Information Technology Reference
In-Depth Information
4
Conclusions
During the last decade the notion of GRID Computing has emerged from that of Dis-
tributed Computing. GRID architectures form the next logical step in computing in-
frastructure following a path from standalone systems to tightly linked clusters, enter-
prise-wide clusters and geographically dispersed computing environments. Although
such architectures can be characterized as state-of-the-art technology, they are, at the
same time, a major contributor to some of the problems associated with the design
and implementation of a secure environment, especially when combined with the
continuously increasing user mobility. By allowing users to access services from
virtually anywhere, the universe of ineligible people who may attempt to harm the
system is dramatically expanded.
Several security architectures have been described in the literature, some of them
being evaluated in section 3 of this paper. The aim was to investigate to what extend
the GRID security requirements (presented in section 2) were fulfilled by these archi-
tectures. The evaluation results were presented in
Table 1
.
It has been revealed that none of the proposed security architectures fulfill, in an
acceptable way, the entire list if GRID security requirements. However, this is not
unexpected since the area of 'GRID Security' is still in very early stages. Neverthe-
less, several security requirements are fulfilled through various security mechanisms.
For instance, strong encryption mechanisms have been employed for ensuring the
confidentiality, integrity and availability of information (GSI), intelligent techniques
have been developed for identifying and authorizing entities (e.g. Legion, Globe),
while some of the proposed architectures deal more successfully with elaborate secu-
rity issues such as firewall traversal (e.g. OGSA security architecture).
References
1. Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the GRID. Enabling Scalable Virtual
Organizations, International J. Supercomputer Applications, 15(3) (2001)
2. Foster, I., Kesselman, C.: The GRID: Blueprint for a Future Computing Infrastructure.
Morgan Kaufman (1999)
3. Johnston, W.E., Jackson, K.R., Talwar S.: Overview of security considerations for computa-
tional and data GRIDs. In: Proceedings of the 10
th
IEEE International Symposium on High
Performance Distributed Computing (2001)
4. Nagaratnam, N., Janson P., Dayka, J., Nadalin, A., Siebenlist, F., Welch, V., Foster, I.,
Tuecke, S.: The Security Architecture for Open GRID Services. Technical Paper, Open
GRID Service Architecture Security Working Group (OGSA-SEC-WG) (July 2002)
5. Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A Security Architecture for Computational
GRID. In the Proceedings of the 5
th
ACM Conference on Computer and Communications
Security Conference (1998) 83-92
6. Chapin, S., Wang, C., Wulf, W., Knabe, F., Grimshaw, A.: A New Model of Security for
Metasystems. Future Generation Computer Systems, Vol. 15 (5-6) (1999) 713-722
7. Ferrari, A., Knabe, F., Humphrey, M., Chapin, S., Grimshaw, A.: A Flexible Security Sys-
tem for Metacomputing Environments. Technical Report CS-98-36, Department of Com-
puter Science, University of Virginia (December 1998)
8. Butler, R., Engert, D., Foster, I., Kesselman, C., Tuecke, S., Volmer, J., Welch, V.: A Na-
tional-Scale Authentication Infrastructure, IEEE Computer, 33(12) (2000) 60-66
