A Mediated Definite Delegation Model allowing for Certified Grid Job Submission

Details A Mediated Definite Delegation Model allowing for Certified Grid Job Submission A Mediated Definite Delegation Model allowing for Certified Grid Job Submission

2011-12-12

arxiv.org/abs/1112.2444v1

Computer Science

Distributed, Parallel, and Cluster Computing

Scientific paper

Grid computing infrastructures need to provide traceability and accounting of their users" activity and protection against misuse and privilege escalation. A central aspect of multi-user Grid job environments is the necessary delegation of privileges in the course of a job submission. With respect to these generic requirements this document describes an improved handling of multi-user Grid jobs in the ALICE ("A Large Ion Collider Experiment") Grid Services. A security analysis of the ALICE Grid job model is presented with derived security objectives, followed by a discussion of existing approaches of unrestricted delegation based on X.509 proxy certificates and the Grid middleware gLExec. Unrestricted delegation has severe security consequences and limitations, most importantly allowing for identity theft and forgery of delegated assignments. These limitations are discussed and formulated, both in general and with respect to an adoption in line with multi-user Grid jobs. Based on the architecture of the ALICE Grid Services, a new general model of mediated definite delegation is developed and formulated, allowing a broker to assign context-sensitive user privileges to agents. The model provides strong accountability and long- term traceability. A prototype implementation allowing for certified Grid jobs is presented including a potential interaction with gLExec. The achieved improvements regarding system security, malicious job exploitation, identity protection, and accountability are emphasized, followed by a discussion of non- repudiation in the face of malicious Grid jobs.

Affiliated with

Also associated with

No associations

Rating

A Mediated Definite Delegation Model allowing for Certified Grid Job Submission does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.

If you have personal experience with A Mediated Definite Delegation Model allowing for Certified Grid Job Submission, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and A Mediated Definite Delegation Model allowing for Certified Grid Job Submission will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFWR-SCP-O-708362