289-research on security architecture and protocols of grid computing system

8/4/2019 289-Research on Security Architecture and Protocols of Grid Computing System

1/8

Research on Security Architecture and Protocols ofGrid Computing System1

FANG Xiangming YANG Shoubao GUO Leitao ZHANG Lei

Computer Science Department, University of Science and Technology of China,

Hefei 230026, P.R.China

Email: [email protected], [email protected],

[email protected] [email protected]

Abstract. This paper analyzes security problems existing in Grid Computing

System and describes the security mechanism in Grid Computing System. After

briefly introducing the security abstract of grid computing system at Grid Secu-

rity Basic Layer, several protocols are defined at Grid Security Protocol Layer

based on security architecture model. Broker protocols are then thoroughly

discussed.

Keywords. Grid Computing System, Security Abstract, Grid Security Proto-

cols, Broker

1. Introduction

With the development of application requirements for high-performance computing, it

is impossible to solve super large-scale issues using a single high-performance com-

puter or a single computer cluster. Therefore, it is needed to connect distributed het-

erogeneous high-performance computer, computer cluster, large-scale database server

and large-scale file server with high-speed interconnection network and integrate

them into a transparent virtual high-performance computing environment. This envi-

ronment is named Grid Computing System[1-3]

.

1 This paper is supported by the National Natural Science Foundation of China under Grant

No.60273041 and the National 863 High-Tech Program of China under Grant No.

2002AA104560.
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


2/8

2

2. Security in Grid Computing System

Essentially, security assurance of the Internet provides two kinds of security services:

access control service, which protects various resources from being used by violate

user and prevents resources abused from authorized user; Secure communication ser-

vice, which provides mutual authentication, and message protection as well, such as

message integrity and confidentiality. But these services cannot solve all the security

problems in Grid Computing System.

Security of Grid Computing System should solve the following problems: user

masquerade, server masquerade, data wiretapping and sophisticating, remote attack,

resource abusing, malicious program, and system integrity. Grid Computing System is

a complicated, dynamic and wide-area system, adding restricted authorization on user

cannot be solved by the current technologies. So developing new security architecture

is necessary. By now, GSI (Globus Security Infrastructure)[4-6]

is one of the most fa-

mous schemas.

Based on the analysis of GSI, we present five-layered security architecture[7]

on

considering the designation and accomplishment of Grid security project. The security

architecture that we have already briefly depicted at GCC2002 is shown as Fig. 1.

Fig. 1. Security architecture of the Grid computing system

Our security architecture is a good schema for Grid research because of its good

scalability and its ability of adapting to the dynamic system environment. In succes-

sion, we place our emphases on the Grid Security Basic Layer and Grid Security Pro-

tocol Layer, which are of great importance in grid security architecture.


3/8

3

3. Grid Security Basic Layer

Grid Security Basic Layer provides user and resource mapping policy, including gen-

eral mapping rules. In this layer, the Grid Computing System is abstracted to the ele-

ments as Objects, Subjects, Security Policies, Trust Domains, Operations, Authoriza-

tion, etc. The security of Grid Computing System can be regarded as the relationships

among the basic elements, which gives an effective way to realize user s restrictive

authorization.

Definitions of Basic Elements

First of all, some definitions are given in the following.

Object is resource or process of Grid Computing System. Object is protected by

security policy. Resource may be file, memory, CPU, equipment, etc. Process may be

process running on behalf of user, process running on behalf of resource, etc. O

denotes Object.

Subject is user, resource or process of Grid Computing System. Subject may de-

stroy Object. Resource may be file, memory, CPU, equipment, etc. Process may be

process running on behalf of user, process running on behalf of resource, etc. S de-

notes Subject.

Security Policy is a set of policies of Grid Computing System. Security Policy

protects Object against Subject. P denotes Security Policy.

Trust Domain is a logical, administrative region of Grid Computing System. Trust

Domain has clear border. D denotes Trust Domain.

Operation is a set of instructions by which Subject access or use Object. OP de-

notes Operation.

Authorization is the process by which Security Policy is acted on Subject. There

are two kinds of results of Authorization. One is Subject passed Security Policy and

the other is not. A denotes Authorization.

Representation of Basic Elements

Representation of Object: There are two kinds of Object in Grid Computing Sys-

tem, which are Global Object OG and Local Object OL. A Global Object is the ab-

straction of one or many Local Objects. Global Objects and Local Objects exist in

Grid Computing System at the same time.

Representation of Subject: There are two kinds of Subject in Grid Computing

System, which are Global Subject S G and Local Subject SL. A Global Subject is the


4/8

4

abstraction of one or many Local Subjects. Global Subjects and Local Subjects exist

in Grid Computing System at the same time.

Representation of Security Policy: There are two kinds of Security Policy in Grid

Computing System, which are Global Security Policy PG and Local Security Policy

PL. Global Security Policy is the abstraction of all Local Security Policy. Global Se-

curity Policy and Local Security Policy exist in Grid Computing System at the same

time.

Representation of Trust Domain: There are two kinds of Trust Domain in Grid

Computing System, which are Global Trust Domain DG and Local Trust Damian DL.

Global Trust Domain is the abstraction of all Local Trust Domains. Global Trust Do-

main and Local Trust Domain exist in Grid Computing System at the same time.Trust

Domain of Grid Computing System consists of three elements: Objects existing in

this Trust Domain, Subjects existing in this Trust Domain and Security Policy which

protect Objects against Subjects. Trust Domain can be denoted by D=({O},{S},P), D

denotes Trust Domain, {O} denotes the set of all Objects existing in this Trust Do-

main, {S}denotes the set of all Subjects existing in this Trust Domain, and P de-

notes Security Policy of this Trust Domain. Global Trust Domain can be denoted by

DG=({OG},{SG},PG), and Local Trust Domain can be denoted by

DLi=({OLi},{SLi},PLi) I=1,2,3

Representation of Operation: Operation of Grid Computing System may

be executed in many Local Trust Domains. Operation cannot be executed until

Subjects passed Security Policy (Authorization) of corresponding Trust Do-main.

Security Abstract of Grid Computing System

The Grid Computing System is abstracted to the elements such as Objects, Sub-

jects, Security Policies, Trust Domains, Operations, Authorization, etc. Grid Com-

puting System is composed of four parts: Global Trust Domain, Local Trust Domain,

Operations and Authorizations. It can be denoted by

G=(DG,{Dli},{OPj},{AK}) i=1,2,3 j=1,2,3 k=1,2,3

G denotes Grid Computing System, DG denotes Global Trust Domain, {DLi}denotes

the set of all Local Domain, {OPj} denotes the set of all Operations, {AK} denotes the

set of all Authorizations.The security of Grid Computing System can be regarded as the relationship among

the basic elements. That is to say, user access and use resources can be abstracted as


5/8

5

Subject operate Object, this can be denoted by SOP>O. Checking the relation-

ship of Subject, Object and Security Policy, we can examine whether Subject can op-

erate Object, and also can tell whether user can access resource.

4. Grid Security Protocol Layer

We define seven protocols[8]

at Grid Security Protocol Layer on considering the

course of grid computing especially the course of resource management. These pro-

tocols are listed in table 1. Then we will thoroughly discuss broker protocols that of

great importance.

Table 1. Protocol at Grid Security Protocol Layer

Name Representation

User Proxy Creation Protocol User how to create user proxy

Resource Proxy Creation Protocol System how to create resource proxy

User Proxys Resource Application

Protocol

User proxy how to apply for resources

Processs Resource Application

Protocol

Process how to apply for resources

Processs Signature Application

Protocol

How to sign the processs certificate

Broker Creation Protocol System how to create broker

Broker Service Protocol Broker how to allot resources coordinately

Broker Creation Protocol

Grid computing system sets up a process, and then grants the broker certificate for

this process. The process that gets the certificate can offer broker service. Broker

sends broker service notification to resource proxy. Resource proxy gives broker

message of resources and informs broker modification. Broker tidies up the informa-

tion.

Broker Creation Protocol is shown below.

(1) Grid computing system set up a broker certificate, and then sends the certificate

that hasnt been signed to the CA.


6/8

6

(2) CA sign the broker certificate by using its own certificate then send it to the

grid computing system.

(3) After receiving the certificate, grid computing system creates a process that

hold this new signed certificate. The process then becomes a broker.

Broker Service Protocol

All resource proxies send information of resources in charge to broker. So the bro-

ker can see the whole resources of grid computing system while the proxy can only

see parts of resources. When user requires a large quantity of resources, the broker

must offer its information in contrast to the locality of the resource proxy.

The workflow of Broker Service Protocol is shown as Fig. 2.

