289-research on security architecture and protocols of grid computing system
TRANSCRIPT
-
8/4/2019 289-Research on Security Architecture and Protocols of Grid Computing System
1/8
Research on Security Architecture and Protocols ofGrid Computing System1
FANG Xiangming YANG Shoubao GUO Leitao ZHANG Lei
Computer Science Department, University of Science and Technology of China,
Hefei 230026, P.R.China
Email: [email protected], [email protected],
[email protected] [email protected]
Abstract. This paper analyzes security problems existing in Grid Computing
System and describes the security mechanism in Grid Computing System. After
briefly introducing the security abstract of grid computing system at Grid Secu-
rity Basic Layer, several protocols are defined at Grid Security Protocol Layer
based on security architecture model. Broker protocols are then thoroughly
discussed.
Keywords. Grid Computing System, Security Abstract, Grid Security Proto-
cols, Broker
1. Introduction
With the development of application requirements for high-performance computing, it
is impossible to solve super large-scale issues using a single high-performance com-
puter or a single computer cluster. Therefore, it is needed to connect distributed het-
erogeneous high-performance computer, computer cluster, large-scale database server
and large-scale file server with high-speed interconnection network and integrate
them into a transparent virtual high-performance computing environment. This envi-
ronment is named Grid Computing System[1-3]
.
1 This paper is supported by the National Natural Science Foundation of China under Grant
No.60273041 and the National 863 High-Tech Program of China under Grant No.
2002AA104560.
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected] -
8/4/2019 289-Research on Security Architecture and Protocols of Grid Computing System
2/8
2
2. Security in Grid Computing System
Essentially, security assurance of the Internet provides two kinds of security services:
access control service, which protects various resources from being used by violate
user and prevents resources abused from authorized user; Secure communication ser-
vice, which provides mutual authentication, and message protection as well, such as
message integrity and confidentiality. But these services cannot solve all the security
problems in Grid Computing System.
Security of Grid Computing System should solve the following problems: user
masquerade, server masquerade, data wiretapping and sophisticating, remote attack,
resource abusing, malicious program, and system integrity. Grid Computing System is
a complicated, dynamic and wide-area system, adding restricted authorization on user
cannot be solved by the current technologies. So developing new security architecture
is necessary. By now, GSI (Globus Security Infrastructure)[4-6]
is one of the most fa-
mous schemas.
Based on the analysis of GSI, we present five-layered security architecture[7]
on
considering the designation and accomplishment of Grid security project. The security
architecture that we have already briefly depicted at GCC2002 is shown as Fig. 1.
Fig. 1. Security architecture of the Grid computing system
Our security architecture is a good schema for Grid research because of its good
scalability and its ability of adapting to the dynamic system environment. In succes-
sion, we place our emphases on the Grid Security Basic Layer and Grid Security Pro-
tocol Layer, which are of great importance in grid security architecture.
-
8/4/2019 289-Research on Security Architecture and Protocols of Grid Computing System
3/8
3
3. Grid Security Basic Layer
Grid Security Basic Layer provides user and resource mapping policy, including gen-
eral mapping rules. In this layer, the Grid Computing System is abstracted to the ele-
ments as Objects, Subjects, Security Policies, Trust Domains, Operations, Authoriza-
tion, etc. The security of Grid Computing System can be regarded as the relationships
among the basic elements, which gives an effective way to realize user s restrictive
authorization.
Definitions of Basic Elements
First of all, some definitions are given in the following.
Object is resource or process of Grid Computing System. Object is protected by
security policy. Resource may be file, memory, CPU, equipment, etc. Process may be
process running on behalf of user, process running on behalf of resource, etc. O
denotes Object.
Subject is user, resource or process of Grid Computing System. Subject may de-
stroy Object. Resource may be file, memory, CPU, equipment, etc. Process may be
process running on behalf of user, process running on behalf of resource, etc. S de-
notes Subject.
Security Policy is a set of policies of Grid Computing System. Security Policy
protects Object against Subject. P denotes Security Policy.
Trust Domain is a logical, administrative region of Grid Computing System. Trust
Domain has clear border. D denotes Trust Domain.
Operation is a set of instructions by which Subject access or use Object. OP de-
notes Operation.
Authorization is the process by which Security Policy is acted on Subject. There
are two kinds of results of Authorization. One is Subject passed Security Policy and
the other is not. A denotes Authorization.
Representation of Basic Elements
Representation of Object: There are two kinds of Object in Grid Computing Sys-
tem, which are Global Object OG and Local Object OL. A Global Object is the ab-
straction of one or many Local Objects. Global Objects and Local Objects exist in
Grid Computing System at the same time.
