SlideShare une entreprise Scribd logo
1  sur  9
Télécharger pour lire hors ligne
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014
DOI:10.5121/ijcsa.2014.4118 179
SECURITY ISSUES IN GRID COMPUTING
Neha Mishra1
, Ritu Yadav2
and Saurabh Maheshwari 3
Department of CSE, Govt. Women Engineering College, Ajmer, Rajasthan, India
ABSTRACT
Grid computing is concerned with the sharing and use of resources in dynamic distributed virtual
organizations. The dynamic nature of Grid environments introduces challenging security concerns that
demand new technical approaches. In this brief overview we review key Grid security issues and outline
the technologies that are being developed to address those issues. We focus on works done by Globus
Toolkits to provide security and also we will discuss about the cyber security in Grid.
KEYWORDS
Virtual Organisation (VO), X.509,OSGA, GSI, CAS,WSDL, SSH.
1. INTRODUCTION
Security is a latest topic today for the smart grid, and progresses are being done in this field every
day. Most communications uses standard cryptographic algorithms AES-128 to protect the data
on the network. Grid computing is a technique which provides high-performance computing; in
this resources are shared in order to improve the performance of the system at a lower price.
According to literature, “Grid computing is a system where multiple applications can integrate
and use their resource efficiently”.
According to Foster and Kesselman, “A grid is a system that has three important categories:
coordination of resources not under centralized control, use standard general purpose interface,
and it delivers nontrivial quality of service”. Kon et al define grid computing as, “coordination of
resource sharing and dynamic problem solving in multi-institution virtual organizations” [3].
2. SECURITY REQUIREMENTS
Grid systems and applications require standard security functions which are authentication, access
control, integrity, privacy, and no repudiation. Authentication and access control issues are. It (1)
provide authentication to verify the users, process which have user’s computation and resources
used by the processes to authenticate (2) allow local access control mechanisms to be used
without change. To develop security architecture we have to satisfy the following constraints
which are taken from the characteristics of grid environment and application [1].
Single sign-on: A user should authenticate once and they should be able to acquire resources, use
them, and release them and to communicate internally without any further authentication.
Protection of credentials: User passwords, private keys, etc. should be protected.
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014
180
Interoperability with local security solutions: Access to local resources should have local
security policy at a local level. Despite of modifying every local resource there is an interdomain
security server for providing security to local resource.
Exportability: The code should be exportable i.e. they cannot use a large amount of encryption at
a time. There should be a minimum communication at a time.
Support for secure group communication: In a communication there are number of processes
which coordinate their activities. This coordination must be secure and for this there is no such
security policy.
Support for multiple implementations: There should be a security policy which should provide
security to multiple sources based on public and private key cryptography.[8]
3. GRID SECURITY CHALLENGES
Multiple resources provide the control policies to the third party. The VO is one which
coordinates the resource sharing and use.
The dynamic policies and entry of new participants in the system gives the need for three key
functions which are:
Multiple security mechanisms:
Organizations which participate in a VO have investment in security mechanism and
infrastructure. Grid security interoperates with these mechanisms.
Dynamic creation of services:
Users must be able to create new services (e.g., “resources”) dynamically without administrator
permission. These services should coordinate and interact with other services. So, we must be
able to name the service with acceptable identity and should be able to grant rights to that identity
without any contradiction with the governing local policy.
Dynamic establishment of trust domains:
VO needs to establish coordination between its user and all the resources so that they can
communicate easily. These domains must establish trust dynamically whenever a new user join or
leave a VO. A user-driven security model is needed to create new entries of the user so that they
can coordinate with the resources within the VO.[4]
4. GLOBUS TOOLKIT SECURITY MODELS
The Globus Toolkit's Authentication and Authorization components provide the basis standard for
the "core" security software in Grid systems and applications. Globus software development kits
provide programming libraries, Java classes, and essential tools for a PKI, certificate-based
authentication system with single sign-on and delegation features, in either Web Services or non-
Web Services frameworks. Grid security technology such as GSI and CAS are used to provide
security. These technologies are used to represent the security and are used in various grid
projects. Web security services work under the OGSA architecture. It is used to represent
refactoring, refinement and repacking of various Grid protocols so that better use of useful
resources can be done [3].
OSGA is used with the Globus toolkit to provide WSDL for interface to provide Grid services.
OSGA is also used to provide an interface for discovery of grid services. Recent goal of OSGA
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014
181
security work is to provide relationships between OSGA security mechanism and emerging WS
security mechanism [9].
4.1 GT2 Grid Security Model
The security technologies incorporated in the Globus Toolkit version 2 (GT2) includes services
for Grid Resource Allocation and Management (GRAM), Monitoring and Discovery (MDS), and
data movement (GridFTP). These services use Grid Security Infrastructure (GSI) to provide
security. GSI works on a common format based on X.509 identity certificates and a common
protocol based on transport layer security (TLS, SSL). An X.509 certificate is associated with
private key that forms a unique authentication set that a Grid uses to authenticate itself to other
Grid entities. [10]
The TLS-based protocol is used to provide message protection (encryption, integrity checking),
according to the requirement of data stream. Gateways are used to translate information between
common GSI infrastructure and local site mechanisms. For example, the Kerberos Certificate
Authority (KCA) provides an interface for translation of Kerberos to GSI and vice versa. [8]
Each GSI certificate is issued by certificate authority (CA), which runs a large number of
organization or commercial company. To trust the X.509 communication, the CA issues the
certificate to trust the entity. An X.509 identity certificate is used within GSI for establishment of
a trusted communication. [11]
In mechanisms such as Kerberos, where for inter-institutional a bilateral agreement is required at
the organizational level, trust in a CA is established unilaterally: A single entity can decide to