User ProxyResource

ProxyBroker

Mutual Authentication

Applying for Resources

Building Up aCoord ina t i ngA s s i g n m e n tScheme

Mutual Authentication

User Proxy ID andApplication Message

Process Certificate without signature

Sign Process Certificate

Process Certificate with signature

Handler of Process with signature

Resource-Assignment-OKMessage

Updating ResourceInformation

Check User-Authorization

Allotting Resources& Creating Process

Fig. 2. Workflow of Broker Service Protocol

Broker Service Protocol is illustrated below:


7/8

7

(1) User proxy and broker carry out mutual authentication. As a part of mutual au-

thentication, broker should check the expiration of the certificate.

(2) After mutual authentication, user proxy uses its proxy certificate add its signa-

ture to the message of applying for a lot of resources. Then user proxy sends this ap-

plication to broker.

(3) Having received the application, broker builds up a coordinating assignment

scheme by analyzing current resources available.

(4) In accordance with the assignment scheme, broker separates the full application

to small pieces, which can easily be found.

(5) Broker and resource proxy need mutual authentication if they are not in the

same trusted domain.

(6) When resources are available, broker sends resource proxy the user proxy ID

and application message that have already signed by broker with its own certificate.

(7) On receiving the user ID and application message, resource proxy allots the

corresponding resources to the user proxy.

(8) Resource proxy creates a resource-assignment-ok message signed with its own

certificate and then sends this message to broker.

(9) Broker updates its resource information while the resource-assignment-ok

message arrives.

5. More Adaptive to Dynamic Environment

When some resources join in the Grid Computing System, the system will create a

resource proxy for these resources. Resource proxy manages these resources and

sends the information about these resources to a broker. Then the broker can allocate

these resources to user. On the other hand, when some resources are failed or leave

the Grid Computing System, the resource proxy sends an update message to the bro-

ker. The broker receives this message and will not allocate these failed or leaved re-

sources to user. Mapping file is used to map users to resources. Mapping files are cre-

ated dynamically. So this mapping measure is adaptive to dynamic environment.

When the scale of Grid Computing System is not large, one resource proxy is

enough to manage all the resources; when the scale of Grid Computing System is in-creasing, two or more resource proxies are needed; Secondary user proxy and

multi-brokers are needed when the scale of Grid increases to a certain degree. Re-


8/8

8

source proxies directly manage the resources, so they can gather resources informa-

tion in time. Brokers gain information of resources from resource proxies, and

co-allocation these resources. Resource proxies cooperating with brokers, this make

the five-layered security architecture is adaptive to dynamic environment.

6. Conclusion

This paper analyzes security problems existing in Grid Computing System and de-

scribes the security mechanism of Grid Computing System. Several protocols are de-

fined at Grid Security Protocol Layer based on our security architecture model. Bro-

ker protocols in the schema are more adaptive to dynamic environments.

Reference

[1] Ian Foster and Carl Kesselman. The Grid: Blueprint for a New Computing Infrastructure.

Morgan Kaufmann Publishers, Inc., San Francisco, California, 1999.

[2] Ian Foster, Carl Kesselman, and Steven Tuecke. The Anatomy of the Grid: Enabling Scal-

able Virtual Organizations. International Journal of Supercomputer Applications, 2001.

[3] Ian Foster. Internet Computing and the Emerging Grid. Available from

http://www.nature.com/nature/webmatters/grid/grid.htm l.

[4] The Globus Project. Available from http://www.globus.org/

[5] Ian Foster and Carl Kesselman. Globus: A Meta-computing Infrastructure Toolkit. Interna-

tional Journal of Supercomputer Applications, 1996.

[6] Ian Foster and Carl Kesselman. The Globus Project: A Status Report. In Proc. Heterogene-

ous Computing Workshop. IEEE Computer Society Press, 1998.

[7] Ian Foster, Carl Kesselman, Gene Tsudik, and Steven Tuecke. A Security Architecture for

Computational Grids. Proc. 5th ACM Conference on Computer and Communications Secu-

rity Conference, 1998.

[8] Randy Butler Von Welch, Douglas Engert, Ian Foster, Steven Tuecke, John Volmer, Carl

Kesselman. A National-Scale Authentication Infrastructure, IEEE Computer, 33(12),

2000.
http://www.nature.com/nature/webmatters/grid/grid.htmlhttp://www.globus.org/http://www.globus.org/http://www.nature.com/nature/webmatters/grid/grid.html

289-research on security architecture and protocols of grid computing system

Documents