Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Dynamic, Context-Aware, Least-Privilege Grid Delegation
KTH, Skolan för datavetenskap och kommunikation (CSC), Centra, Parallelldatorcentrum, PDC.
KTH, Skolan för datavetenskap och kommunikation (CSC), Centra, Parallelldatorcentrum, PDC. (Parallelldatorcentrum)
2007 (engelsk)Inngår i: 8th IEEE/ACM International Conference on Grid Computing, New York: IEEE , 2007, s. 209-216Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Performing delegation in large scale, dynamic and distributed environments with large numbers of shared resources is more challenging than inside local administrative domains. In dynamic environments like Grids, on one hand, delegating a restricted set of rights reduces exposure to attack but also limits the flexibility and dynamism of the application; on the other hand, delegating all rights provides maximum flexibility but increases exposure. This issue has not yet been adequately addressed by current Grid security mechanisms and is becoming a very challenging and crucial issue for future Grid development. Therefore, providing an effective delegation mechanism which meets the requirements of the least privilege principle is becoming an essential need. Furthermore, we are witnessing a phenomenal increase in the automation of organizational tasks and decision making, as well as the computerization of information related services, requiring automated delegation mechanisms. In order to meet these requirements we introduce an Active Delegation Framework which extends our previous work on on-demand delegation, making it context-aware. The framework provides a just-in-time, restricted and dynamic delegation mechanism for Grids. In this paper we describe the development of this framework and its implementation and integration with the Globus Toolkit.

sted, utgiver, år, opplag, sider
New York: IEEE , 2007. s. 209-216
Emneord [en]
Decision making, Mechanisms, Problem solving
HSV kategori
Identifikatorer
URN: urn:nbn:se:kth:diva-9932ISI: 000253412400012Scopus ID: 2-s2.0-47249133315ISBN: 978-1-4244-1559-5 (tryckt)OAI: oai:DiVA.org:kth-9932DiVA, id: diva2:159670
Konferanse
8th IEEE/ACM International Conference on Grid Computing, GRID 2007;Austin, TX;19 September 2007 through 21 September 2007
Merknad
QC 20100621Tilgjengelig fra: 2009-02-09 Laget: 2009-02-09 Sist oppdatert: 2018-01-13bibliografisk kontrollert
Inngår i avhandling
1. On-demand Restricted Delegation: A Framework for Dynamic, Context-Aware, Least-Privilege Delegation in Grids
Åpne denne publikasjonen i ny fane eller vindu >>On-demand Restricted Delegation: A Framework for Dynamic, Context-Aware, Least-Privilege Delegation in Grids
2009 (engelsk)Doktoravhandling, med artikler (Annet vitenskapelig)
Abstract [en]

In grids, delegation is a key facility that can be used to authenticate and authorize requests on behalf of disconnected users. In current grid systems,delegation is either performed dynamically, in an unrestricted manner, or by a secure but static method. Unfortunately, the former compromises security and the latter cannot satisfy the requirements of dynamic grid application execution. Therefore, development of a delegation framework that enables a restricted and flexible delegation mechanism becomes increasingly urgent as grids are adopted by new communities and grow in size. The main barriers in development of such a mechanism are the requirements for dynamic execution of grid applications, which make it difficult to anticipate required access rights for completing tasks in advance.

Another significant architectural requirement in grids is federated security and trust. A considerable barrier to achieving this is cross-organizational authentication and identification. Organizations participating in Virtual Organizations (VOs) may use different security infrastructures that implement different protocols for authentication and identification; thus, there exists a need to provide an architectural mechanism for lightweight, rapid and interoperable translation of security credentials from an original format to a format understandable by recipients.

This thesis contributes the development of a delegation framework that utilizes a mechanism for determining and acquiring only required rights and credentials for completing a task, when they are needed. This is what we call an on-demand delegation framework that realizes a bottom-up delegation model and provides a just-in-time acquisition of rights for restricted and dynamic delegation.

In this thesis, we further contribute the development of a credential mapping mechanism using off-the-shelf standards and technologies. This mechanism provides support for an on-the-fly exchange of different types of security credentials used by the security mechanisms of existing grids.

sted, utgiver, år, opplag, sider
Stockholm: Universitetsservice US AB, 2009. s. xi, 62
Serie
Trita-CSC-A, ISSN 1653-5723 ; 2009:01
Emneord
Grid Security, Restricted and Context-Aware Delegation, Delegation Protocol, On-demand Delegation, Dynamic Trust Federation, Grid Interoperability, Credential Mapping
HSV kategori
Identifikatorer
urn:nbn:se:kth:diva-9930 (URN)978-91-7415-219-7 (ISBN)
Disputas
2009-02-16, Sal F3, Flodis, KTH, Linstedsvägen 26, Stockholm, 13:00 (engelsk)
Opponent
Veileder
Merknad
QC 20100622Tilgjengelig fra: 2009-02-09 Laget: 2009-02-09 Sist oppdatert: 2018-01-13bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Scopus

Søk i DiVA

Av forfatter/redaktør
Ahsant, MehranJohnsson, Lennart
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar

isbn
urn-nbn

Altmetric

isbn
urn-nbn
Totalt: 713 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf