| Since resources in grid belong to different organizations and owners and usage policies of these resources are various, it is rather difficult to discover and select resources, and how to coordinate owners with users is also a key question. To slove the above questions, it is necessary to provide a general description language that can describe the requirements, constraints, definitions and policies of both owners and users, which is the very premise of the job in this essay.CDL (Common Description Language) has been designed in this essay. It enables customers to describe their aims and requirements; what's more it allows owners to display the parameters and constraints of their resources. CDL refers to the concept of Condor's ClassAd which uses property/value pair to describe resources and jobs. It defines specific properties, types, functions and policy, and uses ClassAd library to read, analyze and convert CDL to required format strings. Meanwhile, user interface (UI) has been designed which realizes the CDL and manages jobs'preliminaries, such as submitting jobs to the broker, canceling the execution of tasks and outputting results. There are three steps in its realization:1) realization of description language, 2) authentication and proxy, 3) monitoring jobs and outputting the results. Eventually, a test has been made to test the matching effect of resources and jobs. In this test, a job and a resource was described by CDL and then their matching effect was tested by using the method of class matchad in ClassAd library. The result is satisfactory. Considering the factor of security, authentication mechanism of Globus is used to identify users. The presentation of CDL improves the specification of resources'and jobs'description. CDL is good at generality, construction, symmetrization, elegance and transportation comparing with other description languages. It can not only describe jobs and resources, but also unify policies of users and providers. At the same time, it is convenient to discover resources and submit jobs, and the strategy of matchmaking makes it easy to schedule and reschedule applications. CDL reduces system's overhead and load, meanwhile it provides a verification policy which can offer fault tolerance.Public Key Infrastructure (PKI), as a technology system in the information security field, provides the services of confidentiality, integrity, authentication and non-repudiation for internet application. However, there are many complicated problems to resolve when using PKI. The public key and the public key owner should be bound by the digital certificate in PKI system, and a series of operations, such as certificate registration, management, storage, dispatch, revocation, and so on, should be performed, at the same time, the certificate library need to be run online.To realize the secure access to resources, the entities in service-oriented grid system: users, hosts and services need mutual authentication, such as single sign-on. The widely used GSI(Grid Security Infrastructure) uses PKI to realize mutual authenticaion. However, the architecture of PKI and the complexity of private key management limit the scale of grid sevices. Furthermore, althogh a large number of grid security systems, such as GSI, use PKI as their authenitcation framework and uses SAP to realize their authentication of entities, the efficiecy of authentication is still comparatively low due to the cost of transmiting and proccessing certificates.To solve PKI's problems, Identity-Based Encryption (IBE) was introduced by Shamir. Several years later, a practical IBE scheme was designed by Dan Boneh and Matt Franklin in 2001. In this practical IBE scheme, any string about user's identity can be regarded as a public key, for example, the user's telephone number, e-mail address or IP address, and the corresponding private key is generated safely by a trusted third party named as Private Key Generator (PKG). Compared IBE with PKI, IBE is advantageous in being free of certificate management. In addition, key distribution and key revocation are not required, thus IBE is a flexible encryption and certification system. As a new secure scheme, it has become popular in information security field.Based on the latest researching results of identity-based encryption system, and combined with Boenh-Franklin identity-based encryption scheme, a detailed design and implementation of PKG is given in this essay, which is a component of the IBE prototype. After analyzing the PKG's functions PKG is devided into four components: the master key generation, the establishment of system parameters, user's private key generation, and user's private key and system parameters distribution. After designing the flow of PKI on the whole and building the data structure, the components of PKI are relized separately by decomposing the PKG operation flow. For master key and system parameters are all generated by random generators, a big random number generator is first designed and implemented through Borrow Subtraction Algorithm. Since user's private key is combined with master key and user's identity, a hash function of mapping user's identity to one point on Elliptic Curve is designed and then it computes the multiple of points of private key on Elliptic Curve through Add Subtraction Algorithm. After the implementation of system parameters'establishment and the generation of user's private key, a multithread program is designed to distribute system parameters and user's private key.According to the analysis of PKG security, key escrow is a problem that has not been well solved for a long time, so a new ID Alias-Based Encryption scheme with a trusted third party is introduced in this essay based on the current researching results. A Trusted Authority (TA) is added to achieve trust transfer and the problem of key escrow is solved by this scheme. The user's private key is produced by the user and the PKG.. It's convenient to update private keys by introducing the ID alias. The processes of ID alias registration, encryption and decryption are introduced comprehensively in the new scheme. Then the potential threats in the new schema are analysed. The analysis shows the scheme is secure. Meanwhile the scheme solved the problems IBE faced during the stage of deployment and extended the application range of IBE system evidently.After constructing IBE system, this essay designs a user authenticaion model so as to realize grid resources'secure access.Meanwhile, this essay compares the commodity market model with the auction model from the aspects of resource allocation and task scheduling based on economic models in grids. To evaluate these two models, this essay simulates them respectively in under-demand and excess-demand circumstances. By examining the overall price stability, market equilibrium, producer efficiency, and consumer efficiency by simulation, a conclusion has been obtained that the commodity market model is more suitable to grids, and makes the whole resource market more fair, stable and efficient.
|
PDF Full Text Request