Dynamic Trust Federation in Grids

Grids are becoming economically viable and productive tools. Grids provide a way of utilizing a vast array of linked resources such as computing systems, databases and services online within Virtual Organizations (VO). However, today’s Grid architectures are not capable of supporting dynamic, agile federation across multiple administrative domains and the main barrier, which hinders dynamic federation over short time scales is security. Federating security and trust is one of the most significant architectural issues in Grids. Existing relevant standards and specifications can be used to federate security services, but do not directly address the dynamic extension of business trust relationships into the digital domain. In this paper we describe an experiment in which we highlight those challenging architectural issues and we will further describe how the approach that combines dynamic trust federation and dynamic authorization mechanism can address dynamic security trust federation in Grids. The experiment made with the prototype described in this paper is used in the NextGRID project for the definition of requirements for next generation Grid architectures adapted to business application need

Toward an on-demand restricted delegation mechanism for Grids

Grids are intended to enable cross-organizational interactions which makes Grid security a challenging and non-trivial issue. In Grids, delegation is a key facility that can be used to authenticate and authorize requests on behalf of disconnected users. In current Grid systems there is a trade-off between flexibility and security in the context of delegation. Applications must choose between limited or full delegation: on one hand, delegating a restricted set of rights reduces exposure to attack but also limits the flexibility/dynamism of the application; on the other hand, delegating all rights provides maximum flexibility but increases exposure. In this paper, we propose an on-demand restricted delegation mechanism, aimed at addressing the shortcomings of current delegation mechanisms by providing restricted delegation in a flexible fashion as needed for Grid applications. This mechanism provides an ontology-based solution for tackling one the most challenging issues in security systems, which is the principle of least privileges. It utilizes a callback mechanism, which allows on-demand provisioning of delegated credentials in addition to observing, screening, and auditing delegated rights at runtime. This mechanism provides support for generating delegation credentials with a very limited and well-defined range of capabilities or policies, where a delegator is able to grant a delegatee a set of restricted and limited rights, implicitly or explicitly. © 2006 IEEE

Mediated definite delegation: Certified Grid jobs in ALICE and beyond

Grid computing infrastructures need to provide traceability and accounting of their users activity and protection against misuse and privilege escalation, where the delegation of privileges in the course of a job submission is a key concern. This work describes an improved handling of Multi-user Grid Jobs in the ALICE Grid Services. A security analysis of the ALICE Grid job model is presented with derived security objectives, followed by a discussion of existing approaches of unrestricted delegation based on X.509 proxy certificates and the Grid middleware gLExec. Unrestricted delegation has severe security consequences and limitations, most importantly allowing for identity theft and forgery of jobs and data. These limitations are discussed and formulated, both in general and with respect to an adoption in line with Multi-user Grid Jobs. A new general model of mediated definite delegation is developed, allowing a broker to dynamically process and assign Grid jobs to agents while providing strong accountability and long-term traceability. A prototype implementation allowing for fully certified Grid jobs is presented as well as a potential interaction with gLExec. The achieved improvements regarding system security, malicious job exploitation, identity protection, and accountability are emphasized, including a discussion of non-repudiation in the face of malicious Grid jobs