An improved grid security infrastructure by trusted computing
Tóm tắt
Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.
Tài liệu tham khảo
Foster I, Kesselman C, Tsudk G,et al. A Security Architecture for Computational Grids [C]//Proc of the Fifth ACM Conference on Computer and Communications Security. Washington: ACM Press, 1998:83–92.
Novotny J, Tueke S, Welch V. An Online Credential Repository for the Grid: MyProxy [C]//Proc of the Tenth IEEE International Symposium on High Performance Distributed Computing. New York: IEEE Press, 2001:104–111.
Humphrey M, Thompson M, Jackson K R. Security for Grids [J].Proc of the IEEE (Special Issue on Grid Computing), 2005,93(3):644–652.
Pearlman L, Welch V, Foster I,et al. A Community Authorization Service for Group Collaboration [C]//Proc of IEEE 3rd Int Workshop on Policies for Distributed Systems and Networks. New York: IEEE Press, 2002:50–59.
Trusted Computing Group.TCG Specification, Architecture Overview, Spec Revision 1. 2 [R]. Beaverton, Oregon, USA: TCG, April, 2004.
Department of Defense Computer Security Center. DoD 5200. 28-STD.Department of DeFense Trusted Computer System Evaluation Criteria [S/OL]. [2006-01-06].http://www. fas. org/irp/nsa/rainbow.
Marchesini J, Smith S W. SHEMP: Secure Hardware Enhanced MyProxy [C]//Proc of Third Annual Conference on Privacy, Security and Trust. The Fairmont Algonquin St Andrews, New Brunswick, Canada, October, 2005.
Lorch M, Basney J, Kafura D. A Hardware-Secured Credential Repository for Grid PKIs [C]//Proc of 4th IEEE/ACM International Symposium on Cluster Computing and the Grid. New York: IEEE Press, 2004:640–647.
Yan Fei, Qiang Weizhong, Shen Zhidong,et al. Daonity: An Experience on Enhancing Grid Security by Trusted Computing Technology [C]//Proc of 3rd International Conference on Autonomic and Trusted Computing. Wuhan, Hubei, China, September, 2006.
Mao W, Daonity Team. Daonity Specification Part I: Design [EB/OL]. [2006-02-27].http://forge. gridforum. org/project/tc-rg.
Dyer J, Lindemann M, Perez R,et al. Building the IBM 4758 Secure Coprocessor [J].IEEE Computer, 2001,34 (10):57–66.