Article

Free access

Joint Policy Management and Auditing in Virtual Organizations

Authors:

Timothy J. Smith,

Lavanya RamakrishnanAuthors Info & Claims

GRID '03: Proceedings of the 4th International Workshop on Grid Computing

Page 117

Published: 17 November 2003 Publication History

Abstract

A major problem facing organizations using grid-computingmodels is the reluctance to participate in multi-organizationalcollaborative environments due to securityconcerns, such as unauthorized access, and fair resourceusage. The Joint control of Virtual Organizations (JoVO)framework enables organizations to form a unified VO, withjointly agreed, knowable and enforceable security policies.The JoVO framework is based on the fault and intrusiontolerant joint control of identity, attributes, and access controlpolicy through the use of threshold-based certificationauthorities. We propose a set of agents, the Credential ManagementAgent and Identity and Authorization Agent to aidgrid services when operating in a multi-domain environment.One of the key areas of concern in grid computingis the assurance of all parties involved that security policiesare appropriate and will be enforced. We propose anautomated distributed audit agent framework consisting ofwhite-box and black-box service testing for joint validationof access control policy.

References

[1]

Shibboleth Architecture Draft v05.

[2]

Virtual Organization Membership Service(VOMS) Architecture.

[3]

Liberty Alliance Version 1.1 Specification. November 2002.

[4]

Security Assertion Markup Language (SAML) 1.0 Specification. OASIS, November 2002.

[5]

C. Adams and S. Farrell. Internet X.509 Public Key Infrastructure Certificate Management Protocols. RFC 2510, IETF, March 1999.

Digital Library

[6]

D. Boneh and M. Franklin. Efficient generation of shared RSA keys. Crypto '97, Lecture Notes in Computer Science, Springer Verlag, 1233:425-439, 1997.

Digital Library

[7]

G. T. Byrd, F. Gong, C. Sargor, and S. T. J. Yalta: A Secure Collaborative Space for Dynamic Coalitions. IEEE 2nd SMC Information Assurance Workshop, West Point, New York, 2001.

[8]

T. Dierks and C. Allen. The TLS Protocol Verson 1.0. RFC2246, IETF, January 1999.

Digital Library

[9]

I. Foster, C. Kesselman, J. Nick, and S. Tuecke. The Physiology of the Grid: An Open Grid Service Architecture for Distributed Systems Integration. Open Grid Services Architecture WG, Global Grid Forum, 2.9(Draft), June 2002.

Digital Library

[10]

I. Foster, C. Kesselman, G. Tsudik, and S. Tuecke. A Security Architecture for Computational Grids. Proceedings of 5th ACM Conference on Computer and Communications Security Conference, pages 83-92, 1998.

Digital Library

[11]

I. Foster, C. Kesselman, and S. Tuecke. The Anatomy of the Grid Enabling Scalable Virtual Organizations. International Journal:Supercomputer Applications, 2001.

Digital Library

[12]

M. Lorch and D. Kafura. Supporting Secure Ad-hoc User Collaboration in Grid Environments. Proceedings of 3rd International Workshop on Grid Computing, Baltimore, November 2002.

Digital Library

[13]

M. Malkin, T. Wu, and D. Boneh. Experimenting with shared generation of RSA keys. Proceedings of the Internet Society's 1999 Symposium on Network and Distributed System Security(SNDSS), pages 43-56, 1999.

[14]

A. Malpani, P. Hoffman, and R. Housley. Simple Certificate Validation Protocol (SCVP). IETF Internet Draft, November 2000.

[15]

M. Myers, R. Ankey, A. Malpani, S. Galpering, and C. Adams. X.509 internet public key infrastructure Online Certificate Status Protocol (OCSP). RFC 2560, IETF, June 1999.

Digital Library

[16]

G. C. Necula and P. Lee. Proof-Carrying Code. Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages(POPL'97), 1997.

Digital Library

[17]

J. Novotny, S. Tuecke, and V. Welch. An Online Credential Repository for the Grid: MyProxy. Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC-10), IEEE Press, August 2001.

Digital Library

[18]

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A Community Authorization Service for Group Collaboration. Proceedings of IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002, 2002.

Digital Library

[19]

L. Ramakrishnan, H. Rehn, J. Alameda, R. Ananthakrishnan, M. Govindaraju, A. Slominski, K. Connelly, V. Welch, D. Gannon, R. Bramley, and S. Hampton. An Authorization Framework for a Grid Based Component Architecture. Grid 2002, pages 169-180.

Digital Library

[20]

V. Shoup. Practical Threshold Signatures. In Theory and Application of Cryptographic Tehniques, pages 207-220, 2000.

Digital Library

[21]

T. J. Smith, G. T. Byrd, X. Wu, K. Thangavelu, R. Wang, and A. Shah. Dynamic PKI and Secure Tuplespaces for Distributed Coalitions. DARPA Information Survivability Conference and Expo III, April 2003.

[22]

B. Tierney, R. Aydt, D. Gunter, W. Smith, M. Swany, V. Taylor, and R. Wolksi. A Grid Monitoring Architecture. GGF Document, GFD(1.7).

Cited By

Tuglular T(2018)Location aware self-adapting firewall policiesWSEAS TRANSACTIONS on COMMUNICATIONS10.5555/1456091.14560957:6(563-573)Online publication date: 21-Dec-2018
https://dl.acm.org/doi/10.5555/1456091.1456095
Jin HQiang WShi XZou D(2005)VO-secProceedings of the 10th Australasian conference on Information Security and Privacy10.1007/11506157_31(370-381)Online publication date: 4-Jul-2005
https://dl.acm.org/doi/10.1007/11506157_31

Index Terms

Joint Policy Management and Auditing in Virtual Organizations

Recommendations

Access control policy management
Conflicts in Policy-Based Distributed Systems Management

Modern distributed systems contain a large number of objects and must be capable of evolving, without shutting down the complete system, to cater for changing requirements. There is a need for distributed, automated management agents whose behavior also ...
Policy and Enforcement in Virtual Organizations
GRID '03: Proceedings of the 4th International Workshop on Grid Computing

Arguably, the main goal of Grid Computing is to facilitatethe creation of Virtual Organizations (VOs); however, todate, not enough attention has been placed on the policiesand mechanisms by which these VOs will operate. Thecore of the VO--roughly, the ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

GRID '03: Proceedings of the 4th International Workshop on Grid Computing

November 2003

205 pages

ISBN:076952026X

Copyright © Copyright (c) 2003 Institute of Electrical and Electronics Engineers, Inc. All rights reserved.

Publisher

IEEE Computer Society

United States

Publication History

Published: 17 November 2003

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
145
Total Downloads

Downloads (Last 12 months)27
Downloads (Last 6 weeks)7

Reflects downloads up to 26 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Tuglular T(2018)Location aware self-adapting firewall policiesWSEAS TRANSACTIONS on COMMUNICATIONS10.5555/1456091.14560957:6(563-573)Online publication date: 21-Dec-2018
https://dl.acm.org/doi/10.5555/1456091.1456095
Jin HQiang WShi XZou D(2005)VO-secProceedings of the 10th Australasian conference on Information Security and Privacy10.1007/11506157_31(370-381)Online publication date: 4-Jul-2005
https://dl.acm.org/doi/10.1007/11506157_31

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents