TY - GEN
T1 - Access control strategies for virtualized environments in grid computing systems
AU - Squicciarini, Anna
AU - Bertino, Elisa
AU - Goasguen, Sebastien
PY - 2007/8/2
Y1 - 2007/8/2
N2 - The development of adequate security solutions and in particular of authentication and authorization techniques for grid computing systems is a challenging task. Challenges arise from the heterogeneity of users, the presence of multiple security administration entities, the heterogeneity of security techniques used at the various grid hosts, the scalability requirements, and the need for high-level policies concerning resource sharing. Recent trends, like accessing grid through science gateways and the use of virtual organizations (VO) for managing user communities, further complicate the problem of security for grid computing systems. Currently, the GSI component developed as part of the Globus Toolkit, the de-facto standard for grid infrastructures is not fully suited to meet those challenges. The main drawback of such an approach is that it relies on a low level identity-based authorization scheme. A low-level access control policy maps a user's identity (distinguished name) to a local account. Such approach does not scale and does not address many of the outlined requirements. We thus need security solutions that go beyond the simple solutions currently in use. The goal of this paper is to make a first step towards such solutions. The paper discusses and analyzes authentication and authorization solutions that better fit novel grid infrastructures characterized by virtual organizations and science gateways. Some of these solutions derive from ongoing work in current grid infrastructure projects; others are new proposals that we think worthy of discussion. In particular, we analyze the solutions proposed as part of the GridShib and the VO Privilege projects
AB - The development of adequate security solutions and in particular of authentication and authorization techniques for grid computing systems is a challenging task. Challenges arise from the heterogeneity of users, the presence of multiple security administration entities, the heterogeneity of security techniques used at the various grid hosts, the scalability requirements, and the need for high-level policies concerning resource sharing. Recent trends, like accessing grid through science gateways and the use of virtual organizations (VO) for managing user communities, further complicate the problem of security for grid computing systems. Currently, the GSI component developed as part of the Globus Toolkit, the de-facto standard for grid infrastructures is not fully suited to meet those challenges. The main drawback of such an approach is that it relies on a low level identity-based authorization scheme. A low-level access control policy maps a user's identity (distinguished name) to a local account. Such approach does not scale and does not address many of the outlined requirements. We thus need security solutions that go beyond the simple solutions currently in use. The goal of this paper is to make a first step towards such solutions. The paper discusses and analyzes authentication and authorization solutions that better fit novel grid infrastructures characterized by virtual organizations and science gateways. Some of these solutions derive from ongoing work in current grid infrastructure projects; others are new proposals that we think worthy of discussion. In particular, we analyze the solutions proposed as part of the GridShib and the VO Privilege projects
UR - http://www.scopus.com/inward/record.url?scp=34547326007&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34547326007&partnerID=8YFLogxK
U2 - 10.1109/FTDCS.2007.10
DO - 10.1109/FTDCS.2007.10
M3 - Conference contribution
AN - SCOPUS:34547326007
SN - 0769528104
SN - 9780769528106
T3 - Proceedings of the IEEE Computer Society Workshop on Future Trends of Distributed Computing Systems
SP - 48
EP - 54
BT - Proceedings - FTDCS 2007
T2 - FTDCS 2007: 11th IEEE International Workshop on Future Trends of Distributed Computing Systems
Y2 - 21 March 2007 through 23 March 2007
ER -