A computational Grid is a hardware and software infrastructure that provides dependable, consistent, pervasive, and inexpensive access to high-end computational capabilities
Along with the positive impact, there are also a new set of security concerns and issues
The purpose of this paper : To review a number of the security policies that have already been configured in existing Grid environments, identify the deficiencies and introduce a collection of all the issues that should be taken under consideration while building an integrated security policy in a Grid computing environment
Outline
1.Introduction
2.SECURITY POLICY IN GRID COMPUTING ENVIRONMENTS
3.Security policies review
4.Security policy configuration issues
5.Conclusions
2.Security policy in grid computing environments
A multi-user environment and A dynamic user population
A large and dynamic resource pool
The most important and complicated factor : the interoperability of security policies ( multiple authentication and authorization mechanisms )
Delegating too few rights could prevent the task from being completed
Suggestion : What a security policy should do is to specify the rights that may be delegated, the principals to which these rights may be delegated, and care for the protection of the delegated credentials
Identity mapping
Mapping Grid identities to local userids is a way to enable a user to have a single-sign-on
In order to achieve identity mapping the user must have a local id at the sites to be accessed
May raise security implications
Suggestion : A security policy should prefer to incorporate a mechanism for allowing the local administrator to specify trust relations with various certificate Authorities (CA), rather than trying to directly map the ids
Policies interoperability
Grid security policy may provide interdomain security mechanisms
Access to local resources will typically be determined by a local security policy
An information service allows potential users to locate resources and to query them about access and availability
Access to these services for query or update should be very carefully secured, and strictly controlled
Suggestion : The security policy should have defined the proper processes for this access with not only authentication and authorization procedures, but with confidentiality and integrity features in the answers to the users’ queries as will
Exportability
An issue mostly related to encryption features supported by a Grid security policy
A lot of encryption mechanisms, infrastructure and protocols, as well as algorithms so more complicated for a Security Policy to select and use an encryption
Suggestion : A standard is imperative to ensure uniformity
Resource selection
Users typically have little or no knowledge of the resources contributed by other participants, a significant obstacle to their use
The choice of the “best” suited resource depends on physical characteristics of the resource, of the connectivity, of the security, of the policy that governs access to this system, etc.
Suggestion : The common security approach must be intended to support a wide range of these local access control policies
Firewalls and virtual private networks
Existence of a firewall or VPN in front of an administrative domain can result in prohibition of access
Information services must also be informed about existence of firewalls
Suggestion : A Grid security policy should not oblige administrative domains to eliminate usage of their already configured firewalls
Outline
1.Introduction
2.Security policy in Grid computing environments
3.Security policies review
4.Security policy configuration issues
5.CONCLUSIONS
5.Conclusions
The authors identified some major deficiencies of six existing Grid computing environments
The authors presented a first full inventory of the most common security issues that have been experienced in the Grid computing environments, and how security policies should accommodate in order to address these
The inventory can be used as a brief but complete reference guide for the Grid participant institutions which would like to enrich their security policy or build a new one from scratch
The authors have neglected some important points in introducing the problems of security of the 6 projects (security of Web Service, GSS-API)