Home Up Feedback Contents Search

 
Security Example

 

 

 

Security Challenges

 

 

Sponsor Links
IBM Virtualization Engine Grid Toolbox for Multiplatforms - ( v. 1.x ) - media
HP/Compaq Proliant BL20p G3 Blade Server
IBM eserver BladeCenter HS20 8832 - Xeon 3.2 GHz
logo_88x31
HP StorageWorks Modular SAN Array 1000, includes one controller and one single-port Fibre Channel I/O Module
Hotwire.com
Intel Server Compute Blade SBXL52 - no CPU
Red Hat Linux Advanced Server
Intel Cluster Math Kernel Library for Linux - ( v. 7.x ) - complete package
Dell Outlet
Intel Blade Server Chassis SBCE - desktop - 7 U
iBook G4
HP Installer Kit for Linux - media
HP StorageWorks Continuous Access EVA - ( v. 1 ) - complete package
HP Fabric Manager Enterprise - ( v. 4.x ) - complete package
IBM Cluster Systems Management Base for Xlinux/EServer - ( v. 1.4 ) - media
HP F500 Cluster for EVA Basic
S/W Integration Kit for HP OpenView NNM SNMP MGMT
HP StorageWorks 300mx MO Jukebox 2 Drives , 291.2 GB
Novanet Microsoft Clusters
HP StorageWorks Magneto-Optical Storage 2200mx , 2.17TB
Fujitsu

Security for Virtual Organizations: Federating Trust and Policy Domains
SECTION 1
 Requirements
Grid Society
Example
Challenges
Architecture
Trust Domains
Dynamic Services

SECTION 2
Coming soon

SECTION 3
Coming soon

 << 1 3 4 5 6 >>

 

Excerpt from chapter 21 of Grid 2: Blueprint for a New Computing Infrastructure.

21.1.2 Grid Security Example

A prime example of a Grid project that shows all challenges in the extreme is the Compact Muon Solenoid experiment (Chapter 10). Data from this experiment at the Large Hadron Collider in the CERN Laboratory in Switzerland will be analyzed by more than 2000 physicists at more than 150 universities and laboratories in 34 countries (see Figure 21.1).

 

Diagram of the Compact Muon Solenoid experiment at CERN
 

Figure 21.1: The global dissemination and sharing of the Compact Muon Solenoid (CMS) experimental data from the Large Hadron Collider in CERN. 

The dissemination, processing, sharing, and virtualization of data, as well as the sharing and virtualization of compute resources, networks, and experiments, lead to challenging requirements for storage, network bandwidth, and compute power. The associated security requirements are equally challenging:

  • Data will move through, and be accessed from, many different centers in different countries with different security mechanisms and policies in place at each center (e.g., one center may use the Grid Security Infrastructure (GSI) (280), whereas another uses Kerberos (501)).

  • The community requiring access to the data spans multiple organizations and countries. Thus, center administrators need the ability to enforce policy without knowing the individuals that access their resources. For example, a job originally submitted in Switzerland may use compute cycles from the center in Italy, and the Italian center administrator may know the job submitter not as an individual identity but only as a member of a particular research group.

  • Trust must be established and expressed between different centers, from which remote access policies must be derived. For example, the Italian and Swiss centers need to establish a level of trust expressed in terms of policies that can be used to derive SLAs on submitted jobs.

  • Data integrity and confidentiality can be crucial: the winning of a Nobel prize may depend on the enforcement of data privacy and fine-grained access control. Creators and owners of data may want to associate policy with the data that is independent of where the data are physically stored. For example, a policy might state that “raw data should be created or modified only by personnel involved in data acquisition. A Swiss scientist’s job may run on a computer in Italy, but the data used and generated by the job are sensitive and cannot be accessed by anyone that the scientist does not trust and grant access.”

  • Physicists need the authority to submit jobs that require nontrivial SLAs to match the availability of data, network resources, storage, and CPU cycles, with the associated access rights to each of these resources in different administrative domains.

Many other equally challenging Grid projects are under way. Their common denominator is that they span multiple administrative domains and deal with nontrivial negotiations and agreements of trust and access rights.

<< 1 3 4 5 6 >>
 

ipodphoto120x90
VirusScan Online - 120x90
Travel Getaways
Build Upgrade Replace - Animated
 

 

 

Home ] Up ] Security Challenges ]

Send mail to with questions or comments about this web site.
Copyright © 2005-7 GridSummit.com
Last modified: 10/30/07