Enhanced security architecture for support of credential repository in grid computing.

Grid Computing involves heterogeneous computers and resources, multiple administrative domains and the mechanisms and techniques for establishing and maintaining effective and secure communications between devices and systems. Both authentication and authorization are required. Current authorization models in each domain vary from one system to another, which makes it difficult for users to obtain authorization across multiple domains at one time. We propose an enhanced security architecture to provide support for decentralized authorization based on attribute certificates which may be accessed via the Internet. This allows the administration of privileges to be widely distributed over the Internet in support of autonomy for resource owners and providers. In addition, it provides a uniform approach for authorization which may be used by resource providers from various domains. We combine authentication with the authorization mechanism by using both MyProxy online credential repository and LDAP directory server. In our architecture, we use MyProxy server to store identity certificates for authentication, and utilize an LDAP server-based architecture to store attribute certificates for authorization. Using a standard web browser, a user may connect to a grid portal and allow the portal to retrieve those certificates in order to access grid resources on behalf of the user. Thus, our approach can make use of the online credential repository to integrate authentication, delegation and attribute based access control together to provide enhanced, flexible security for grid system. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2004 .C54. Source: Masters Abstracts International, Volume: 43-01, page: 0231. Adviser: R. D. Kent. Thesis (M.Sc.)--University of Windsor (Canada), 2004

On Usage Control for Data Grids: Models, Architectures, and Specifications

This thesis reasons on usage control in Data Grids, by presenting models, architectures and specifications. This work is a step toward a continuous monitoring and control of the data access and usage in a Data Grid. First, the thesis presents a background on Grids, security, and security for Grids, by making an abstraction to the current Grid implementations. We argue that usage control in Data Grids should be considered as a process composed by two black boxes. We analysed the requirements for Grid security, and propose a distributed usage control model suitable for Grids and distributed systems alike. Then, we apply such model to a Data Grid abstraction, and present a usage control architecture for Data Grids that uses the functional components of the currents Grids. We also present an abstract specification for an enforcing mechanism for usage control policies. To do so, we use a formal requirement engineering methodology with a bottom-up approach, that proves that the specification is sound and complete. With the methodology, we show formally that such abstract specification can enforce all the different typologies of usage control policies. Finally, we consider how existing prototypes can fit in the proposed architecture, and the advantages derived from using Semantic Grid techologies for the specification of policies subjects and objects

Virtual Machine Image Management for Elastic Resource Usage in Grid Computing

Grid Computing has evolved from an academic concept to a powerful paradigm in the area of high performance computing (HPC). Over the last few years, powerful Grid computing solutions were developed that allow the execution of computational tasks on distributed computing resources. Grid computing has recently attracted many commercial customers. To enable commercial customers to be able to execute sensitive data in the Grid, strong security mechanisms must be put in place to secure the customers' data. In contrast, the development of Cloud Computing, which entered the scene in 2006, was driven by industry: it was designed with respect to security from the beginning. Virtualization technology is used to separate the users e.g., by putting the different users of a system inside a virtual machine, which prevents them from accessing other users' data. The use of virtualization in the context of Grid computing has been examined early and was found to be a promising approach to counter the security threats that have appeared with commercial customers. One main part of the work presented in this thesis is the Image Creation Station (ICS), a component which allows users to administer their virtual execution environments (virtual machines) themselves and which is responsible for managing and distributing the virtual machines in the entire system. In contrast to Cloud computing, which was designed to allow even inexperienced users to execute their computational tasks in the Cloud easily, Grid computing is much more complex to use. The ICS makes it easier to use the Grid by overcoming traditional limitations like installing needed software on the compute nodes that users use to execute the computational tasks. This allows users to bring commercial software to the Grid for the first time, without the need for local administrators to install the software to computing nodes that are accessible by all users. Moreover, the administrative burden is shifted from the local Grid site's administrator to the users or experienced software providers that allow the provision of individually tailored virtual machines to each user. But the ICS is not only responsible for enabling users to manage their virtual machines themselves, it also ensures that the virtual machines are available on every site that is part of the distributed Grid system. A second aspect of the presented solution focuses on the elasticity of the system by automatically acquiring free external resources depending on the system's current workload. In contrast to existing systems, the presented approach allows the system's administrator to add or remove resource sets during runtime without needing to restart the entire system. Moreover, the presented solution allows users to not only use existing Grid resources but allows them to scale out to Cloud resources and use these resources on-demand. By ensuring that unused resources are shut down as soon as possible, the computational costs of a given task are minimized. In addition, the presented solution allows each user to specify which resources can be used to execute a particular job. This is useful when a job processes sensitive data e.g., that is not allowed to leave the company. To obtain a comparable function in today's systems, a user must submit her computational task to a particular resource set, losing the ability to automatically schedule if more than one set of resources can be used. In addition, the proposed solution prioritizes each set of resources by taking different metrics into account (e.g. the level of trust or computational costs) and tries to schedule the job to resources with the highest priority first. It is notable that the priority often mimics the physical distance from the resources to the user: a locally available Cluster usually has a higher priority due to the high level of trust and the computational costs, that are usually lower than the costs of using Cloud resources. Therefore, this scheduling strategy minimizes the costs of job execution by improving security at the same time since data is not necessarily transferred to remote resources and the probability of attacks by malicious external users is minimized. Bringing both components together results in a system that adapts automatically to the current workload by using external (e.g., Cloud) resources together with existing locally available resources or Grid sites and provides individually tailored virtual execution environments to the system's users

GUISET: A CONCEPTUAL DESIGN OF A GRID-ENABLED PORTAL FOR E-COMMERCE ON-DEMAND SERVICES

Conventional grid-enabled portal designs have been largely influenced by the usual functional requirements such as security requirements, grid resource requirements and job management requirements. However, the pay-as-you-use service provisioning model of utility computing platforms mean that additional requirements must be considered in order to realize effective grid-enabled portals design for such platforms. This work investigates those relevant additional requirements that must be considered for the design of grid-enabled portals for utility computing contexts. Based on a thorough review of literature, we identified a number of those relevant additional requirements, and developed a grid-enabled portal prototype for the Grid-based Utility Infrastructure for SMME-enabling Technology (GUISET) initiative – a utility computing platform. The GUISET portal was designed to cater for both the traditional grid requirements and some of the relevant additional requirements for utility computing contexts. The result of the evaluation of the GUISET portal prototype using a set of benchmark requirements (standards) revealed that it fulfilled the minimum requirements to be suitable for the utility context

Bayesian theory of mind

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Brain and Cognitive Sciences, 2012.Cataloged from PDF version of thesis.Includes bibliographical references (p. 127-139).This thesis proposes a computational framework for understanding human Theory of Mind (ToM): our conception of others' mental states, how they relate to the world, and how they cause behavior. Humans use ToM to predict others' actions, given their mental states, but also to do the reverse: attribute mental states - beliefs, desires, intentions, knowledge, goals, preferences, emotions, and other thoughts - to explain others' behavior. The goal of this thesis is to provide a formal account of the knowledge and mechanisms that support these judgments. The thesis will argue for three central claims about human ToM. First, ToM is constructed around probabilistic, causal models of how agents' beliefs, desires and goals interact with their situation and perspective (which can differ from our own) to produce behavior. Second, the core content of ToM can be formalized using context-specific models of approximately rational planning, such as Markov decision processes (MDPs), partially observable MDPs (POMDPs), and Markov games. ToM reasoning will be formalized as rational probabilistic inference over these models of intentional (inter)action, termed Bayesian Theory of Mind (BToM). Third, hypotheses about the structure and content of ToM can be tested through a combination of computational modeling and behavioral experiments. An experimental paradigm for eliciting fine-grained ToM judgments will be proposed, based on comparing human inferences about the mental states and behavior of agents moving within simple two-dimensional scenarios with the inferences predicted by computational models. Three sets of experiments will be presented, investigating models of human goal inference (Chapter 2), joint belief-desire inference (Chapter 3), and inference of interactively-defined goals, such as chasing and fleeing (Chapter 4). BToM, as well as a selection of prominent alternative proposals from the social perception literature will be evaluated by their quantitative fit to behavioral data. Across the present experiments, the high accuracy of BToM, and its performance relative to alternative models, will demonstrate the difficulty of capturing human social judgments, and the success of BToM in meeting this challenge.by Chris L. Baker.Ph.D

Electricity powered by blockchain: A review with a European perspective

Blockchain is no longer just a hype technology, and effective blockchain applications exist in many industries. Yet, few blockchain projects have been successful in Europe’s energy systems. To identify the reasons for this slow progress, we reviewed the recent energy literature regarding the use of blockchain, analyzed industry reports, and interviewed experts who have conducted blockchain projects in Europe’s energy systems. Our analysis reveals eight common use cases, their expected benefits, and the challenges encountered. We find that the expected benefits are often little more than generic hopes, largely outweighed by technological, organizational, and regulatory challenges. The identified challenges are significant and numerous, especially for peer-to-peer trading and microgrid use cases. The fact that few projects have yet provided robust evidence for profitable use suggests there is still a rocky road ahead. Moreover, many use cases appear to require more than just blockchain technology to succeed. In particular, privacy and scalability requirements often call for systems in which blockchains only take a backseat. This realization may be essential for the future use of blockchain technology in energy systems – in Europe and beyond

Aeronautical Engineering: A Continuing Bibliography with Indexes (supplement 194)

This bibliography lists 369 reports, articles and other documents introduced into the NASA scientific and technical information system in November 1985

Aeronautical engineering: A continuing bibliography with indexes (supplement 301)

This bibliography lists 1291 reports, articles, and other documents introduced into the NASA scientific and technical information system in Feb. 1994. Subject coverage includes: design, construction and testing of aircraft and aircraft engines; aircraft components, equipment, and systems; ground support systems; and theoretical and applied aspects of aerodynamics and general fluid dynamics