As computer and network systems are vulnerable to attacks, abandoning the existing
huge infrastructure of possibly-insecure computer and network systems is impossible, as
well as replacing them with totally secure systems may not be feasible or cost effective. A
common element in many attacks is that a single user will often attempt to intrude upon
multiple resources throughout the network. Detecting the attack can become significantly
easier by compiling and integrating evidence of such intrusion attempts across the
network rather than attempting to assess the situation from the vantage point of only a
single host. This thesis proposes a system to provide security for the grid infrastructure
where authorization and authentication will be made scalable by setting up an
authorization framework at the resource provider’s end. This intends to relieve the grid
infrastructure from having to take responsibility of authorization, and also improves the
resource provider’s trust in the request from the data portal as the authorization
information will be from its own organizational authorization server. We will
demonstrate that this architecture is secure, scalable, and robust, by improving the
existing authorization mechanism.

References

[1] A. Manandhar, G. Drinkwater, R. Tyer, K. Kleese, “GRID Authorization Framework for CCLRC Data Portal,” CCLRC – Daresbury Laboratory, Warrington, Cheshire, WA44AD, UK, All Hands Meeting, pp 1-6 2-4th September, 2003.

[2] A. Schulter, J. Albuquerque Reis, F. Koch, C. Becker Westphall, “A Grid-based Intrusion Detection System,” IEEE International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL'06) Brazil, pp 1-6, 2006.

[3] B. Atkinson, Specification: “Proceedings of the 2003 ACM workshop on XML security,” Web Services Security (WS-Security), Virginia, Version 1.0, pp 1 – 10, April 2003.

[4] B. C. Neuman and T. Ts’o, “Kerberos: An authentication service for computer networks,”. IEEE Communications Magazine, 32(9), pp 33-38, September 1994.

[5] C. Bettini, S. Jajodia, X.S. Wang, and Wijesekera, “Obligation Monitoring in Policy Management,” Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks, Washington, pp 1-2, 2002.

[6] CCITT Recommendation, X.509: The Directory – Authentication Framework. 2002.

[7] D. Chadwick and O.Otenko. “The PERMIS X.509 role based privilege management infrastructure,” in 7th ACM Symposium on Access Control Models and Technologies, Salford, pp 1-18, December 2002.

[8] D. Stainforth, A. Martin, A. Simpson, C. Christensen, J. Kettleborough, T. Aina, and M. Allen, “Security principles for public resource modeling research,” In IASTED, Greece, pp 595-598, 2002.

[9] F. Cuppens, and A. Miege, “Alert correlation in a cooperative intrusion detection framework”, IEEE Symposium on Security and Privacy, pp.187–200, 2002.

[10] Globus Project and Globus Toolkit trademarks held by the University of Chicago, http://www.globus.org/privacy.

[11] H. Debar, “Towards a Taxonomy of Intrusion-Detection Systems,” IBM Research Report 93076, Zurich, pp 1-16, 1998.

[12] H.P. Hu, H.B. Yao, “A Scheme for Authentication and Authorization in a Grid Application,” the 19th International Conference on Advanced Information Networking and Applications (AINA 2005), Taipei, Vol 1, No 1, pp 1-5.

[13] I. Constandache, D. Olmedilla, and W. Nejdl, “Policy-Based Dynamic Negotiation for Grid Services Authorization,” University Hannover, Academic: September, 2005.
[14] I. Foster, C. Kesselman, J. Nick, and S. Tuecke, “The physiology of the grid: An open grid services architecture for distributed systems integration,” Open Grid Service Infrastructure WG, Global Grid Forum, June 2002.

[15] Institute For The Management of Information Systems, “Ten Thoughts on Security Policy Enforcement,” monthly journal, AVAR 2002 Conference, Hungary, pp30-31, October 2002.

[16] ITU-T. Information technology, – “Open Systems Interconnection,” - The Directory: Public-key and attribute certificate frameworks, ITU-T Recommendation X.509 (2005). http://www.itu.int/rec/T-RECX.509-200508-I/en

[17] J. Basney, V. Welch, F. Siebenlist, “A Roadmap for Integration of Grid Security with One-Time Passwords,” National center for supercomputing Applications, U.S.A., April 18, 2004, pp 1-9.

