Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Daonity: Protocol Solutions to Grid Security Using Hardware Strengthened Software Environment

  • Conference paper
Security Protocols (Security Protocols 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5964))

Included in the following conference series:

  • 482 Accesses

Abstract

A central security requirement for grid computing can be referred to as behaviour conformity. This is an assurance that ad hoc related principals (users, platforms or instruments) forming a grid virtual organisation (VO) must each act in conformity with the rules for the VO constitution. Existing grid security practice has little means to enforce behaviour conformity and consequently falls short of satisfactory solutions to a number of problems.

Trusted Computing (TC) technology can add to grid computing the needed property of behaviour conformity. With TC using an essentially in-platform (trusted) third party, a principal can be imposed to have conformed behaviour and this fact can be reported to interested parties who may only need to be ad hoc related to the former. In this paper we report the Daonity system, a TC enabled emerging work in grid security standard, to manifest how behaviour conformity can help to improve grid security.

An Open Grid Forum Project (https://forge.gridforum.org/projects/tc-rg/) for developing a grid security standard, led by HP Labs China and participated by Wuhan University, Huazhong University of Science and Technology, Fudan University and Oxford University.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, Á., Gianoli, A., Lörentey, K., Spataro, F.: VOMS, an authorization system for virtual organizations. In: Fernández Rivera, F., Bubak, M., Gómez Tato, A., Doallo, R. (eds.) Across Grids 2003. LNCS, vol. 2970, pp. 33–40. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  2. Anderson, R.: TCPA/Palladium frequently asked questions (2003)

    Google Scholar 

  3. Arbaugh, B.: Improving the TCPA specification. In: IEEE Computer, pp. 77–79 (August 2002)

    Google Scholar 

  4. Atkinson, B., et al.: Specification: Web Services Security (WS-Security), Version 1.0, (April 05 2002)

    Google Scholar 

  5. Bair, R. (ed.), D. Agarwal, et al (contributors). National Collaboratories Horizons, Report of the August 10-12, National Collaboratories Program Meeting, the U.S. Department of Energy Office of Science (2004)

    Google Scholar 

  6. Bellovin, S.: Distributed Firewalls. ;login: pp. 39-47 (November 1999)

    Google Scholar 

  7. Bolosky, W.J., Douceur, J.R., Ely, D., Theimer, M.: Feasibility of a service distributed file system deployed on an existing set of desktop PCs. In: Proceedings of International Conference on Measurement and Modelling of Computer Systems, pp. 34–43 (2000)

    Google Scholar 

  8. Chadwick, D.W.: RBAC policies in XML for X.509 based privilege management. In: Proceedings of SEC 2002 (2002)

    Google Scholar 

  9. Foster, I., Kesselman, C.: The Grid: Blueprint for a New Computing Infrastructure. In: Computational Grids. ch. 2, pp. 15–51. Morgan Kaufmann, San Francisco (1999)

    Google Scholar 

  10. Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for Computational Grids. In: 5th ACM Conference on Computer and Communications Security, pp. 83–92 (1998)

    Google Scholar 

  11. Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the Grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications 15(3), 200–222 (2001)

    Article  Google Scholar 

  12. Freier, A.O., Karlton, P., Kocher, P.C.: The SSL Protocol, Version 3.0. INTERNET-DRAFT, draft-freier-ssl-version3-02. txt (November 1996)

    Google Scholar 

  13. Garfunkel, T., Rosenblum, M., Boneh, D.: Flexible OS support and applications for Trusted Computing. In: The 9th Hot Topics in Operating Systems, (HOTOS-IX) (2003)

    Google Scholar 

  14. Globus Toolkit 4, http://www-unix.globus.org/toolkit/

  15. Goldberg, R.: Survey of virtual machine research. IEEE Computer Magazine 7, 34–45 (1974)

    Article  Google Scholar 

  16. Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation — a virtual machine directed approach to trusted computing. In: VM 2004, USENIX (2004)

    Google Scholar 

  17. ITU-T. Rec. X.509 (revised) the Directory — Authentication Framework, International Telecommunication Union, Geneva, Switzerland (equivalent to ISO/IEC 9594-8:1995) (1993)

    Google Scholar 

  18. Marchesini, J., Smith, S., Wild, O., MacDonald, R.: Experimenting with TCPA/TCG hardware, or: How I learned to stop worrying and love the bear. Technical Report TR2003-476, Department of Computer Science, Dartmouth College, Hanover, New Hampshire (December 2003)

    Google Scholar 

  19. Martin, A., Cook, C.: Grids and VPNs are antithetical. In: Chivers, H., Martin, A. (eds.) Workshop on Grid Security Practice and Experience (2004)

    Google Scholar 

  20. Novotny, J., Teucke, S., Welch, V.: An Online Credential Repository for the Grid: MyProxy. In: Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC-10), IEEE Press, Los Alamitos (August 2001)

    Google Scholar 

  21. Open Grid Forum. Overview of the GSI, http://www.globus.org/security/overview.html

  22. Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A Community Authorization Service for Group Collaboration. In: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks, p. 50 (2002)

    Google Scholar 

  23. RSA Security. PKCS#11 v2.20: Cryptographic Token Interface Standard (June 2004), http://www.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf

  24. Safford, D.: Clarifying misinformation on TCPA (October 2002)

    Google Scholar 

  25. Servers Unilization, http://www.serverwatch.com/

  26. Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment. ACM Transactions on Information and System Security (TISSEC) 6(4), 566–588 (2003)

    Article  Google Scholar 

  27. TrouSerS. The Open-Source TCG Software Stack, http://www.trousers.sourceforge.net/

  28. Trusted Computing Group, http://www.trustedcomputinggroup.org

  29. Trusted Computing Research Group, Open Grid Forum, http://www.forge.gridforum.org/projects/tc-rg/

Download references

Author information

Authors and Affiliations

  1. Hewlett-Packard Laboratories, China

    Wenbo Mao

  2. Wuhan University, China

    Fei Yan

  3. Huazhong University of Science and Technology, China

    Chuanjiang Yi

  4. Fudan University, China

    Haibo Chen

Authors
  1. Wenbo Mao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fei Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chuanjiang Yi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Haibo Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, University of Hertfordshire, AL10 9AB, Hatfield, UK

    Bruce Christianson  & James A. Malcolm  & 

  2. University of Trento, Trento, Italy

    Bruno Crispo

  3. Microsoft Research Ltd.,, Roger Needham Building, 7 JJ Thomson Avenue, CB3 0FB, Cambridge, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mao, W., Yan, F., Yi, C., Chen, H. (2010). Daonity: Protocol Solutions to Grid Security Using Hardware Strengthened Software Environment. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2007. Lecture Notes in Computer Science, vol 5964. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17773-6_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17773-6_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17772-9

  • Online ISBN: 978-3-642-17773-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation