Академический Документы
Профессиональный Документы
Культура Документы
Computer Science Department, University of Science and Technology of China, Hefei 230026, P.R.China Email: xmfang@mail.ustc.edu.cn,
syang@ustc.edu.cn,
ltguo@mail.ustc.edu.cn leizh@mail.ustc.edu.cn
Abstract. This paper analyzes security problems existing in Grid Computing System and describes the security mechanism in Grid Computing System. After briefly introducing the security abstract of grid computing system at Grid Security Basic Layer, several protocols are defined at Grid Security Protocol Layer based on security architecture model. Broker protocols are then thoroughly discussed. Keywords. Grid Computing System, Security Abstract, Grid Security Protocols, Broker
1. Introduction
With the development of application requirements for high-performance computing, it is impossible to solve super large-scale issues using a single high-performance computer or a single computer cluster. Therefore, it is needed to connect distributed heterogeneous high-performance computer, computer cluster, large-scale database server and large-scale file server with high-speed interconnection network and integrate them into a transparent virtual high-performance computing environment. This environment is named Grid Computing System[1-3].
This paper is supported by the National Natural Science Foundation of China under Grant No.60273041 and the National 863 High-Tech Program of China under Grant No. 2002AA104560.
Our security architecture is a good schema for Grid research because of its good scalability and its ability of adapting to the dynamic system environment. In succession, we place our emphases on the Grid Security Basic Layer and Grid Security Protocol Layer, which are of great importance in grid security architecture.
abstraction of one or many Local Subjects. Global Subjects and Local Subjects exist in Grid Computing System at the same time. Representation of Security Policy: There are two kinds of Security Policy in Grid Computing System, which are Global Security Policy PG and Local Security Policy PL. Global Security Policy is the abstraction of all Local Security Policy. Global Security Policy and Local Security Policy exist in Grid Computing System at the same time. Representation of Trust Domain: There are two kinds of Trust Domain in Grid Computing System, which are Global Trust Domain DG and Local Trust Damian DL. Global Trust Domain is the abstraction of all Local Trust Domains. Global Trust Domain and Local Trust Domain exist in Grid Computing System at the same time.Trust Domain of Grid Computing System consists of three elements: Objects existing in this Trust Domain, Subjects existing in this Trust Domain and Security Policy which protect Objects against Subjects. Trust Domain can be denoted by D=({O},{S},P), D denotes Trust Domain, {O} denotes the set of all Objects existing in this Trust Domain, {S}denotes the set of all Subjects existing in this Trust Domain, and DG=({OG},{SG},PG), and Local Trust Domain can be
P deby
notes Security Policy of this Trust Domain. Global Trust Domain can be denoted by denoted DLi=({OLi},{SLi},PLi) I=1,2,3 Representation of Operation: Operation of Grid Computing System may be executed in many Local Trust Domains. Operation cannot be executed until Subjects passed Security Policy (Authorization) of corresponding Trust Domain. Security Abstract of Grid Computing System The Grid Computing System is abstracted to the elements such as Objects, Subjects, Security Policies, Trust Domains, Operations, Authorization, etc. Grid Computing System is composed of four parts: Global Trust Domain, Local Trust Domain, Operations and Authorizations. It can be denoted by G=(DG,{Dli},{OPj},{AK}) i=1,2,3 j=1,2,3 k=1,2,3 G denotes Grid Computing System, DG denotes Global Trust Domain, {DLi}denotes the set of all Local Domain, {OPj} denotes the set of all Operations, {A K} denotes the set of all Authorizations. The security of Grid Computing System can be regarded as the relationship among the basic elements. That is to say, user access and use resources can be abstracted as
Subject operate Object, this can be denoted by SOP>O. Checking the relationship of Subject, Object and Security Policy, we can examine whether Subject can operate Object, and also can tell whether user can access resource.