[18] J. Novotny, S. Teucke and V.Welch, “An Online Credential Repository for the Grid,” MyProxy, Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC-10), IEEE Press, Vol 8, Issue 1, California, pp 1-17, August 2001.

[19] K. Hwang, Y. Kwong, K. Shanshan, S. Min Cai, Y. Chen, Y. Chen, R. Zhou, and X. Lou, “DHT-based security infrastructure for trusted internet and grid computing,” Int. J. Critical Infrastructures, California, Vol. 1, No. 1, pp.1–22, May 04, 2005.

[20] K. Hwang, Y-K. Kwok, S. Song, M. Cai, and Y. Chen, “Trusted Grid Computing with Security Binding and Trust Integration”, Int. J. Grid Computing, California, Vol. 3, No. 1-2, pp.53-73, June 2005.

[21] K. Keahey,and V. Welch, “Fine-Grained Authorization for Resource Management in the Grid Environment,”. Proceedings of Proceedings of the Fourth International Workshop on Grid Computing (GRID’03), IEEE Workshop, Phoenix, 2003, pp 1-8.

[22] L. Pearlman, V. Welch, I. Foster, C. Kesselman and S. Tuecke. “A Community Authorization Service for Group Collaboration,” Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks, California, pp 50, 2002. 5th – 7th June 2002.

[23] L. Ramakrishnan, H. Rehn, J. Alameda, R. Ananthakrishnan, M. Govindaraju, A. Slominski, K. Connelly, V. Welch, D. Gannon, R. Bramley, S. Hampton, “An Authorization Framework for a Grid Based Component Architecture,” Proceedings of the Third International Workshop on Grid Computing, Bloomington: Academic, Vol. 2536, pp 169-180.

[24] LANcope, “Data Flow Analysis for Traffic Characterization and Network Security,” 2001, http://www.lancope.com.

[25] M. Cai, K. Hwang, Y-K. Kwok, and Y. Chen, “Collaborative internet worm containment,” IEEE Security and Privacy, IEEE Computer Society Press, CA, USA, pp.25–33, June 2005.

[26] M. Thompson, A. Essiari and S. Mudumbai. “Certificate-based Authorization Policy in a Grid Environment,” ACM Transactions on Information and System Security (TISSEC), 6(4), (2003), pp 566-588.

[27] N. Dulay, E. Lupu, M. Sloman, and Damianou. “A Policy Deployment Model for the Ponder Language”. Proceedings of the IEEE/IFIP International Symposium on Integrated Network Management, Washington, pp 1-10, 14th -18th May 2001.

[28] P. A. Bonatti and D. Olmedilla. “Driving and monitoring provisional trust negotiation with metapolicies,” in 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Stockholm, Sweden, pp 14–23, June 2005.

[29] S. Farrell, J. Vollbrecht, P. Calhoun, L. Gommans, G. Goss, B. Debruijn, C. Delaat, M. Holdrege, D. Spence. “AAA Authorization Requirements,” Request for Comments 2906, Network Working Group, 2000, http://www.ietf.org/rfc/rfc2096.txt.

[30] S. Kamvar, M. Schlosser, and H. Garcia-Molina, “The Eigentrust algorithm for reputation management in P2P networks,” Proceedings of the 12th International World Wide Web Conference, Budapest, pp.640–651. 2003.

[31] T. W. Lam, T. W. Ngan, K. K. To, " On the speed requirement for optimal deadline scheduling in overloaded systems," Proceedings of the 15th International Parallel & Distributed Processing Symposium (IPDPS-01), San Francisco, California, April 2001.

[32] Universal description discovery and integration. “http://www.uddi.org /specification. html”.

[33] V. WELCH, “Globus Toolkit Version 4 Grid Security Infrastructure”, A Standards Perspective, http://www.globus.org/toolkit/docs/4.0/security/GT4-GSIOverview.Pdf (2005).

[34] W. Stallings “Network Security Essentials, Applications and Standards,” Handbook, Fifth Edition, Published by Pretence Hall Inc, 2000, ISBN: 0-13-016093-8.