| To realize the pervasive resource sharing in the dynamic, heterogeneous, domain-crossing Grid environment, a series of security problems such as authentication, information confidentiality, access control, audit must be resolved. Building base on the internet, the Grid system has to face to every kinds of net hazard. In sight of perspective, a well-constructed, flexible, reliable and extendable security policy has great significance for Grid application and popularization.Authentication is the first line of defence against the intrusion to the Grid system. While the general centralized certification management mode of distribute system is applied in Grid environment, there will have an efficiency bottleneck of certification authority and third-party institutions have to keep online all the time. The offline public key certificate based authentication policy for the Grid is proposed. The combined public key cryptographic theory is exercised in this policy, and the traditional methods about users' management and authentication of public key infrastructure are breached. The process of keys management is simplified, the efficiency is improved, and the expense of construct and maintenance is descended. Details of the enforcement for this authenticate policy in Grid applications are described. After the simulation in a laboratorial computational Grid environment and compare to traditional policies, the new policy is proved to be efficient and feasible.Arming at problems about the possibility of resource exceeding or hostile usage, access control mechanism can limit the activity of Grid users in a valid scope. Using static authorization policy generally, traditional access control model can not be seasoned with the requirement of active authorization in Grid environment. Most general access control policies of distributed system will be faced with problems when applied in Grid system. A task based access model for computational Grid is proposed, and the basic concept definitions and access control algorithm are described. Involving the concept of roles, the model is extended to a task and role based access control model for computational Grid, and the security management task is simplified. According to recent achievement on access control theories, perspective of usage control model being enforced in Grid is analyzed, the primary aspect and the realization process of a context aware usage control model for Grid is described.It can not be assure that every node joined in Grid system is a well-meaning entity in such a dynamic and distributed environment. The creditability and reliability of a Grid entity can be estimated according to it behavior in a period of time, the authority of the entity hence can be determined by that degrees. The importance of trust management to Grid system is analyzed. Since general trust management models are lacking of punishment to malicious recommendation, and lacking of encouragement for valid recommendation, a domain-crossing trust management model with recommendation feedback mechanism for Grid is proposed. The evaluation method on trust degree, trust value and recommendation feedback is introduced in detail. Grid simulative tools are used to emulate the model, and the trust degree and effect of recommend trust feedback is tested by those tools.Audit is indispensable in a secure information system, and is an important method to preserve Grid security. The collection and analysis of audit logs from distributed Grid nodes must be well resolved on a base of internet. Inspired to the achievements in distributed artificial intelligence, a mobile agent based audit policy is addressed. The structure and the realization process are introduced. After comparing with general audit mechanism in laboratorial platforms, the policy is proved to be feasible and efficient.The security policies of Grid are researched in depth on authentication, access control, trust management and audit. All the proposed policies can be involved to resolve the primary security problems in Grid environment in different way, and will have good promotion to the industrialization and commercialization of Grid technology.
|
PDF Full Text Request