Dr. Christopher Kunz
- GDI-Grid -- Geodateninfrastruktur-Grid
- Internet Society (ISOC) Germany e.V.
- Institute of Electrical and Electronic Engineers (IEEE)
Grid computing allows the scientific community to share resources across network and organization boundaries, increasing the possibilities for researchers worldwide.
The gLite framework is used by the EGEE initiative to build a standardized grid infrastructure for scientific institutions worldwide.
Security is an important aspect of grid frameworks: Not only are confidentiality and integrity necessary, but there are also high amounts of computing power involved that need to be accounted to the ones actually consuming it. Attackers posing as a legitimate grid user could thus consume computing and data resources. With the use of mutual authentication through certificates and delegation of rights by means of proxy certificates, this problem can partially be solved. By obtaining a proxy certificate and its private key, an unauthorized third party could still pose as a legitimate user and consume resources on their behalf.
This thesis presents a solution to this problem by enabling grid users to restrict their own execution rights to the minimum necessary. By embedding an XACML policy in a X.509 extension to their proxy certificate, they can specify a set of Job IDs. The CE will then only allow the jobs associated with these identifiers to be passed to the worker nodes for computation, thwarting an attacker’s intent to consume processing resources.
Projektseite zum Forschungsprojekt: Restricted Delegation of Rights in Grids (engl.)
Informationen über mein Promotionsprojekt: Grid Proxy Auditing Infrastructure