Representation of Subject: There are two kinds of Subject in Grid Computing
System, which are Global Subject S G and Local Subject SL. A Global Subject is the
-
8/4/2019 289-Research on Security Architecture and Protocols of Grid Computing System
4/8
4
abstraction of one or many Local Subjects. Global Subjects and Local Subjects exist
in Grid Computing System at the same time.
Representation of Security Policy: There are two kinds of Security Policy in Grid
Computing System, which are Global Security Policy PG and Local Security Policy
PL. Global Security Policy is the abstraction of all Local Security Policy. Global Se-
curity Policy and Local Security Policy exist in Grid Computing System at the same
time.
Representation of Trust Domain: There are two kinds of Trust Domain in Grid
Computing System, which are Global Trust Domain DG and Local Trust Damian DL.
Global Trust Domain is the abstraction of all Local Trust Domains. Global Trust Do-
main and Local Trust Domain exist in Grid Computing System at the same time.Trust
Domain of Grid Computing System consists of three elements: Objects existing in
this Trust Domain, Subjects existing in this Trust Domain and Security Policy which
protect Objects against Subjects. Trust Domain can be denoted by D=({O},{S},P), D
denotes Trust Domain, {O} denotes the set of all Objects existing in this Trust Do-
main, {S}denotes the set of all Subjects existing in this Trust Domain, and P de-
notes Security Policy of this Trust Domain. Global Trust Domain can be denoted by
DG=({OG},{SG},PG), and Local Trust Domain can be denoted by
DLi=({OLi},{SLi},PLi) I=1,2,3
Representation of Operation: Operation of Grid Computing System may
be executed in many Local Trust Domains. Operation cannot be executed until
Subjects passed Security Policy (Authorization) of corresponding Trust Do-main.
Security Abstract of Grid Computing System
The Grid Computing System is abstracted to the elements such as Objects, Sub-
jects, Security Policies, Trust Domains, Operations, Authorization, etc. Grid Com-
puting System is composed of four parts: Global Trust Domain, Local Trust Domain,
Operations and Authorizations. It can be denoted by
G=(DG,{Dli},{OPj},{AK}) i=1,2,3 j=1,2,3 k=1,2,3
G denotes Grid Computing System, DG denotes Global Trust Domain, {DLi}denotes
the set of all Local Domain, {OPj} denotes the set of all Operations, {AK} denotes the
set of all Authorizations.The security of Grid Computing System can be regarded as the relationship among
the basic elements. That is to say, user access and use resources can be abstracted as
-
8/4/2019 289-Research on Security Architecture and Protocols of Grid Computing System
5/8
5
Subject operate Object, this can be denoted by SOP>O. Checking the relation-
ship of Subject, Object and Security Policy, we can examine whether Subject can op-
erate Object, and also can tell whether user can access resource.
4. Grid Security Protocol Layer
We define seven protocols[8]
at Grid Security Protocol Layer on considering the
course of grid computing especially the course of resource management. These pro-
tocols are listed in table 1. Then we will thoroughly discuss broker protocols that of
great importance.
Table 1. Protocol at Grid Security Protocol Layer
Name Representation
User Proxy Creation Protocol User how to create user proxy
Resource Proxy Creation Protocol System how to create resource proxy
User Proxys Resource Application
Protocol
User proxy how to apply for resources
Processs Resource Application
Protocol
Process how to apply for resources
Processs Signature Application
Protocol
How to sign the processs certificate
Broker Creation Protocol System how to create broker
Broker Service Protocol Broker how to allot resources coordinately
Broker Creation Protocol
Grid computing system sets up a process, and then grants the broker certificate for
this process. The process that gets the certificate can offer broker service. Broker
sends broker service notification to resource proxy. Resource proxy gives broker
message of resources and informs broker modification. Broker tidies up the informa-
tion.
Broker Creation Protocol is shown below.
(1) Grid computing system set up a broker certificate, and then sends the certificate
that hasnt been signed to the CA.
-
8/4/2019 289-Research on Security Architecture and Protocols of Grid Computing System
6/8
6
(2) CA sign the broker certificate by using its own certificate then send it to the
grid computing system.
(3) After receiving the certificate, grid computing system creates a process that
hold this new signed certificate. The process then becomes a broker.
Broker Service Protocol
All resource proxies send information of resources in charge to broker. So the bro-
ker can see the whole resources of grid computing system while the proxy can only
see parts of resources. When user requires a large quantity of resources, the broker
must offer its information in contrast to the locality of the resource proxy.
The workflow of Broker Service Protocol is shown as Fig. 2.
