentials leading to middle-skill jobs was implemented in July 2016. The grant program follows a pay-for-performance model where students are given a two-thirds discount on tuition but required to pay back an additional one-third if they do not successfully complete their short-term noncredit training. An exploratory study was conducted to provide training program completion and credential attainment rates for the overall program and by student demographic groups (age, race, and gender). Results showed little variation among training program completion rates among groups but showed considerable differences among programs and demographic groups for credential attainment rates indicating possible barriers to credential attainment. Supplemental information was collected via a survey sent to career coaches at the community colleges implementing the grant program. Responses indicated a need for additional resources (e.g. transportation vouchers) and support for students during program implementation (e.g. additional classroom resources). Overall, findings indicate a need for further research once additional enrollment data is available and additional collection of qualitative data from the colleges implementing the program to support programmatic improvement aligned with the grant outcomes
The Economic Development and Workforce Development Systems
Provides an overview of current U.S. strategies for and challenges in ensuring economic growth with adequate employment opportunities and preparing disadvantaged people for careers. Also summarizes goals, key stakeholders, and the policy environment
Spartan Daily, February 20, 2007
Volume 128, Issue 15https://scholarworks.sjsu.edu/spartandaily/10329/thumbnail.jp
- …