Abstract
A critical problem for grid security is how to gain secure solution for Grid virtual organization (VO). In Grid practice at present, issues of VO security rely on non-distributed policy management and related PKI mechanism. A practical but difficult solution is to enforce fine granularity policy over distributed sites. The emerging Trusted Computing (TC) technologies offer great potential to improve this situation. In our Project Daonity, Trusted Platform Module (TPM), as a tamper-resistance module, is shared as a strong secure resource among platforms of grid users. Based on the sharing mechanism, a TC-enabled architecture is proposed to improve Grid Security Infrastructure, especially authorization protection and single sign on are enhanced to demonstrate how to gain enhanced and distributed security in grid environment.
Sponsored by HP Labs China, supported by the National Natural Science Foundations of China under Grant No.60373087, 60473023, 60503040 and 90104005, and supported by the Open Foundation of Key Laboratory of Computer Networks and Information Security (Xidian University), Ministry of Education.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Foster, I., et al.: A Security Architecture for Computational Grids. In: 5th ACM Conference on Computer and Communications Security (1998)
Department of Defense, Department of Defense Trusted Computer System Evaluation Criteria. DoD 5200.28-STD (December 1985)
Dyer, J., Lindemann, M., Perez, R., Sailer, R., Smith, S.W., van Doorn, L., Weingart, S.: Building the IBM 4758 Secure Coprocessor. IEEE Computer 34, 57–66 (2001)
Suh, G., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: Architecture for Tamper-Evident and Tamper-Resistant processing. In: Proceedings of the 17Int’l Conference on Supercomputing, pp. 160–171 (2003)
Smith, S.W.: Outbound Authentication for Programmable Secure Coprocessors. International Journal on information Security (2004)
Smith, S.W., Weingart, S.: Building a High-Performance, Programmable Secure Coprocessor. Computer Networks 31, 831–860 (1999)
LaGrande Technology Architectural Overview (September 2003), http://www.intel.com/technology/security/
Mao, W., et al.: Daonity Specifications Part I Design (February 2006), https://forge.gridforum.org/projects/tc-rg/
Main, TPM, Part 1, Design Principles, Specification Version 1.2, Revision 85, Trusted Computing Group (February 13, 2005)
Main, TPM, Part 2, TPM Structures, Specification Version 1.2, Level 2 Revision 85, Trusted Computing Group (February 13, 2005)
Main, TPM, Part 3, Commands, Specification Version 1.2, Level 2 Revision 85, Trusted Computing Group (February 13, 2005)
Specification, TCG, Architecture Overview, Specifications Revision 1.2 (April 28, 2004)
Novotny, J., Tueke, S., Welch, V.: An Online Credential Repository for the Grid: MyProxy. In: Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC-10). IEEE Press, Los Alamitos (2001)
Lorch, M., Basney, J., Kafura, D.: A Hardware-secured Credential Repository for Grid PKIs. In: 4th IEEE/ACM International Symposium on Cluster Computing and the Grid (April 2004)
Marchesini, J., Smith, S.W.: SHEMP: Secure Hardware Enhanced MyProxy. In: Proceedings of Third Annual Conference on Privacy, Security and Trust (October 2005)
Sinclair, S., Smith, S.W.: PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness. In: 21st Annual Computer Security Applications Conference. IEEE Computer Society, Los Alamitos (2005)
TCG Software Stack Specification Version 1.1, Trusted Computing Group (August 20, 2003)
Humphrey, M., Thompson, M., Jackson, K.R.: Security for Grids. Proceedings of the IEEE (Special Issue on Grid Computing) 93(3) (March 2005)
Marchesini, J., Smith, S.W., Wild, O., MacDonald, R.: Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear. Technical Report TR2003-476, Department of Computer Science, Dartmouth College (2003)
Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A Community Authorization Service for Group Collaboration. In: Proceedings of IEEE 3rd Int. Workshop on Policies for Distributed Systems and Networks (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yan, F., Qiang, W., Shen, Z., Chen, C., Zhang, H., Zou, D. (2006). Daonity: An Experience on Enhancing Grid Security by Trusted Computing Technology. In: Yang, L.T., Jin, H., Ma, J., Ungerer, T. (eds) Autonomic and Trusted Computing. ATC 2006. Lecture Notes in Computer Science, vol 4158. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11839569_22
Download citation
DOI: https://doi.org/10.1007/11839569_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38619-3
Online ISBN: 978-3-540-38622-3
eBook Packages: Computer ScienceComputer Science (R0)