网格代理审计基础设施的设计和实现

2009 5th IEEE International Conference on E-Science Workshops Pub Date : 2009-12-01 DOI:10.1109/ESCIW.2009.5407982

Christopher Kunz, Christian Szongott, J. Wiebelitz, C. Grimm

{"title":"网格代理审计基础设施的设计和实现","authors":"Christopher Kunz, Christian Szongott, J. Wiebelitz, C. Grimm","doi":"10.1109/ESCIW.2009.5407982","DOIUrl":null,"url":null,"abstract":"Single sign-on and delegation of rights are key requirements for modern Grid infrastructures. These requirements are usually facilitated by X.509 und Private-Key Infrastructures (PKI) and proxy certificates. Proxy certificates, however, can be obtained and abused by a malicious third party. There is currently no method for end users to detect such abuse. We have designed a solution that enables a thorough auditing of Grid proxy usage in Globus-based Grids and implemented a service that accepts auditing information via a web service interface and saves them to a back-end database. We introduce modifications to the Grid Security Infrastructure that allow sending audit trails from within Globus components if the user desires to track credential usage. A web-based front-end shows all logged information. With our approach, expert users can now closely monitor how their credentials are used after job submission. This will help build trust in Grid infrastructures and delegated authentication and authorization.","PeriodicalId":416133,"journal":{"name":"2009 5th IEEE International Conference on E-Science Workshops","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Design and implementation of a Grid proxy auditing infrastructure\",\"authors\":\"Christopher Kunz, Christian Szongott, J. Wiebelitz, C. Grimm\",\"doi\":\"10.1109/ESCIW.2009.5407982\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Single sign-on and delegation of rights are key requirements for modern Grid infrastructures. These requirements are usually facilitated by X.509 und Private-Key Infrastructures (PKI) and proxy certificates. Proxy certificates, however, can be obtained and abused by a malicious third party. There is currently no method for end users to detect such abuse. We have designed a solution that enables a thorough auditing of Grid proxy usage in Globus-based Grids and implemented a service that accepts auditing information via a web service interface and saves them to a back-end database. We introduce modifications to the Grid Security Infrastructure that allow sending audit trails from within Globus components if the user desires to track credential usage. A web-based front-end shows all logged information. With our approach, expert users can now closely monitor how their credentials are used after job submission. This will help build trust in Grid infrastructures and delegated authentication and authorization.\",\"PeriodicalId\":416133,\"journal\":{\"name\":\"2009 5th IEEE International Conference on E-Science Workshops\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 5th IEEE International Conference on E-Science Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ESCIW.2009.5407982\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 5th IEEE International Conference on E-Science Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ESCIW.2009.5407982","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

单点登录和授权是现代网格基础设施的关键需求。这些要求通常由X.509、私有密钥基础设施(PKI)和代理证书来实现。但是，代理证书很容易被恶意的第三方获取和滥用。目前还没有办法让最终用户发现这种滥用。我们设计了一个解决方案，可以对基于globus的网格中的网格代理使用情况进行彻底审计，并实现了一个通过web服务接口接受审计信息并将其保存到后端数据库的服务。我们对Grid Security Infrastructure进行了修改，如果用户希望跟踪凭证的使用情况，允许从Globus组件内部发送审计跟踪。基于web的前端显示所有记录的信息。有了我们的方法，专业用户现在可以密切监控他们的凭证在提交作业后是如何被使用的。这将有助于在网格基础设施和委托身份验证和授权中建立信任。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Design and implementation of a Grid proxy auditing infrastructure

Single sign-on and delegation of rights are key requirements for modern Grid infrastructures. These requirements are usually facilitated by X.509 und Private-Key Infrastructures (PKI) and proxy certificates. Proxy certificates, however, can be obtained and abused by a malicious third party. There is currently no method for end users to detect such abuse. We have designed a solution that enables a thorough auditing of Grid proxy usage in Globus-based Grids and implemented a service that accepts auditing information via a web service interface and saves them to a back-end database. We introduce modifications to the Grid Security Infrastructure that allow sending audit trails from within Globus components if the user desires to track credential usage. A web-based front-end shows all logged information. With our approach, expert users can now closely monitor how their credentials are used after job submission. This will help build trust in Grid infrastructures and delegated authentication and authorization.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 5th IEEE International Conference on E-Science Workshops

自引率

0.00%

发文量

期刊最新文献

Scientific workflow applications on Amazon EC2 A lightweight supercomputing Web portal for inferring phylogenetic trees A middleware independent Grid workflow builder for scientific applications Towards Executable Acceptable Use Policies (execAUPs) for email clouds Supporting cloud computing with the virtual block store system