trust any CA, without involving the whole organization. This feature is used in the establishment
of VOs in which some portions of the organizations are only used and not the whole organization.
[12]
GSI introduces X.509 proxy certificates, which is an extension to GSI used by X.509 identity
certificates to allow a user to assign a new X.509 identity to an entity and then delegate subset of
their rights to that identity. Users create this proxy certificate by issuing a new X.509 certificate
signed by it without involving the CA. By this mechanism new authentication and identities can
be created quickly as there is no involvement of the administrator. To create a trusted
communication VOs is provided for both the proxy certificate and for security services, Example,
the Community Authorization Service (CAS). According to GSI policy if any two entities have
proxy certificates issued by the same user they can trust each other. This policy allows the users
to create trusted communication itself by issuing proxy certificates to any services with whom
they wish to collaborate. [13]
This policy of trust between proxy holders allows then for a easy and simple trust domains but for
complicated trust domains they have some limitations, for example, limited trust between
multiple parties in which we can use security services such as CAS that allow flexible, expressive
policy to be created for multiple users in a VO. CAS allows a VO to use the policy that has been
provided to it by the resource providers in the VO. This process has three steps shown in Figure
1:
The three steps of the figure are:
Firstly, the user authenticates to CAS and receives notification from CAS stating VO’s policy that
how the user may use VO resources.
Second, after that the user presents the details to a VO resource and the usage request.
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014
182
Finally, then evaluation is done whether to allow the request, for this the resource checks both
local policy and the VO policy expressed in the CAS assertion. CAS allows a resource to retain
the authority over that resource, but it also allows the VO to control the enforced policy. Then,
the VO coordinate the policy that how the resources will be shared.
Figure 1. Policy of CAS and VO.
While designing GSI we have several efforts to build on PKI. Some of these efforts with respect
to Grid security requirements are:
First, Kerberos needs the site administrators for establishment of inter domain trust between new
entities.
Second, the CRISIS i.e. a wide area security system provides a uniform and scalable security
infrastructure in a wide area network but does not provide interoperability with local security
mechanisms.
Third, Secure Shell (SSH) gives us a system of authentication and message protection but does
not support translation between different mechanisms or creation of dynamic entities [14].
4.2 GT3 Security Model
Grid security challenges are solved with Open Grid Services Architecture (OGSA) along with a
set of technical specifications to integrate Grid technologies with Web services technologies. Web
services technologies allow defining software component in terms of access methods, to bind
these methods with specific communication mechanisms, and also to provide mechanisms for
discovering relevant services.
There are no particular mechanisms but few are emerging as ubiquitous. The Simple Object
Access Protocol (SOAP) provides an interface for messaging using XML along with HTTP. The
Web Services Description Language (WSDL) provides a method for expressing operation
signatures and also bindings to protocols and endpoints in an XML document.
OGSA is a standard Web service interfaces and behaviors to add Web services with the concepts
of crateful services and secure invocation, and also capabilities to address Grid-specific
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014
183
requirements. These interfaces and behaviors define a “Grid service” and allow users to manage
the Grid service’s life-cycle, according to the policies, and create sophisticated distributed
services. [6]
A grid service is defined as an interface for service data elements (SDEs) that other entities can
query or subscribe to. OGSA introduces new opportunities and challenges for Grid security.
Globus Toolkit (GT3) and Grid Security Infrastructure (GSI3) were the first to implement OGSA
mechanisms. GT3’s security model allows applications and users to operate on the Grid as easy
and automatic manner as possible. Security mechanisms should not be instantiated in an
application but should be supplied by the surrounding Grid infrastructure to adapt on behalf of the
application to meet the application's requirements. [7]
Figure 2. OGSA Architecture
The application should deal only with application specific policy. GT3 uses the following features
of OGSA and Web services security to achieve their goals, these goals are to:
First, use of security functionality as OGSA services to locate them and use the service whenever
needed.
Second, use of sophisticated host environment to provide security for applications and to adapt
security of application without changing it.
Third, to publish service security policy for clients to discover dynamically what are the
requirements and mechanisms needed for establishing trust with the service.
Fourth, to provide specifies standards for the exchange of security tokens for interoperability.[4]
4.3 GT4 Security Models
GT4 Authorization implements SAML (security assertion markup language), and uses the
XACML (extensible access control markup language). XACML authorization framework
architecture is an implementation of the Open Grid Services Architecture is an initiative for
recasting Grid concepts within a service oriented framework based on Web services. [14]
In GT4, we have additional Web Services security specifications implementation. Web Services
has provided several security standards that which influences Grid computing. XACML and
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014
184
SAML are the two important authorization standards. We have several other authorization
systems that support Grid computing that are Akenti, PERMIS, Shibboleth and VOMS. Akenti,
PERMIS and Shibboleth use the type of attributes which are needed to make authorization
decision. VOMS provides user attributes used for authorization. These authorization systems have
their own policies, and can be integrated with GT4 authorization framework to provide
authorization services. [5]
The XACML authorization model has the following policies that are used to create
communication. The functioning of these policies are:
Firstly, The PEP (Policy Enforcement Point) is used to accept the access requests from users and
then it sends the requests to the PDP.
Then, The PDP(Policy Decision Point) then makes the access decisions according to the security
policy or policy set of PAP (Policy Administration Point) and also by using attributes of the
subjects, the resource, and the environment that are obtained by querying the PIP (Policy
Information Point).
After that, the access decision taken by the PDP is then sent to the PEP. Finally, according to the
decision of PDP, the PEP then either permits or denies the access request [9].
The whole architecture is shown below.
Figure 3. XACML authorization model
XACML also defines a policy language. Policies are organized in hierarchy with the Policy Sets
combined using combining algorithms. A rule is has a target, an effect of that rule and a condition
on which the rule works. A Policy comprises of a target, one or more rules, and an optional set of
obligations [9].
5. SMART GRID CYBER SECURITY:
The cyber security for the smart grid is the possibility that if in a centralized grid we have two
way digital communications the grid can become susceptible to the hackers who can use customer
confidential information and can cause adverse effect on the communication. This is the latest
concern in the Grid to create a Smart Grid cyber security to provide the internet security in the
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014
185
Grid. There should be some policies with which we can take the benefits of the Internet and also
the available computation power in a secure way [1].
Internet facility is much more reliable than electric grid due to the following reasons:
1) Internet is decentralized and is in starfish pattern and not in spider,
2) Asynchronous i.e. we don’t have to use a single source we can work on different server and
3) It has many paths and not a few single connections. The Internet is a smart grid, a resilient
grid, a self-healing grid that does not go down. The last connection to the grid may fail, or a
particular destination may fail.
The Internet makes it possible to have a more secure grid as it reliably monitor and control every
part of the grid in real time. The new smart grid will be a less centralized grid because:
1) the traditional economies that supported it has been removed by risk and uncertainty of siting,
construction, operation, fuel supply, environmental impact and cost recovery,
2) There is penetration of distributed generation, storage, PHEVs/EVs as well as customer
premises energy management systems
3) There is an increasing penetration of stochastic, energy sources like wind, solar and consumer
dispatched generation. There is a complex grid with many points to automatically monitor and
control resources.
Figure 4- Cyber Grid
5.1 Why cyber security is so hard for the future grid
The following reasons due to which the cyber security will not be implemented so easily in future
grid are:
First is, Legacy controllers, networks Fragile security, built to run on private data links, 24/7
(hard to update, patch), real time requirements (security, crypto may impact timing)
Second, Control nets run over (or tunneled though) public networks (attack channel, or subject to
broader disruption)
Third, Best Practices for Control Systems & Grid Security (DHS, NERC CIP standards, NIST
Draft NISTIR 7628, etc.)
Fourth, these are processes for developing secure systems, not cookbook answers!
Fifth, Security is a system issue—what are the pieces and how do they work together
And the last is- Security is a moving target [2].
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014
186
Research activity:
• US Government: DHS, INL, NIST, etc.
• Foreign Governments
• Industry Consortia
• Universities, I3P (industry, universities)
• Two Relevant Research Projects at NYU-Poly
• Trusted Platforms: A hardware basis for trusting software, grid element identity, and actions
• INFER—when the defenses have failed.[12]
6. CONCLUSION
Grid computing presents a number of security challenges that are met by the Globus Toolkit’s
Grid Security Infrastructure (GSI). Version 3 of the Globus Toolkit (GT3) implements the
emerging Open Grid Services Architecture; its GSI implementation (GSI3) takes advantage of
this evolution to improve on the security model used in earlier versions of the toolkit. Its
development provides a basis for a variety of future work. GT4 Security Infrastructure
implements the existing and emerging standards which are used by the broader Web Services
community. In particular, we are interested in exploiting WS-Routing to improve firewall
compatibility; in defining and implementing standard services for authorization, credential
conversation, identity mapping; and in using WS-Policy to automate application determination of
requirements and location of services that meet those requirements. Also the cyber security in
Grid is the latest interest in the field of Grid computing to provide security.
ACKNOWLEDGEMENTS
We would like to thank our principal for providing us the platform for research. Also we are
thankful to TEQIP-II for funding this publication. Support of the technical staff was also
commendable.
REFERENCES
[1] Report to NIST on Smart Grid Interoperability Standards Roadmap EPRI, Jun. 17, 2009
[Online].Available:http://www.nist.gov/smartgrid/InterimSmartGridRoadmapNISTRestructure.pdf
[2] Draft smart grid cyber security strategy and requirements, NIST IR 7628, Sep. 2009 [Online].
Available: http://csrc.nist.gov/publications/ drafts/nistir-7628/draft-nistir-7628.pdf
[3] “Public key infrastructure,” Wikipedia Feb. 18, 2010 [Online]. Available:
http://en.wikipedia.org/wiki/Public_key_infrastructure
[4] Energy Assurance Daily, September 27, 2007. U.S. Department of Energy, Office of Electricity
Delivery and Energy Reliability, Infrastructure Security and Energy Restoration Division. April 25,
2010.
[5] WiMax Security 2010 [Online]. Available: http://www.topbits. com/wimax-security.html
[6] I. Foster and C. Kesselman, editors. Computational Grids: The Future of High Performance
Distributed Computing. Morgan Kaufmann, 1998.
[7] I. Foster, K. Kesselman, The Grid: Blueprint for a Future Computing Infrastructure(Morgan
Kaufmann in Computer Architecture and Design), 1999.
[8] Ian, F., C. Kesselman and S. Tuecke(2001). ‘The anatomy of the grid: enabling scalable virtual
organizations’, a reprint in Berman et. al(2003) pp.171-191.
[9] L. Ramakrishnan, Securing Next-Generation Grids, IEEE IT Pro, March/April 2004.
[10] E. Cody, R. Sharman, Raghav H. Rao, Sh. Upadhyaya, Security in grid computing: A review and
synthesis, http://www.siencedirect.com (Document view: October 12 2010).
[11] Foster, I., Kesselman, C., Nick, J. and Tuecke, S. The Physiology of the Grid: An Open Grid Services
Architecture for Distributed Systems Integration, Globus Project, 2002.
http://www.globus.org/research/papers/ogsa.pdf.
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014
187
[12] Foster, I., Kesselman, C., Tsudik, G. and Tuecke, S. A Security Architecture for Computational Grids.
ACM Conference on Computers and Security, 1998, 83-91.
[13] CCITT Recommendation X.509: The Directory – Authentication Framework.1988.
[14] Minoli D. (2005). “A Networking Approach to Grid Computing”, Prentice Hall.
[15] Simple Object Access Protocol (SOAP) 1.1, www.w3.org/TR/SOAP
Authors
Mr. Saurabh Maheshwari is an Assistant Professor in Dept. of Computer Engineering in
Govt. Women Engineering College Ajmer, Rajasthan, India. He is pursuing Ph.D. in ICT
from IIT Jodhpur. He has done his M.Tech. in CSE from MNIT Jaipur, India. His research
interests lies in Image Processing, Biometrics, Bio-Instrumentation and Application
Development for handheld devices.
Ms. Neha Mishra is pursuing M.Tech in CSE from Govt. Women Engineering College
Ajmer India. She has completed her B.Tech in 2012 from RCEW Jaipur India.
Ms. Ritu Yadav is pursuing M.Tech in CSE from Govt. Women Engineering College
Ajmer India. She has completed her B.Tech in 2012 from Govt. Women Engineering
College Ajmer India.

