Christopher Kunz, Christian Szongott, J. Wiebelitz, C. Grimm
{"title":"网格代理审计基础设施的设计和实现","authors":"Christopher Kunz, Christian Szongott, J. Wiebelitz, C. Grimm","doi":"10.1109/ESCIW.2009.5407982","DOIUrl":null,"url":null,"abstract":"Single sign-on and delegation of rights are key requirements for modern Grid infrastructures. These requirements are usually facilitated by X.509 und Private-Key Infrastructures (PKI) and proxy certificates. Proxy certificates, however, can be obtained and abused by a malicious third party. There is currently no method for end users to detect such abuse. We have designed a solution that enables a thorough auditing of Grid proxy usage in Globus-based Grids and implemented a service that accepts auditing information via a web service interface and saves them to a back-end database. We introduce modifications to the Grid Security Infrastructure that allow sending audit trails from within Globus components if the user desires to track credential usage. A web-based front-end shows all logged information. With our approach, expert users can now closely monitor how their credentials are used after job submission. This will help build trust in Grid infrastructures and delegated authentication and authorization.","PeriodicalId":416133,"journal":{"name":"2009 5th IEEE International Conference on E-Science Workshops","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Design and implementation of a Grid proxy auditing infrastructure\",\"authors\":\"Christopher Kunz, Christian Szongott, J. Wiebelitz, C. Grimm\",\"doi\":\"10.1109/ESCIW.2009.5407982\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Single sign-on and delegation of rights are key requirements for modern Grid infrastructures. These requirements are usually facilitated by X.509 und Private-Key Infrastructures (PKI) and proxy certificates. Proxy certificates, however, can be obtained and abused by a malicious third party. There is currently no method for end users to detect such abuse. We have designed a solution that enables a thorough auditing of Grid proxy usage in Globus-based Grids and implemented a service that accepts auditing information via a web service interface and saves them to a back-end database. We introduce modifications to the Grid Security Infrastructure that allow sending audit trails from within Globus components if the user desires to track credential usage. A web-based front-end shows all logged information. With our approach, expert users can now closely monitor how their credentials are used after job submission. This will help build trust in Grid infrastructures and delegated authentication and authorization.\",\"PeriodicalId\":416133,\"journal\":{\"name\":\"2009 5th IEEE International Conference on E-Science Workshops\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 5th IEEE International Conference on E-Science Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ESCIW.2009.5407982\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 5th IEEE International Conference on E-Science Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ESCIW.2009.5407982","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Design and implementation of a Grid proxy auditing infrastructure
Single sign-on and delegation of rights are key requirements for modern Grid infrastructures. These requirements are usually facilitated by X.509 und Private-Key Infrastructures (PKI) and proxy certificates. Proxy certificates, however, can be obtained and abused by a malicious third party. There is currently no method for end users to detect such abuse. We have designed a solution that enables a thorough auditing of Grid proxy usage in Globus-based Grids and implemented a service that accepts auditing information via a web service interface and saves them to a back-end database. We introduce modifications to the Grid Security Infrastructure that allow sending audit trails from within Globus components if the user desires to track credential usage. A web-based front-end shows all logged information. With our approach, expert users can now closely monitor how their credentials are used after job submission. This will help build trust in Grid infrastructures and delegated authentication and authorization.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
