Conveners
Grid Security
- Andrew McNab (Univ. of Manchester)
-
S. NAQVI (TELECOM PARIS)29/09/2004, 14:00Track 4 - Distributed Computing Servicesoral presentationIn the evolution of computational grids, security threats were overlooked in the desire to implement a high performance distributed computational system. But now the growing size and profile of the grid require comprehensive security solutions as they are critical to the success of the endeavour. A comprehensive security system, capable of responding to any attack on grid resources, is...Go to contribution page
-
D. Skow (FERMILAB)29/09/2004, 14:20Track 4 - Distributed Computing Servicesoral presentationThere have been a number of efforts to develop use cases for the Grid to guide development and useability testing. This talk examines the value of "mis-use cases" for guiding the development of operational controls and error handling. A couple of the more common current network attack patterns will be extrapolated to a global Grid environment. The talk will walk through the various...Go to contribution page
-
M. Cardenas Montes (CIEMAT)29/09/2004, 14:40Track 4 - Distributed Computing Servicesoral presentationImplementing strategies for secured access to widely accessible clusters is a basic requirement of these services, in particular if GRID integration is sought for. This issue has two complementary lines to be considered: security perimeter and intrusion detection systems. In this paper we address aspects of the second one. Compared to classical intrusion detection mechanisms, close...Go to contribution page
-
M. Branco (CERN)29/09/2004, 15:00Track 4 - Distributed Computing Servicesoral presentationIn a resource-sharing environment on the grid both grid users and grid production managers call for security and data protection from unauthorized access. To secure data management several novel grid technologies were introduced in ATLAS data management. Our presentation will review new grid technologies introduced in HEP production environment for database access through the Grid...Go to contribution page
-
A. McNab (UNIVERSITY OF MANCHESTER)29/09/2004, 15:20Track 4 - Distributed Computing Servicesoral presentationWe describe the GridSite authorization system, developed by GridPP and the EU DataGrid project for access control in High Energy Physics grid environments with distributed virtual organizations. This system provides a general toolkit of common functions, including the evaluation of access policies (in GACL or XACML), the manipulation of digital credentials (X.509, GSI Proxies or VOMS...Go to contribution page
-
M. Crawford (FERMILAB)29/09/2004, 16:30Track 4 - Distributed Computing Servicesoral presentationAs an underpinning of AFS and Windows 2000, and as a formally proven security protocol in its own right, Kerberos is ubiquitous among HEP sites. Fermilab and users from other sites have taken advantage of this and built a diversity of distributed applications over Kerberos v5. We present several projects in which this security infrastructure has been leveraged to meet the requirements of...Go to contribution page
-
G. GANIS (CERN)29/09/2004, 16:50Track 4 - Distributed Computing Servicesoral presentationThe new authentication and security services available in the ROOT framework for client/server applications will be described. The authentication scheme has been designed with the purpose to make the system complete and flexible, to fit the needs of the coming clusters and facilities. Three authentication methods have been made available: Globus/GSI, for GRID-awareness; SSH, to allow...Go to contribution page
-
G. Carcassi (BROOKHAVEN NATIONAL LABORATORY)29/09/2004, 17:10Track 4 - Distributed Computing Servicesoral presentationWe present a work-in-progress system, called GUMS, which automates the processes of Grid user registration and management and supports policy-aware authorization at well. GUMS builds on existing VO management tools (LDAP VO, VOMS and VOMRS) with a local grid user management system and a site database which stores user credentials, accounting history and policies in XML format. We use...Go to contribution page
-
Ian FISK (FNAL)29/09/2004, 17:30Track 4 - Distributed Computing Servicesoral presentationCurrent grid development projects are being designed such that they require end users to be authenticated under the auspices of a "recognized" organization, called a Virtual Organization (VO). A VO must establish resource-usage agreements with grid resource providers. The VO is responsible for authorizing its members for grid computing privileges. The individual sites and resources...Go to contribution page
-
29/09/2004, 17:50Track 4 - Distributed Computing Servicesoral presentationA key feature of Grid systems is the sharing of its resources among multiple Virtual Organizations (VOs). The sharing process needs a policy framework to manage the resource access and usage. Generally Policy frameworks exist for farms or local systems only, but now, for Grid environments, a general, and distributed policy system is necessary. Generally VOs and local systems have...Go to contribution page