Contenu connexe

Tendances

Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
 
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Salam Shah
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
SAFETY: A Framework for Secure IaaS Clouds
SAFETY: A Framework for Secure IaaS CloudsSAFETY: A Framework for Secure IaaS Clouds
SAFETY: A Framework for Secure IaaS CloudsEswar Publications
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)irjes
 
International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation  vol 2015-n2-paper4International journal of computer science and innovation  vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4sophiabelthome
 
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREA SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
 
Mitigating Various Attacks in Mobile Ad-hoc Networks Using Trust Based Approach
Mitigating Various Attacks in Mobile Ad-hoc Networks Using Trust Based ApproachMitigating Various Attacks in Mobile Ad-hoc Networks Using Trust Based Approach
Mitigating Various Attacks in Mobile Ad-hoc Networks Using Trust Based ApproachIJLT EMAS
 
Secure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud ComputingSecure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud ComputingIRJET Journal
 
Strong zero knowledge authentication based on the session keys (sask)
Strong zero knowledge authentication based on the session keys (sask)Strong zero knowledge authentication based on the session keys (sask)
Strong zero knowledge authentication based on the session keys (sask)IJNSA Journal
 
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET Journal
 
Shared aythority ppt design [autosaved]
Shared  aythority  ppt design [autosaved]Shared  aythority  ppt design [autosaved]
Shared aythority ppt design [autosaved]Raj Kumar
 
4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...Venkat Projects
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data securityUlf Mattsson
 
Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946Editor IJARCET
 

Tendances (17)

Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud Application
 
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
SAFETY: A Framework for Secure IaaS Clouds
SAFETY: A Framework for Secure IaaS CloudsSAFETY: A Framework for Secure IaaS Clouds
SAFETY: A Framework for Secure IaaS Clouds
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocol
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation  vol 2015-n2-paper4International journal of computer science and innovation  vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4
 
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREA SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
 
Mitigating Various Attacks in Mobile Ad-hoc Networks Using Trust Based Approach
Mitigating Various Attacks in Mobile Ad-hoc Networks Using Trust Based ApproachMitigating Various Attacks in Mobile Ad-hoc Networks Using Trust Based Approach
Mitigating Various Attacks in Mobile Ad-hoc Networks Using Trust Based Approach
 
Secure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud ComputingSecure Multi Authority Data Access Control System in Cloud Computing
Secure Multi Authority Data Access Control System in Cloud Computing
 
Strong zero knowledge authentication based on the session keys (sask)
Strong zero knowledge authentication based on the session keys (sask)Strong zero knowledge authentication based on the session keys (sask)
Strong zero knowledge authentication based on the session keys (sask)
 
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
 
Shared aythority ppt design [autosaved]
Shared  aythority  ppt design [autosaved]Shared  aythority  ppt design [autosaved]
Shared aythority ppt design [autosaved]
 
4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
 
Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946
 

En vedette

Security in cloud (and grid) computing Overview
Security in cloud  (and grid) computing OverviewSecurity in cloud  (and grid) computing Overview
Security in cloud (and grid) computing OverviewTawanda Douglas Muringani
 
The impact of innovation on travel and tourism industries (World Travel Marke...
The impact of innovation on travel and tourism industries (World Travel Marke...The impact of innovation on travel and tourism industries (World Travel Marke...
The impact of innovation on travel and tourism industries (World Travel Marke...Brian Solis
 
Open Source Creativity
Open Source CreativityOpen Source Creativity
Open Source CreativitySara Cannon
 
Reuters: Pictures of the Year 2016 (Part 2)
Reuters: Pictures of the Year 2016 (Part 2)Reuters: Pictures of the Year 2016 (Part 2)
Reuters: Pictures of the Year 2016 (Part 2)maditabalnco
 
The Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsThe Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsBarry Feldman
 
The Outcome Economy
The Outcome EconomyThe Outcome Economy
The Outcome EconomyHelge Tennø
 

En vedette (6)

Security in cloud (and grid) computing Overview
Security in cloud  (and grid) computing OverviewSecurity in cloud  (and grid) computing Overview
Security in cloud (and grid) computing Overview
 
The impact of innovation on travel and tourism industries (World Travel Marke...
The impact of innovation on travel and tourism industries (World Travel Marke...The impact of innovation on travel and tourism industries (World Travel Marke...
The impact of innovation on travel and tourism industries (World Travel Marke...
 
Open Source Creativity
Open Source CreativityOpen Source Creativity
Open Source Creativity
 
Reuters: Pictures of the Year 2016 (Part 2)
Reuters: Pictures of the Year 2016 (Part 2)Reuters: Pictures of the Year 2016 (Part 2)
Reuters: Pictures of the Year 2016 (Part 2)
 
The Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsThe Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post Formats
 
The Outcome Economy
The Outcome EconomyThe Outcome Economy
The Outcome Economy
 

Similaire à Security issues in grid computing

Comparison of data security in grid and cloud
Comparison of data security in grid and cloudComparison of data security in grid and cloud
Comparison of data security in grid and cloudeSAT Publishing House
 
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSA CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSIJNSA Journal
 
Use of cloud federation without need of identity federation using dynamic acc...
Use of cloud federation without need of identity federation using dynamic acc...Use of cloud federation without need of identity federation using dynamic acc...
Use of cloud federation without need of identity federation using dynamic acc...eSAT Publishing House
 
A cryptographic mutual authentication scheme for web applications
A cryptographic mutual authentication scheme for web applicationsA cryptographic mutual authentication scheme for web applications
A cryptographic mutual authentication scheme for web applicationsIJNSA Journal
 
A dynamic policy based security-as-a-service infrastructure for cloud environ...
A dynamic policy based security-as-a-service infrastructure for cloud environ...A dynamic policy based security-as-a-service infrastructure for cloud environ...
A dynamic policy based security-as-a-service infrastructure for cloud environ...eSAT Publishing House
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Secure Group Communication in Grid Environment
Secure Group Communication in Grid EnvironmentSecure Group Communication in Grid Environment
Secure Group Communication in Grid EnvironmentCSCJournals
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresIJRES Journal
 
Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...CSCJournals
 
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
 
Enhanced security framework to ensure data security
Enhanced security framework to ensure data securityEnhanced security framework to ensure data security
Enhanced security framework to ensure data securityeSAT Publishing House
 
Cross domain identity trust management for grid computing
Cross domain identity trust management for grid computingCross domain identity trust management for grid computing
Cross domain identity trust management for grid computingijsptm
 
Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...eSAT Journals
 
International Journal on Web Service Computing (IJWSC)
International Journal on Web Service Computing (IJWSC)International Journal on Web Service Computing (IJWSC)
International Journal on Web Service Computing (IJWSC)ijwscjournal
 
A Literature Review on Trust Management in Web Services Access Control
A Literature Review on Trust Management in Web Services Access ControlA Literature Review on Trust Management in Web Services Access Control
A Literature Review on Trust Management in Web Services Access Controlijwscjournal
 
A Literature Review on Trust Management in Web Services Access Control
A Literature Review on Trust Management in Web Services Access ControlA Literature Review on Trust Management in Web Services Access Control
A Literature Review on Trust Management in Web Services Access Controlijwscjournal
 
Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...ijcnes
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) ijceronline
 
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...idescitation
 
A study secure multi authentication based data classification model in cloud ...
A study secure multi authentication based data classification model in cloud ...A study secure multi authentication based data classification model in cloud ...
A study secure multi authentication based data classification model in cloud ...IJAAS Team
 

Similaire à Security issues in grid computing (20)

Comparison of data security in grid and cloud
Comparison of data security in grid and cloudComparison of data security in grid and cloud
Comparison of data security in grid and cloud
 
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSA CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
 
Use of cloud federation without need of identity federation using dynamic acc...
Use of cloud federation without need of identity federation using dynamic acc...Use of cloud federation without need of identity federation using dynamic acc...
Use of cloud federation without need of identity federation using dynamic acc...
 
A cryptographic mutual authentication scheme for web applications
A cryptographic mutual authentication scheme for web applicationsA cryptographic mutual authentication scheme for web applications
A cryptographic mutual authentication scheme for web applications
 
A dynamic policy based security-as-a-service infrastructure for cloud environ...
A dynamic policy based security-as-a-service infrastructure for cloud environ...A dynamic policy based security-as-a-service infrastructure for cloud environ...
A dynamic policy based security-as-a-service infrastructure for cloud environ...
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Secure Group Communication in Grid Environment
Secure Group Communication in Grid EnvironmentSecure Group Communication in Grid Environment
Secure Group Communication in Grid Environment
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
 
Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...Building a Distributed Secure System on Multi-Agent Platform Depending on the...
Building a Distributed Secure System on Multi-Agent Platform Depending on the...
 
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
 
Enhanced security framework to ensure data security
Enhanced security framework to ensure data securityEnhanced security framework to ensure data security
Enhanced security framework to ensure data security
 
Cross domain identity trust management for grid computing
Cross domain identity trust management for grid computingCross domain identity trust management for grid computing
Cross domain identity trust management for grid computing
 
Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...
 
International Journal on Web Service Computing (IJWSC)
International Journal on Web Service Computing (IJWSC)International Journal on Web Service Computing (IJWSC)
International Journal on Web Service Computing (IJWSC)
 
A Literature Review on Trust Management in Web Services Access Control
A Literature Review on Trust Management in Web Services Access ControlA Literature Review on Trust Management in Web Services Access Control
A Literature Review on Trust Management in Web Services Access Control
 
A Literature Review on Trust Management in Web Services Access Control
A Literature Review on Trust Management in Web Services Access ControlA Literature Review on Trust Management in Web Services Access Control
A Literature Review on Trust Management in Web Services Access Control
 
Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
 
A study secure multi authentication based data classification model in cloud ...
A study secure multi authentication based data classification model in cloud ...A study secure multi authentication based data classification model in cloud ...
A study secure multi authentication based data classification model in cloud ...
 

Dernier

AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 

Dernier (20)

AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 

Security issues in grid computing

  • 1. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 DOI:10.5121/ijcsa.2014.4118 179 SECURITY ISSUES IN GRID COMPUTING Neha Mishra1 , Ritu Yadav2 and Saurabh Maheshwari 3 Department of CSE, Govt. Women Engineering College, Ajmer, Rajasthan, India ABSTRACT Grid computing is concerned with the sharing and use of resources in dynamic distributed virtual organizations. The dynamic nature of Grid environments introduces challenging security concerns that demand new technical approaches. In this brief overview we review key Grid security issues and outline the technologies that are being developed to address those issues. We focus on works done by Globus Toolkits to provide security and also we will discuss about the cyber security in Grid. KEYWORDS Virtual Organisation (VO), X.509,OSGA, GSI, CAS,WSDL, SSH. 1. INTRODUCTION Security is a latest topic today for the smart grid, and progresses are being done in this field every day. Most communications uses standard cryptographic algorithms AES-128 to protect the data on the network. Grid computing is a technique which provides high-performance computing; in this resources are shared in order to improve the performance of the system at a lower price. According to literature, “Grid computing is a system where multiple applications can integrate and use their resource efficiently”. According to Foster and Kesselman, “A grid is a system that has three important categories: coordination of resources not under centralized control, use standard general purpose interface, and it delivers nontrivial quality of service”. Kon et al define grid computing as, “coordination of resource sharing and dynamic problem solving in multi-institution virtual organizations” [3]. 2. SECURITY REQUIREMENTS Grid systems and applications require standard security functions which are authentication, access control, integrity, privacy, and no repudiation. Authentication and access control issues are. It (1) provide authentication to verify the users, process which have user’s computation and resources used by the processes to authenticate (2) allow local access control mechanisms to be used without change. To develop security architecture we have to satisfy the following constraints which are taken from the characteristics of grid environment and application [1]. Single sign-on: A user should authenticate once and they should be able to acquire resources, use them, and release them and to communicate internally without any further authentication. Protection of credentials: User passwords, private keys, etc. should be protected.
  • 2. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 180 Interoperability with local security solutions: Access to local resources should have local security policy at a local level. Despite of modifying every local resource there is an interdomain security server for providing security to local resource. Exportability: The code should be exportable i.e. they cannot use a large amount of encryption at a time. There should be a minimum communication at a time. Support for secure group communication: In a communication there are number of processes which coordinate their activities. This coordination must be secure and for this there is no such security policy. Support for multiple implementations: There should be a security policy which should provide security to multiple sources based on public and private key cryptography.[8] 3. GRID SECURITY CHALLENGES Multiple resources provide the control policies to the third party. The VO is one which coordinates the resource sharing and use. The dynamic policies and entry of new participants in the system gives the need for three key functions which are: Multiple security mechanisms: Organizations which participate in a VO have investment in security mechanism and infrastructure. Grid security interoperates with these mechanisms. Dynamic creation of services: Users must be able to create new services (e.g., “resources”) dynamically without administrator permission. These services should coordinate and interact with other services. So, we must be able to name the service with acceptable identity and should be able to grant rights to that identity without any contradiction with the governing local policy. Dynamic establishment of trust domains: VO needs to establish coordination between its user and all the resources so that they can communicate easily. These domains must establish trust dynamically whenever a new user join or leave a VO. A user-driven security model is needed to create new entries of the user so that they can coordinate with the resources within the VO.[4] 4. GLOBUS TOOLKIT SECURITY MODELS The Globus Toolkit's Authentication and Authorization components provide the basis standard for the "core" security software in Grid systems and applications. Globus software development kits provide programming libraries, Java classes, and essential tools for a PKI, certificate-based authentication system with single sign-on and delegation features, in either Web Services or non- Web Services frameworks. Grid security technology such as GSI and CAS are used to provide security. These technologies are used to represent the security and are used in various grid projects. Web security services work under the OGSA architecture. It is used to represent refactoring, refinement and repacking of various Grid protocols so that better use of useful resources can be done [3]. OSGA is used with the Globus toolkit to provide WSDL for interface to provide Grid services. OSGA is also used to provide an interface for discovery of grid services. Recent goal of OSGA
  • 3. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 181 security work is to provide relationships between OSGA security mechanism and emerging WS security mechanism [9]. 4.1 GT2 Grid Security Model The security technologies incorporated in the Globus Toolkit version 2 (GT2) includes services for Grid Resource Allocation and Management (GRAM), Monitoring and Discovery (MDS), and data movement (GridFTP). These services use Grid Security Infrastructure (GSI) to provide security. GSI works on a common format based on X.509 identity certificates and a common protocol based on transport layer security (TLS, SSL). An X.509 certificate is associated with private key that forms a unique authentication set that a Grid uses to authenticate itself to other Grid entities. [10] The TLS-based protocol is used to provide message protection (encryption, integrity checking), according to the requirement of data stream. Gateways are used to translate information between common GSI infrastructure and local site mechanisms. For example, the Kerberos Certificate Authority (KCA) provides an interface for translation of Kerberos to GSI and vice versa. [8] Each GSI certificate is issued by certificate authority (CA), which runs a large number of organization or commercial company. To trust the X.509 communication, the CA issues the certificate to trust the entity. An X.509 identity certificate is used within GSI for establishment of a trusted communication. [11] In mechanisms such as Kerberos, where for inter-institutional a bilateral agreement is required at the organizational level, trust in a CA is established