A security policy framework for grid services

Abstract

Grid computing deals with flexible, secure and coordinated sharing of resources that are distributed over wide area networks. With the evolution of this field, the complexity of the distributed systems has increased and therefore the implementation of a secure environment has become difficult. At the same time, grid setups necessarily require a secure environment where users/organizations have access to resources, precisely on the basis of their rights, with proper accountability and control. This thesis work implements a security policy framework to address key security requirements (mainly identified as authentication, privacy, trust and authorization) and provide support to express, evaluate and enforce security policies related to these requirements. The identified security requirements of grid systems have been categorized mainly into four security disciplines which are authentication, privacy, trust and authorization. Therefore, the framework implements four different models namely authentication model, privacy model, trust model and policy based authorization model. These models address security requirements and policies specific to their respective disciplines. To achieve the set objectives, a comprehensive literature review of developments related to grid and web services, their method of operation and execution has been done. The similarities and differences between the two have been brought out. A thorough study and analysis of standards and specifications used in grid and web services based systems has also been carried out. Previous work done in the areas of authentication, privacy, trust and policy based authorization in grid systems has been studied, extended in the form of a framework, and reported in detail. Out of the four models, the authentication model provides support for single sign-on and delegation features using proxy certificates and a credential management service to store, retrieve and update multiple user credentials.