Re-thinking Grid Security Architecture

Demchenko, Yuri; Laat, Cees de; Koeroo, O.; Groep, David

doi:10.1109/escience.2008.53

Cited by 17 publications

(12 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Grid security architecture is primarily based on the Virtual Organisations (VO) that are created by the cooperating organisations that share resources (which however remain in their their ownership) based on mutual agreement between VO members and common VO security policy. In Grids, VO actually acts as a federation of the users and resources that enables federated access control based on the federated security and trust model [20,21].…”

Section: A Paradigms Change and General Challangesmentioning

confidence: 99%

“…We refer in this paper to the Security Services Lifecycle Management (SSLM) model proposed by authors in earlier work [20]. The SSLM describes security services operation in generically distributed multidomain environment and extends the existing SLM frameworks (and SDF in particular) with the additional stages "Reservation Session Binding" (as part of the SDF reservation stage) and "Registration and Synchronisation" (as part of the SDF deployment stage), which specifically target such scenarios as the provisioned services/resources restoration, upgrade or migration (in the framework of the active provisioning session) and provide necessary mechanisms for remote data protection by binding them to the provisioning session context and remote run-time environment.…”

Section: Security Services Lifecycle Managementmentioning

confidence: 99%

See 1 more Smart Citation

Security Infrastructure for On-demand Provisioned Cloud Infrastructure Services

Demchenko

Ngo

Laat

et al. 2011

2011 IEEE Third International Conference on Cloud Computing Technology and Science

Self Cite

View full text Add to dashboard Cite

Abstract-Providing consistent security services in on-demand provisioned Cloud infrastructure services is of primary importance due to multi-tenant and potentially multi-provider nature of Clouds Infrastructure as a Service (IaaS) environment. Cloud security infrastructure should address two aspects of the IaaS operation and dynamic security services provisioning: (1) provide security infrastructure for secure Cloud IaaS operation; (2) provisioning dynamic security services, including creation and management of the dynamic security associations, as a part of the provisioned composite services or virtual infrastructures. The first task is a traditional task in security engineering, while dynamic provisioning of managed security services in virtualised environment remains a problem and requires additional research. In this paper we discuss both aspects of the Cloud Security and provide suggestions about required security mechanisms for secure data management in dynamically provisioned Cloud infrastructures. The paper refers to the architectural framework for on-demand infrastructure services provisioning, being developed by authors, that provides a basis for defining the proposed Cloud Security Infrastructure. The proposed SLA management solution is based on the WS-Agreement and allows dynamic SLA management during the whole provisioned services lifecycle. The paper discusses conceptual issues, basic requirements and practical suggestions for dynamically provisioned access control infrastructure (DACI). The paper proposes the security mechanisms that are required for consistent DACI operation, in particular security tokens used for access control, policy enforcement and authorisation session context exchange between provisioned infrastructure services and Cloud provider services. The suggested implementation is based on the GAAA Toolkit Java library developed by authors that is extended with the proposed Common Security Services Interface (CSSI) and additional mechanisms for binding sessions and security context between provisioned services and virtualised platform.

show abstract

Section: A Paradigms Change and General Challangesmentioning

confidence: 99%

Section: Security Services Lifecycle Managementmentioning

confidence: 99%

Security Infrastructure for On-demand Provisioned Cloud Infrastructure Services

Demchenko

Ngo

Laat

et al. 2011

2011 IEEE Third International Conference on Cloud Computing Technology and Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Grid security architecture is primarily based on the Virtual Organisations (VO) that are created by the cooperating organisations that share resources (which however remain in their remaining in their ownership) based on mutual agreement between VO members and common VO security policy. In Grids, VO actually acts as a federation of the users and resources that enables federated access control based on the federated trust and security model [19,20].…”

Section: B Security Paradigm Shift In Cloud Computing As Infrastructmentioning

confidence: 99%

Security Services Lifecycle Management in On-Demand Infrastructure Services Provisioning

Demchenko

Laat

López³

et al. 2010

2010 IEEE Second International Conference on Cloud Computing Technology and Science

Self Cite

View full text Add to dashboard Cite

Abstract-Modern e-Science and high technology industry require high-performance and complicated network and computer infrastructure to support distributed collaborating groups of researchers and applications that should be provisioned on-demand. The effective use and management of the dynamically provisioned services can be achieved by using the Service Delivery Framework (SDF) proposed by TeleManagement Forum that provides a good basis for defining the whole services life cycle management and supporting infrastructure services. The paper discusses conceptual issues, basic requirements and practical suggestions for provisioning consistent security services as a part of the general e-Science infrastructure provisioning, in particular Grid and Cloud based. The proposed Security Services Lifecycle Management (SSLM) model extends the existing frameworks with additional stages such as "Reservation Session Binding" and "Registration and Synchronisation" that specifically target such security issues as the provisioned resources restoration, upgrade or migration and provide a mechanism for remote executing environment and data protection by binding them to the session context. The paper provides a short overview of the existing standards and technologies and refers to the ongoing projects and experience in developing dynamic distributed security services.

show abstract

“…For grid computing the security is based on public key infrastructure (PKI). Kerberos password etc [9]. Hasan et al, introduced threat model named CIAA threat model.…”

Section: Security In Distributed Syatemmentioning

confidence: 99%

Accessing the Data Security Model in Distributed System

Agarwal¹,

Agarwal²

2012

IJAIS

View full text Add to dashboard Cite

This research deals with the comparative study of distributed system and client/server computer system, placing a special emphasis is on security system. The researches describe the data security in these systems by describing them; examine their issues, challenges and presenting the adequate solutions. We have selected four type of distributed system and included a report on the basis of authorization, authentication, encryption, access control.

show abstract

Re-thinking Grid Security Architecture

Cited by 17 publications

References 12 publications

Security Infrastructure for On-demand Provisioned Cloud Infrastructure Services

Security Infrastructure for On-demand Provisioned Cloud Infrastructure Services

Security Services Lifecycle Management in On-Demand Infrastructure Services Provisioning

Accessing the Data Security Model in Distributed System

Contact Info

Product

Resources

About