unilaterally: A single entity can decide to trust any CA, without involving the whole organization. This feature is used in the establishment of VOs in which some portions of the organizations are only used and not the whole organization. [12] GSI introduces X.509 proxy certificates, which is an extension to GSI used by X.509 identity certificates to allow a user to assign a new X.509 identity to an entity and then delegate subset of their rights to that identity. Users create this proxy certificate by issuing a new X.509 certificate signed by it without involving the CA. By this mechanism new authentication and identities can be created quickly as there is no involvement of the administrator. To create a trusted communication VOs is provided for both the proxy certificate and for security services, Example, the Community Authorization Service (CAS). According to GSI policy if any two entities have proxy certificates issued by the same user they can trust each other. This policy allows the users to create trusted communication itself by issuing proxy certificates to any services with whom they wish to collaborate. [13] This policy of trust between proxy holders allows then for a easy and simple trust domains but for complicated trust domains they have some limitations, for example, limited trust between multiple parties in which we can use security services such as CAS that allow flexible, expressive policy to be created for multiple users in a VO. CAS allows a VO to use the policy that has been provided to it by the resource providers in the VO. This process has three steps shown in Figure 1: The three steps of the figure are: Firstly, the user authenticates to CAS and receives notification from CAS stating VO’s policy that how the user may use VO resources. Second, after that the user presents the details to a VO resource and the usage request.
  • 4. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 182 Finally, then evaluation is done whether to allow the request, for this the resource checks both local policy and the VO policy expressed in the CAS assertion. CAS allows a resource to retain the authority over that resource, but it also allows the VO to control the enforced policy. Then, the VO coordinate the policy that how the resources will be shared. Figure 1. Policy of CAS and VO. While designing GSI we have several efforts to build on PKI. Some of these efforts with respect to Grid security requirements are: First, Kerberos needs the site administrators for establishment of inter domain trust between new entities. Second, the CRISIS i.e. a wide area security system provides a uniform and scalable security infrastructure in a wide area network but does not provide interoperability with local security mechanisms. Third, Secure Shell (SSH) gives us a system of authentication and message protection but does not support translation between different mechanisms or creation of dynamic entities [14]. 4.2 GT3 Security Model Grid security challenges are solved with Open Grid Services Architecture (OGSA) along with a set of technical specifications to integrate Grid technologies with Web services technologies. Web services technologies allow defining software component in terms of access methods, to bind these methods with specific communication mechanisms, and also to provide mechanisms for discovering relevant services. There are no particular mechanisms but few are emerging as ubiquitous. The Simple Object Access Protocol (SOAP) provides an interface for messaging using XML along with HTTP. The Web Services Description Language (WSDL) provides a method for expressing operation signatures and also bindings to protocols and endpoints in an XML document. OGSA is a standard Web service interfaces and behaviors to add Web services with the concepts of crateful services and secure invocation, and also capabilities to address Grid-specific
  • 5. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 183 requirements. These interfaces and behaviors define a “Grid service” and allow users to manage the Grid service’s life-cycle, according to the policies, and create sophisticated distributed services. [6] A grid service is defined as an interface for service data elements (SDEs) that other entities can query or subscribe to. OGSA introduces new opportunities and challenges for Grid security. Globus Toolkit (GT3) and Grid Security Infrastructure (GSI3) were the first to implement OGSA mechanisms. GT3’s security model allows applications and users to operate on the Grid as easy and automatic manner as possible. Security mechanisms should not be instantiated in an application but should be supplied by the surrounding Grid infrastructure to adapt on behalf of the application to meet the application's requirements. [7] Figure 2. OGSA Architecture The application should deal only with application specific policy. GT3 uses the following features of OGSA and Web services security to achieve their goals, these goals are to: First, use of security functionality as OGSA services to locate them and use the service whenever needed. Second, use of sophisticated host environment to provide security for applications and to adapt security of application without changing it. Third, to publish service security policy for clients to discover dynamically what are the requirements and mechanisms needed for establishing trust with the service. Fourth, to provide specifies standards for the exchange of security tokens for interoperability.[4] 4.3 GT4 Security Models GT4 Authorization implements SAML (security assertion markup language), and uses the XACML (extensible access control markup language). XACML authorization framework architecture is an implementation of the Open Grid Services Architecture is an initiative for recasting Grid concepts within a service oriented framework based on Web services. [14] In GT4, we have additional Web Services security specifications implementation. Web Services has provided several security standards that which influences Grid computing. XACML and
  • 6. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 184 SAML are the two important authorization standards. We have several other authorization systems that support Grid computing that are Akenti, PERMIS, Shibboleth and VOMS. Akenti, PERMIS and Shibboleth use the type of attributes which are needed to make authorization decision. VOMS provides user attributes used for authorization. These authorization systems have their own policies, and can be integrated with GT4 authorization framework to provide authorization services. [5] The XACML authorization model has the following policies that are used to create communication. The functioning of these policies are: Firstly, The PEP (Policy Enforcement Point) is used to accept the access requests from users and then it sends the requests to the PDP. Then, The PDP(Policy Decision Point) then makes the access decisions according to the security policy or policy set of PAP (Policy Administration Point) and also by using attributes of the subjects, the resource, and the environment that are obtained by querying the PIP (Policy Information Point). After that, the access decision taken by the PDP is then sent to the PEP. Finally, according to the decision of PDP, the PEP then either permits or denies the access request [9]. The whole architecture is shown below. Figure 3. XACML authorization model XACML also defines a policy language. Policies are organized in hierarchy with the Policy Sets combined using combining algorithms. A rule is has a target, an effect of that rule and a condition on which the rule works. A Policy comprises of a target, one or more rules, and an optional set of obligations [9]. 5. SMART GRID CYBER SECURITY: The cyber security for the smart grid is the possibility that if in a centralized grid we have two way digital communications the grid can become susceptible to the hackers who can use customer confidential information and can cause adverse effect on the communication. This is the latest concern in the Grid to create a Smart Grid cyber security to provide the internet security in the
