GGF17 in Tokyo is getting closer!
Dear all, The next GGF is only a week away, as usual with plenty of interesting sessions to attend. On top of that, there's the GridWorld Japan expo that may attract some of you as well. I would like to make some advertising for the security area session on Thursday morning (9am). Besides the usual formalia, we will get some thought-provoking ideas on the use of Identity-Based Cryptography in Grid Security, presented by Hoon Wei Lim. Abstract as follows: The majority of current security architectures for grid systems use public key infrastructure (PKI) to authenticate identities of grid members and to secure resource allocation to these members. Identity-based cryptography (IBC) has some attractive properties which seem to align well with the demands of grid computing, for example, it is certificate-free and uses small key sizes. More importantly, an entity's public key can be computed on-the-fly based on their identity. In this talk, we present the use of identity-based techniques to provide an alternative grid security architecture. Our proposal exploits some interesting properties of hierarchical identity-based cryptography (HIBC) to replicate security services provided by the grid security infrastructure (GSI) of the Globus Toolkit. Take care, and hope to see many of you next week! /Olle PS. Don't forget to read and make a statement on your support and/or criticism of the security-related documents that are currently in public comment!
Dear Colleagues, The Daonity team of tc-rg has done a first version of the system working on the TPM chip of Infineon and HP platforms, to be demo shown on Thursday 1:45-3:15. To help grasping what to be shown, attached is an accompanying paper for it. Any comments would be gratefully received. Best wishes, Wenbo Mao Title: Daonity - Grid Security with Behavior Conformity from Trusted Computing Author: The Daonity Team A Research Group in Global Grid Forum Led by HP Labs China and participated by Huazhong University of Science and Technology, Wuhan University and Oxford University Abstract: A central security requirement for Grid computing, or more generally federated computing, can be referred to as behavior conformity. This is a strong assurance for the system that a remote principal (user, computing platform or instrument) will be acting in conformity with the rules defined by the policies of the federated computing. However, as will be analyzed and discussed in this paper, Grid security practice at present, e.g., Grid Security Infrastructure (GSI) for a standard Grid middleware Globus Toolkit, has little means for this requirement to be met and consequently falls short of satisfactory solutions to a number of Grid computing problems. Trusted Computing (TC) technology developed by Trusted Computing Group (TCG) forms an important industrial initiative for improving computer security by means of a hardware supported security architecture. For a federated computing system, the TC technology can not only improve security in a conventional sense (such as stronger protection on cryptographic key material), but also allow conformed behavior of principal(s) in a remote environment to be measured by the rest of the confederation. We consider that the TC technology can provide practical and readily available solutions to meeting behavior conformity requirements needed by Grid computing. In the main part of this paper we report Daonity system. This is a TC-technology enabled Grid security system which we have designed for improving GSI. We shall see a number of TC innovations applicable to GSI. These include: (i) security suitable for constructing a dynamic virtual organization of an unbounded resource supply, (ii) construction of property based virtual organization with conformed quality of services, (iii) supporting sharing of security resource, and (iv) stronger protection of the Grid authorization mechanism.
participants (2)
-
Olle Mulmo -
Wenbo Mao