User-Friendly Security Solutions for Grid Environments

Funded by:
EPSRC logo
UCL Cambridge Newcastle Manchester LSBU

Overview

Problem statement

  1. The security infrastructure currently deployed in most grid environments tends to be extremely complex. It is difficult to set up, expensive to maintain and not very scalable. The learning curve for end users and administrators is very steep, which seriously hinders wide adoption of grid technologies.

  2. Currently, the main focus of the most widely deployed security solutions for grid environments is authentication (and related issues such as encrypting and ensuring the integrity of protocol messages). Authorisation requirements tend not to be well addressed, and auditing considerations are rarely, if ever, taken into account. Similarly, more complex security issues, such as those that arise in the biomedical domain (e.g. trust, confidentiality, privacy, all of which may arise in the context of secure access of medical datasets) have yet to be adequately addressed.

  3. Well-understood formal security models of grid environments are still lacking. The security of many grid systems is undermined by invalid trust assumptions and ignorance of usability issues. There may also be flaws in the underlying protocols.

Objectives

Software Development

  1. The development of a usable lightweight authentication framework that can be deployed in existing grid environments, smoothly interfacing with their existing authentication framework in such a manner that authentication becomes more usable and transparent to the end-user/application developer.
  2. The development of usable lightweight authorisation mechanisms that extend the lightweight authentication framework described above to provide more sophisticated access control than the simple "allow/deny" lists currently used in many grid environments, but without the overheads of heavyweight solutions such as CAS and VOMS.
  3. The development of robust auditing features for the security framework developed in this project.


Security Analysis and Modelling

  1. To determine and analyse the security requirements for authentication and authorisation of the stakeholders in the RealityGrid Project and the grid environments used by that project, using appropriate user-centred methodologies (such as AEGIS).
  2. To develop and formally analyse security models for grid environments that encapsulate the security concerns of these environments as regards authentication and authorisation, using the RealityGrid Project as an exemplar of a user community that is situated in the relevant environments.
  3. To investigate and model the trust relationships and the behaviour of users and security objects (such as credentials) in grid environments.

Methodology

The aim of this project is to develop usable software that addresses the authentication and authorisation concerns of the RealityGrid Project, and, in so doing, it will actively investigate usability issues and user security requirements of the grid environments used by that project. The software development activities will be complemented by formal validation and analysis of the software developed and its associated security model. The software development team will work in close conjunction with the developers of the lightweight middleware used by the RealityGrid Project to ensure that the project's software can be readily integrated with the appropriate lightweight middleware.

A user-centred design methodology will be employed to ensure that the concerns of the stakeholders in the RealityGrid Project are central to the software development of this proposal throughout the development cycle. This will be complemented by frequent user trials of both prototypes and developed software throughout the project's development cycle. This will ensure that any software produced does not replicate the failings of so much of the current grid middleware of being too general to be of much use to any specific group. To analyse the security models, and to model the grid environment appropriately for the research objectives above, formal methods will be used.

Contact us
©2008 User-Friendly Grid Project

Valid XHTML 1.0 Transitional