  • 7. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 185 Grid. There should be some policies with which we can take the benefits of the Internet and also the available computation power in a secure way [1]. Internet facility is much more reliable than electric grid due to the following reasons: 1) Internet is decentralized and is in starfish pattern and not in spider, 2) Asynchronous i.e. we don’t have to use a single source we can work on different server and 3) It has many paths and not a few single connections. The Internet is a smart grid, a resilient grid, a self-healing grid that does not go down. The last connection to the grid may fail, or a particular destination may fail. The Internet makes it possible to have a more secure grid as it reliably monitor and control every part of the grid in real time. The new smart grid will be a less centralized grid because: 1) the traditional economies that supported it has been removed by risk and uncertainty of siting, construction, operation, fuel supply, environmental impact and cost recovery, 2) There is penetration of distributed generation, storage, PHEVs/EVs as well as customer premises energy management systems 3) There is an increasing penetration of stochastic, energy sources like wind, solar and consumer dispatched generation. There is a complex grid with many points to automatically monitor and control resources. Figure 4- Cyber Grid 5.1 Why cyber security is so hard for the future grid The following reasons due to which the cyber security will not be implemented so easily in future grid are: First is, Legacy controllers, networks Fragile security, built to run on private data links, 24/7 (hard to update, patch), real time requirements (security, crypto may impact timing) Second, Control nets run over (or tunneled though) public networks (attack channel, or subject to broader disruption) Third, Best Practices for Control Systems & Grid Security (DHS, NERC CIP standards, NIST Draft NISTIR 7628, etc.) Fourth, these are processes for developing secure systems, not cookbook answers! Fifth, Security is a system issue—what are the pieces and how do they work together And the last is- Security is a moving target [2].
  • 8. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 186 Research activity: • US Government: DHS, INL, NIST, etc. • Foreign Governments • Industry Consortia • Universities, I3P (industry, universities) • Two Relevant Research Projects at NYU-Poly • Trusted Platforms: A hardware basis for trusting software, grid element identity, and actions • INFER—when the defenses have failed.[12] 6. CONCLUSION Grid computing presents a number of security challenges that are met by the Globus Toolkit’s Grid Security Infrastructure (GSI). Version 3 of the Globus Toolkit (GT3) implements the emerging Open Grid Services Architecture; its GSI implementation (GSI3) takes advantage of this evolution to improve on the security model used in earlier versions of the toolkit. Its development provides a basis for a variety of future work. GT4 Security Infrastructure implements the existing and emerging standards which are used by the broader Web Services community. In particular, we are interested in exploiting WS-Routing to improve firewall compatibility; in defining and implementing standard services for authorization, credential conversation, identity mapping; and in using WS-Policy to automate application determination of requirements and location of services that meet those requirements. Also the cyber security in Grid is the latest interest in the field of Grid computing to provide security. ACKNOWLEDGEMENTS We would like to thank our principal for providing us the platform for research. Also we are thankful to TEQIP-II for funding this publication. Support of the technical staff was also commendable. REFERENCES [1] Report to NIST on Smart Grid Interoperability Standards Roadmap EPRI, Jun. 17, 2009 [Online].Available:http://www.nist.gov/smartgrid/InterimSmartGridRoadmapNISTRestructure.pdf [2] Draft smart grid cyber security strategy and requirements, NIST IR 7628, Sep. 2009 [Online]. Available: http://csrc.nist.gov/publications/ drafts/nistir-7628/draft-nistir-7628.pdf [3] “Public key infrastructure,” Wikipedia Feb. 18, 2010 [Online]. Available: http://en.wikipedia.org/wiki/Public_key_infrastructure [4] Energy Assurance Daily, September 27, 2007. U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability, Infrastructure Security and Energy Restoration Division. April 25, 2010. [5] WiMax Security 2010 [Online]. Available: http://www.topbits. com/wimax-security.html [6] I. Foster and C. Kesselman, editors. Computational Grids: The Future of High Performance Distributed Computing. Morgan Kaufmann, 1998. [7] I. Foster, K. Kesselman, The Grid: Blueprint for a Future Computing Infrastructure(Morgan Kaufmann in Computer Architecture and Design), 1999. [8] Ian, F., C. Kesselman and S. Tuecke(2001). ‘The anatomy of the grid: enabling scalable virtual organizations’, a reprint in Berman et. al(2003) pp.171-191. [9] L. Ramakrishnan, Securing Next-Generation Grids, IEEE IT Pro, March/April 2004. [10] E. Cody, R. Sharman, Raghav H. Rao, Sh. Upadhyaya, Security in grid computing: A review and synthesis, http://www.siencedirect.com (Document view: October 12 2010). [11] Foster, I., Kesselman, C., Nick, J. and Tuecke, S. The Physiology of the Grid: An Open Grid Services Architecture for Distributed Systems Integration, Globus Project, 2002. http://www.globus.org/research/papers/ogsa.pdf.
  • 9. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 187 [12] Foster, I., Kesselman, C., Tsudik, G. and Tuecke, S. A Security Architecture for Computational Grids. ACM Conference on Computers and Security, 1998, 83-91. [13] CCITT Recommendation X.509: The Directory – Authentication Framework.1988. [14] Minoli D. (2005). “A Networking Approach to Grid Computing”, Prentice Hall. [15] Simple Object Access Protocol (SOAP) 1.1, www.w3.org/TR/SOAP Authors Mr. Saurabh Maheshwari is an Assistant Professor in Dept. of Computer Engineering in Govt. Women Engineering College Ajmer, Rajasthan, India. He is pursuing Ph.D. in ICT from IIT Jodhpur. He has done his M.Tech. in CSE from MNIT Jaipur, India. His research interests lies in Image Processing, Biometrics, Bio-Instrumentation and Application Development for handheld devices. Ms. Neha Mishra is pursuing M.Tech in CSE from Govt. Women Engineering College Ajmer India. She has completed her B.Tech in 2012 from RCEW Jaipur India. Ms. Ritu Yadav is pursuing M.Tech in CSE from Govt. Women Engineering College Ajmer India. She has completed her B.Tech in 2012 from Govt. Women Engineering College Ajmer India.