Grid Security Infrastructure
   HOME

TheInfoList



Click Here for Items Related To - Grid Security Infrastructure
OR:
Grid Security Infrastructure on:   [Wikipedia]   [Google]   [Amazon]

The Grid Security Infrastructure (GSI), formerly called the Globus Security Infrastructure, is a specification for secret, tamper-proof, delegatable communication between software in a
grid computing Grid computing is the use of widely distributed computer resources to reach a common goal. A computing grid can be thought of as a distributed system with non-interactive workloads that involve many files. Grid computing is distinguished from co ...
environment. Secure, authenticatable communication is enabled using
asymmetric encryption Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
.


Authentication

Authentication is performed using digital signature technology (see
digital signatures A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very high confidence that the message was created b ...
for an explanation of how this works); secure authentication allows resources to lock data to only those who should have access to it.


Delegation

Authentication introduces a problem: often a service will have to retrieve data from a resource independent of the user; in order to do this, it must be supplied with the appropriate privileges. GSI allows for the creation of delegated privileges: a new key is created, marked as a delegated and signed by the user; it is then possible for a service to act on behalf of the user to fetch data from the resource.


Security Mechanisms

Communications may be secured using a combination of methods: * Transport Layer Security (TLS) can be used to protect the communication channel from
eavesdropping Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information. Etymology The verb ''eavesdrop'' is a back-formation from the noun ''eaves ...
or
man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
s. * Message-Level Security can be used (although currently it is much slower than TLS).


References


A Security Infrastructure for Computational Grids
by Ian Foster et al.
A National-Scale Authentication Infrastructure
by Randy Butler et al.


External links



Grid computing Cryptographic protocols {{compu-network-stub