{"title":"在基于网格的虚拟协作环境中,利用TPM/TCG扩展用户控制的安全域","authors":"Y. Demchenko, L. Gommans, C. D. Laat","doi":"10.1109/CTS.2007.4621738","DOIUrl":null,"url":null,"abstract":"The paper proposes an integral approach to building multilayer security for Grid based virtual collaborative environment that leverages the general user-controlled complex resource provisioning (CRP-UC) model. The CRP-UC is considered as comprising of three layers: trusted computing platform, secure virtualised workspace, and collaborative/application session. The suggestions on the technology selection are provided for the first two layers: industry adopted Trusted Computing (TCG) platform, and Virtual Workspace Service (VWSS) developed in the framework of the Globus Toolkit. Solutions and implementation are proposed and discussed for the service/application authorisation session and security context management in multidomain applications based on the GAAA Authorisation Framework that can be used with the major service-oriented AuthZ framework. The current implementation of the XML-based authorisation ticket format is discussed and possible extensions to address wider user session management issues are suggested, in particular those related to the TCG-rooted chain of trust and session context negotiation. The paper is based on experiences gained from major Grid based and Grid oriented projects including EGEE, Phosphorus, Globus Toolkit.","PeriodicalId":363805,"journal":{"name":"2007 International Symposium on Collaborative Technologies and Systems","volume":"56 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Extending user-controlled security domain with TPM/TCG in Grid-based virtual collaborative environment\",\"authors\":\"Y. Demchenko, L. Gommans, C. D. Laat\",\"doi\":\"10.1109/CTS.2007.4621738\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The paper proposes an integral approach to building multilayer security for Grid based virtual collaborative environment that leverages the general user-controlled complex resource provisioning (CRP-UC) model. The CRP-UC is considered as comprising of three layers: trusted computing platform, secure virtualised workspace, and collaborative/application session. The suggestions on the technology selection are provided for the first two layers: industry adopted Trusted Computing (TCG) platform, and Virtual Workspace Service (VWSS) developed in the framework of the Globus Toolkit. Solutions and implementation are proposed and discussed for the service/application authorisation session and security context management in multidomain applications based on the GAAA Authorisation Framework that can be used with the major service-oriented AuthZ framework. The current implementation of the XML-based authorisation ticket format is discussed and possible extensions to address wider user session management issues are suggested, in particular those related to the TCG-rooted chain of trust and session context negotiation. The paper is based on experiences gained from major Grid based and Grid oriented projects including EGEE, Phosphorus, Globus Toolkit.\",\"PeriodicalId\":363805,\"journal\":{\"name\":\"2007 International Symposium on Collaborative Technologies and Systems\",\"volume\":\"56 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-05-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 International Symposium on Collaborative Technologies and Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CTS.2007.4621738\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 International Symposium on Collaborative Technologies and Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CTS.2007.4621738","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Extending user-controlled security domain with TPM/TCG in Grid-based virtual collaborative environment
The paper proposes an integral approach to building multilayer security for Grid based virtual collaborative environment that leverages the general user-controlled complex resource provisioning (CRP-UC) model. The CRP-UC is considered as comprising of three layers: trusted computing platform, secure virtualised workspace, and collaborative/application session. The suggestions on the technology selection are provided for the first two layers: industry adopted Trusted Computing (TCG) platform, and Virtual Workspace Service (VWSS) developed in the framework of the Globus Toolkit. Solutions and implementation are proposed and discussed for the service/application authorisation session and security context management in multidomain applications based on the GAAA Authorisation Framework that can be used with the major service-oriented AuthZ framework. The current implementation of the XML-based authorisation ticket format is discussed and possible extensions to address wider user session management issues are suggested, in particular those related to the TCG-rooted chain of trust and session context negotiation. The paper is based on experiences gained from major Grid based and Grid oriented projects including EGEE, Phosphorus, Globus Toolkit.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
