Securing Mobile Processes In Grid Environment

The emergence of Grid computing shows the possiblity of distributing large-scaled applications among multiple institutions and physical locations. The main task of the Grid is to support the creation and maintenance of Virtual Organizations (VO) in an infrastructure manner. Due to the institution-span nature of the Grid, security supporting reveals much more importance. Current Grid Security Infrastructure (GSI) establishes the security poilcy space inside a VO mainly on the basis of the Public Key Infrastructure (PKI) and distributed trust model. However, GSI lacks in supporting the mobility of those mobile processes that are traveling in Grid environment. This is mainly because of three disadvantages of GSI:Lack of support on flexible migration. As the mobile processes need to move continuously, tremendous cost will be imported in current GSI.As an infrastructure, GSI can provide little security information for applications.For processes migrating across the boundary of virtual organization, GSI can hardly provide support on their credential management.To tackle with the above disadvantages, a new security infrastructure for mobile processes, named G-PASS, is proposed in this thesis. The G-PASS system sits on top of the GSI basis and hence can be downward compatible. It gives solutions on protocols, trust model and security infrastructure respectively:The delegation protocol in X.509 system is extended by substituting the host-oriented delegation model with a new type of instance-oriented delegation model.A distributed trusted model is imported on the basis of the instance-oriented delegation. It can support for role-based authorization mapping and information delivering, as well as advanced security routines such as dynamic delegation reservation.By simulating the procedures of international boundary crossing in reality, the G-PASS infrastructure is established to providing security protection and credential management for mobile processes.The G-PASS behaves in an infrastructure manner. This means it has little relationship with the detail architecture and topology of application systems. All kernel protocols are general purposed. The G-PASS's functionality mainly involves the fundamental protocols, stable and secure transferring mechanisms and rich information collecting mechanisms.By analyzing G-PASS based example applications, the security and efficiency of G-PASS infrastructure is demonstrated in this thesis.