User ProxyResource
ProxyBroker
Mutual Authentication
Applying for Resources
Building Up aCoord ina t i ngA s s i g n m e n tScheme
Mutual Authentication
User Proxy ID andApplication Message
Process Certificate without signature
Sign Process Certificate
Process Certificate with signature
Handler of Process with signature
Resource-Assignment-OKMessage
Updating ResourceInformation
Check User-Authorization
Allotting Resources& Creating Process
Fig. 2. Workflow of Broker Service Protocol
Broker Service Protocol is illustrated below:
-
8/4/2019 289-Research on Security Architecture and Protocols of Grid Computing System
7/8
7
(1) User proxy and broker carry out mutual authentication. As a part of mutual au-
thentication, broker should check the expiration of the certificate.
(2) After mutual authentication, user proxy uses its proxy certificate add its signa-
ture to the message of applying for a lot of resources. Then user proxy sends this ap-
plication to broker.
(3) Having received the application, broker builds up a coordinating assignment
scheme by analyzing current resources available.
(4) In accordance with the assignment scheme, broker separates the full application
to small pieces, which can easily be found.
(5) Broker and resource proxy need mutual authentication if they are not in the
same trusted domain.
(6) When resources are available, broker sends resource proxy the user proxy ID
and application message that have already signed by broker with its own certificate.
(7) On receiving the user ID and application message, resource proxy allots the
corresponding resources to the user proxy.
(8) Resource proxy creates a resource-assignment-ok message signed with its own
certificate and then sends this message to broker.
(9) Broker updates its resource information while the resource-assignment-ok
message arrives.
5. More Adaptive to Dynamic Environment
When some resources join in the Grid Computing System, the system will create a
resource proxy for these resources. Resource proxy manages these resources and
sends the information about these resources to a broker. Then the broker can allocate
these resources to user. On the other hand, when some resources are failed or leave
the Grid Computing System, the resource proxy sends an update message to the bro-
ker. The broker receives this message and will not allocate these failed or leaved re-
sources to user. Mapping file is used to map users to resources. Mapping files are cre-
ated dynamically. So this mapping measure is adaptive to dynamic environment.
When the scale of Grid Computing System is not large, one resource proxy is
enough to manage all the resources; when the scale of Grid Computing System is in-creasing, two or more resource proxies are needed; Secondary user proxy and
multi-brokers are needed when the scale of Grid increases to a certain degree. Re-
-
8/4/2019 289-Research on Security Architecture and Protocols of Grid Computing System
8/8
8
source proxies directly manage the resources, so they can gather resources informa-
tion in time. Brokers gain information of resources from resource proxies, and
co-allocation these resources. Resource proxies cooperating with brokers, this make
the five-layered security architecture is adaptive to dynamic environment.
6. Conclusion
This paper analyzes security problems existing in Grid Computing System and de-
scribes the security mechanism of Grid Computing System. Several protocols are de-
fined at Grid Security Protocol Layer based on our security architecture model. Bro-
ker protocols in the schema are more adaptive to dynamic environments.
Reference
[1] Ian Foster and Carl Kesselman. The Grid: Blueprint for a New Computing Infrastructure.
Morgan Kaufmann Publishers, Inc., San Francisco, California, 1999.
[2] Ian Foster, Carl Kesselman, and Steven Tuecke. The Anatomy of the Grid: Enabling Scal-
able Virtual Organizations. International Journal of Supercomputer Applications, 2001.
[3] Ian Foster. Internet Computing and the Emerging Grid. Available from
http://www.nature.com/nature/webmatters/grid/grid.htm l.
[4] The Globus Project. Available from http://www.globus.org/
[5] Ian Foster and Carl Kesselman. Globus: A Meta-computing Infrastructure Toolkit. Interna-
tional Journal of Supercomputer Applications, 1996.
[6] Ian Foster and Carl Kesselman. The Globus Project: A Status Report. In Proc. Heterogene-
ous Computing Workshop. IEEE Computer Society Press, 1998.
[7] Ian Foster, Carl Kesselman, Gene Tsudik, and Steven Tuecke. A Security Architecture for
Computational Grids. Proc. 5th ACM Conference on Computer and Communications Secu-
rity Conference, 1998.
[8] Randy Butler Von Welch, Douglas Engert, Ian Foster, Steven Tuecke, John Volmer, Carl
Kesselman. A National-Scale Authentication Infrastructure, IEEE Computer, 33(12),
2000.
http://www.nature.com/nature/webmatters/grid/grid.htmlhttp://www.globus.org/http://www.globus.org/http://www.nature.com/nature/webmatters/grid/grid.html