Authorisation Infrastructure for On-Demand Grid and Network Resource Provisioning

Demchenko, Yuri; Cristea, Mihai; Laat, Cees de; Haleplidis, Evangelos

doi:10.1007/978-3-642-11733-6_2

Cited by 7 publications

(6 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the general case of multi-provider and multi-tenant eScience cooperative environment, the e-SDI security infrastructure should support on-demand created and dynamically configured user groups and associations, potentially re-using existing experience in managing Virtual Organisations (VO) and VO-based access control in Computer Grids [37,38].…”

Section: A Security and Trust In Cloud Based Infrastructurementioning

confidence: 99%

Addressing big data issues in Scientific Data Infrastructure

Demchenko

Grosso

Laat

et al. 2013

2013 International Conference on Collaboration Technologies and Systems (CTS)

Self Cite

381

247

View full text Add to dashboard Cite

Abstract-Big Data are becoming a new technology focus both in science and in industry. This paper discusses the challenges that are imposed by Big Data on the modern and future Scientific Data Infrastructure (SDI). The paper discusses a nature and definition of Big Data that include such features as Volume, Velocity, Variety, Value and Veracity. The paper refers to different scientific communities to define requirements on data management, access control and security. The paper introduces the Scientific Data Lifecycle Management (SDLM) model that includes all the major stages and reflects specifics in data management in modern e-Science. The paper proposes the SDI generic architecture model that provides a basis for building interoperable data or project centric SDI using modern technologies and best practices. The paper explains how the proposed models SDLM and SDI can be naturally implemented using modern cloud based infrastructure services provisioning model and suggests the major infrastructure components for Big Data Infrastructure.

show abstract

Section: A Security and Trust In Cloud Based Infrastructurementioning

confidence: 99%

Addressing big data issues in Scientific Data Infrastructure

Demchenko

Grosso

Laat

et al. 2013

2013 International Conference on Collaboration Technologies and Systems (CTS)

Self Cite

381

247

View full text Add to dashboard Cite

show abstract

“…Another example of the ForCES expressive power is [64], where ForCES is used to setup Tokens in custom-defined LFB for a Token-Based security approach on a network processor via a web-service that has the role of a proxy-CE. Another example is the tunnel setup for the packet gateway (PGW) for LTE networks [65].…”

Section: Discussionmentioning

confidence: 99%

Network Programmability With ForCES

Haleplidis

Salim²,

Halpern

et al. 2015

IEEE Commun. Surv. Tutorials

Self Cite

View full text Add to dashboard Cite

Network programmability has re-emerged as top item of the networking research agenda as Software Defined Networking (SDN) gained wide acceptance simultaneously in vendor product line plans and operator expectations for future deployments. One of the key ingredients for the successful deployment of SDN technologies are standardized models, mechanisms, and protocols for the separation of the control and forwarding planes. The Internet Engineering Task Force (IETF) standardization effort on Forwarding and Control Element Separation (ForCES) has published a set of standards track documents which specify in detail a comprehensive architectural framework and the respective standard protocols which can be employed to implement the separation of these two planes in a flexible, scalable and vendor-agnostic yet fully interoperable manner. The IETF standards on ForCES define how to achieve said separation through a complete and modular system model of the forwarding plane elements. In the ForCES model every network element is composed of numerous logically separate and well-defined functional entities that cooperate to provide the desired overall functionality, such as a routing or IP switching. The elegance of the model lies in the fact that a ForCES-based implementation of a network element is indistinguishable from a traditional ("closed-box") network element and therefore can be deployed in the field without any need for migration to a new architecture. Conversely, ForCES allows for rapid prototyping and agile deployment of new architectures as emphasis is placed on software-defined functionality and full programmability. The difference of ForCES from other SDN approaches that depend on logically centralized controllers and the deployment of solely simple or "dumb" switches is that ForCES standards provide a complete toolbox to design, implement, and interoperate ForCES-based network elements with both previously deployed infrastructures as well as in experimental or early-deployment phase endeavors. An example of the former is the implementation of 3GPP-standardized network elements such as a packet gateway (PGW). Examples of the latter include the use of ForCES for network function virtualization (NFV) proves-ofconcepts. This paper surveys the programmable networks and SDN area and provides a comprehensive tutorial on ForCES by summarizing numerous standards documents and thus making the technology easily understood by the wider research community. We present the design goals, choices and tradeoffs for this standardized approach for network programmability and provide a thorough primer on the ForCES model and protocol. The article also surveys recent independent interoperable implementations that showcase the full spectrum of ForCES applications in the era of NFV and SDN.

show abstract

“…In the proposed DACI we re-use the authorisation tokens as a session context management mechanisms initially proposed by authors in the GAAA-NRP and used for authorisation (AuthZ) session context management in multidomain network resource provisioning [28]. Tokens as session credentials are abstract constructs that refer to the related session context stored in the provisioned resources or services.…”

Section: Dynamically Provisioned Access Control Infrastructure (Daci)mentioning

confidence: 99%

Security Infrastructure for On-demand Provisioned Cloud Infrastructure Services

Demchenko

Ngo

Laat

et al. 2011

2011 IEEE Third International Conference on Cloud Computing Technology and Science

Self Cite

View full text Add to dashboard Cite

Abstract-Providing consistent security services in on-demand provisioned Cloud infrastructure services is of primary importance due to multi-tenant and potentially multi-provider nature of Clouds Infrastructure as a Service (IaaS) environment. Cloud security infrastructure should address two aspects of the IaaS operation and dynamic security services provisioning: (1) provide security infrastructure for secure Cloud IaaS operation; (2) provisioning dynamic security services, including creation and management of the dynamic security associations, as a part of the provisioned composite services or virtual infrastructures. The first task is a traditional task in security engineering, while dynamic provisioning of managed security services in virtualised environment remains a problem and requires additional research. In this paper we discuss both aspects of the Cloud Security and provide suggestions about required security mechanisms for secure data management in dynamically provisioned Cloud infrastructures. The paper refers to the architectural framework for on-demand infrastructure services provisioning, being developed by authors, that provides a basis for defining the proposed Cloud Security Infrastructure. The proposed SLA management solution is based on the WS-Agreement and allows dynamic SLA management during the whole provisioned services lifecycle. The paper discusses conceptual issues, basic requirements and practical suggestions for dynamically provisioned access control infrastructure (DACI). The paper proposes the security mechanisms that are required for consistent DACI operation, in particular security tokens used for access control, policy enforcement and authorisation session context exchange between provisioned infrastructure services and Cloud provider services. The suggested implementation is based on the GAAA Toolkit Java library developed by authors that is extended with the proposed Common Security Services Interface (CSSI) and additional mechanisms for binding sessions and security context between provisioned services and virtualised platform.

show abstract

Authorisation Infrastructure for On-Demand Grid and Network Resource Provisioning

Cited by 7 publications

References 11 publications

Addressing big data issues in Scientific Data Infrastructure

Addressing big data issues in Scientific Data Infrastructure

Network Programmability With ForCES

Security Infrastructure for On-demand Provisioned Cloud Infrastructure Services

Contact Info

Product

Resources

About