Name User Proxy Creation Protocol Resource Proxy Creation Protocol User Proxys Resource Application Protocol Processs Protocol Processs Protocol Broker Creation Protocol Broker Service Protocol Broker Creation Protocol Signature Application Resource Application
Representation User how to create user proxy System how to create resource proxy User proxy how to apply for resources Process how to apply for resources How to sign the processs certificate System how to create broker Broker how to allot resources coordinately
Grid computing system sets up a process, and then grants the broker certificate for this process. The process that gets the certificate can offer broker service. Broker sends broker service notification to resource proxy. Resource proxy gives broker message of resources and informs broker modification. Broker tidies up the information. Broker Creation Protocol is shown below. (1) Grid computing system set up a broker certificate, and then sends the certificate that hasnt been signed to the CA.
(2) CA sign the broker certificate by using its own certificate then send it to the grid computing system. (3) After receiving the certificate, grid computing system creates a process that hold this new signed certificate. The process then becomes a broker. Broker Service Protocol All resource proxies send information of resources in charge to broker. So the broker can see the whole resources of grid computing system while the proxy can only see parts of resources. When user requires a large quantity of resources, the broker must offer its information in contrast to the locality of the resource proxy. The workflow of Broker Service Protocol is shown as Fig. 2.
User Proxy
Mutual Authentication Applying for Resources Bu ild ing Up a Coordinating Assignment Scheme Mutual Authentication User Proxy ID and Application Message Check UserAuthorization Process Certificate without signature
Broker
Resource Proxy
Sign Process Certificate Process Certificate with signature Allotting Resources & Creating Process Handler of Process with signature Resource-Assignment-OK Message Updating Resource Information
(1) User proxy and broker carry out mutual authentication. As a part of mutual authentication, broker should check the expiration of the certificate. (2) After mutual authentication, user proxy uses its proxy certificate add its signature to the message of applying for a lot of resources. Then user proxy sends this application to broker. (3) Having received the application, broker builds up a coordinating assignment scheme by analyzing current resources available. (4) In accordance with the assignment scheme, broker separates the full application to small pieces, which can easily be found. (5) Broker and resource proxy need mutual authentication if they are not in the same trusted domain. (6) When resources are available, broker sends resource proxy the user proxy ID and application message that have already signed by broker with its own certificate. (7) On receiving the user ID and application message, resource proxy allots the corresponding resources to the user proxy. (8) Resource proxy creates a resource-assignment-ok message signed with its own certificate and then sends this message to broker. (9) Broker updates its resource information while the resource-assignment-ok message arrives.
source proxies directly manage the resources, so they can gather resources information in time. Brokers gain information of resources from resource proxies, and co-allocation these resources. Resource proxies cooperating with brokers, this make the five-layered security architecture is adaptive to dynamic environment.
6. Conclusion
This paper analyzes security problems existing in Grid Computing System and describes the security mechanism of Grid Computing System. Several protocols are defined at Grid Security Protocol Layer based on our security architecture model. Broker protocols in the schema are more adaptive to dynamic environments.
Reference
[1] Ian Foster and Carl Kesselman. The Grid: Blueprint for a New Computing Infrastructure. Morgan Kaufmann Publishers, Inc., San Francisco, California, 1999. [2] Ian Foster, Carl Kesselman, and Steven Tuecke. The Anatomy of the Grid: Enabling Scalable Virtual Organizations. International Journal of Supercomputer Applications, 2001. [3] Ian Foster. Internet Computing and the Emerging Grid. Available from http://www.nature.com/nature/webmatters/grid/grid.html. [4] The Globus Project. Available from http://www.globus.org/ [5] Ian Foster and Carl Kesselman. Globus: A Meta-computing Infrastructure Toolkit. International Journal of Supercomputer Applications, 1996. [6] Ian Foster and Carl Kesselman. The Globus Project: A Status Report. In Proc. Heterogeneous Computing Workshop. IEEE Computer Society Press, 1998. [7] Ian Foster, Carl Kesselman, Gene Tsudik, and Steven Tuecke. A Security Architecture for Computational Grids. Proc. 5th ACM Conference on Computer and Communications Security Conference, 1998. [8] Randy Butler Von Welch, Douglas Engert, Ian Foster, Steven Tuecke, John Volmer, Carl Kesselman. A National-Scale Authentication Infrastructure, 2000. IEEE Computer, 33(12),