Conveners
Grid Security
- Andrew McNab (Univ. of Manchester)
S. NAQVI
(TELECOM PARIS)
29/09/2004, 14:00
Track 4 - Distributed Computing Services
oral presentation
In the evolution of computational grids, security threats were overlooked in the
desire to implement a high performance distributed computational system. But now
the growing size and profile of the grid require comprehensive security solutions
as they are critical to the success of the endeavour. A comprehensive security
system, capable of responding to any attack on grid resources, is...
D. Skow
(FERMILAB)
29/09/2004, 14:20
Track 4 - Distributed Computing Services
oral presentation
There have been a number of efforts to develop use cases for the Grid
to guide development and useability testing. This talk examines the
value of "mis-use cases" for guiding the development of operational
controls and error handling. A couple of the more common current
network attack patterns will be extrapolated to a global Grid
environment. The talk will walk through the various...
M. Cardenas Montes
(CIEMAT)
29/09/2004, 14:40
Track 4 - Distributed Computing Services
oral presentation
Implementing strategies for secured access to widely accessible
clusters is a basic requirement of these services, in particular if
GRID integration is sought for. This issue has two complementary
lines to be considered: security perimeter and intrusion detection
systems. In this paper we address aspects of the second one.
Compared to classical intrusion detection mechanisms, close...
M. Branco
(CERN)
29/09/2004, 15:00
Track 4 - Distributed Computing Services
oral presentation
In a resource-sharing environment on the grid both grid users and grid
production managers call for security and data protection from
unauthorized access. To secure data management several novel grid
technologies were introduced in ATLAS data management. Our presentation
will review new grid technologies introduced in HEP production environment
for database access through the Grid...
A. McNab
(UNIVERSITY OF MANCHESTER)
29/09/2004, 15:20
Track 4 - Distributed Computing Services
oral presentation
We describe the GridSite authorization system, developed by GridPP and the
EU DataGrid project for access control in High Energy Physics grid
environments with distributed virtual organizations. This system provides a
general toolkit of common functions, including the evaluation of access
policies (in GACL or XACML), the manipulation of digital credentials
(X.509, GSI Proxies or VOMS...
M. Crawford
(FERMILAB)
29/09/2004, 16:30
Track 4 - Distributed Computing Services
oral presentation
As an underpinning of AFS and Windows 2000, and as a formally proven
security protocol in its own right, Kerberos is ubiquitous among HEP
sites. Fermilab and users from other sites have taken advantage of this
and built a diversity of distributed applications over Kerberos v5. We
present several projects in which this security infrastructure has been
leveraged to meet the requirements of...
G. GANIS
(CERN)
29/09/2004, 16:50
Track 4 - Distributed Computing Services
oral presentation
The new authentication and security services available in the ROOT framework
for client/server applications will be described.
The authentication scheme has been designed with the purpose to make the
system complete and flexible, to fit the needs of the coming clusters and
facilities.
Three authentication methods have been made available: Globus/GSI,
for GRID-awareness; SSH, to allow...
G. Carcassi
(BROOKHAVEN NATIONAL LABORATORY)
29/09/2004, 17:10
Track 4 - Distributed Computing Services
oral presentation
We present a work-in-progress system, called GUMS, which automates
the processes of Grid user registration and management and supports
policy-aware authorization at well. GUMS builds on existing VO
management tools (LDAP VO, VOMS and VOMRS) with a local grid user
management system and a site database which stores user credentials,
accounting history and policies in XML format. We use...
Ian FISK
(FNAL)
29/09/2004, 17:30
Track 4 - Distributed Computing Services
oral presentation
Current grid development projects are being designed such that they
require end users to be authenticated under the auspices of
a "recognized" organization, called a Virtual Organization (VO). A VO
must establish resource-usage agreements with grid resource
providers. The VO is responsible for authorizing its members for grid
computing privileges. The individual sites and resources...
29/09/2004, 17:50
Track 4 - Distributed Computing Services
oral presentation
A key feature of Grid systems is the sharing of its resources among
multiple Virtual Organizations (VOs). The sharing process needs a
policy framework to manage the resource access and usage. Generally
Policy frameworks exist for farms or local systems only, but now, for
Grid environments, a general, and distributed policy system is
necessary.
Generally VOs and local systems have...
