The Research On Security Policy And Related Issues For Grid Computing Environment

Grid computing, a kind of new infrastructure belonging to IT, is a new distributed computingtechnology based on the widely spread use of Internet and Web. Grid computing means to solvethe complicated problems by collaborating many sources, which is by seamless resource sharing.Security issues are very important in the grid computing. Most grid security issues which havebeen put forward are aimed at some special application field like scientific computing. Securityissues which are involved in a lot of grid appliances developed by England e-Science fordata-intensive computing are also limited to some special field. In large enterprises, security issuesare directed connected with their core benefits and therefore are considered to be the mostimportant. If there is no convincing security strategies, grid computing technology are not likely tobe widely adopted by the enterprises. As a result, the researchers need to make a comprehensiveanalysis of the present grid security issues and make up a corresponding solving plan.By comprehensive analysis and comparative research, this paper means to do a deepexploration on grid security issues, classify and sum up the grid security issues. Grid computingsecurities are roughly classified into three sorts. The first is the host layer, including dataprotection, Job starvation and so on. The second is the architecture layer, including informationsecurity, strategy reflection and Denial of Service. The last is Credential-level issues, includingcredential storehouse credential sharing system and so on.The architecture layer is explored in the paper. First, the design principles of elliptic curvepublic key cryptography and its implementation are analyzed in details. Elliptic curve public key cryptography is based on identity-based encryption (IBE) scheme and must ensure the security ofelliptic curve in the system. Then, how to select the secure elliptic curve is dealt with in the paper.At present, the secure communication by net is based on PKI (Public Key Infrastructure)which is traditionally based on identity certificate. Compared with PKI (Public Key Infrastructure),identity-based encryption, IBE has much more advantages. Private Key in IBE can be selectedfreely and can be connected directly with the identity and the role of the user without the exchangeof the certificate and the related expensive PKI (Public Key Infrastructure). That is to say, CAcenter is not needed in identity-based encryption and IBE is an important improvement toPKI/CA.The computing service and security service are separated in current grid system, but the datatransmission of the system has to cross unsafe public channel which makes the computing resultsby the grid system may be stolen or destroyed by artificial or non-artificial factors in transmissionprocess. So the Grid system has secure requirements of confidential communication, data integrityand non-repudiation. For these requirements, this paper puts forward an identity-based encryptionscheme and realizes the function of confidentiality, Integrity, Key Update and non-repudiation. Totest the security of the proposed scheme, the authors make a detailed analysis in random oraclemodel and prove the security of the scheme equivalents to the difficulty of the bilinearDiffle-Hellman problem. So our scheme is proved to be correct.As for Credential-level issues, the identity authentication of grid resources is very important.Regarding to grid identity authentication, compared to Grid Security Infrastructure (GSI) inGlobus, a new solution of grid identity authentication, based on three-tier mode, is put forward inthe paper to attempt to solve the main problem existing in GSI grid identity authenticationcurrently. Because of this, traditional process of grid identity authentication is revised as three-tiermode, which takes full advantages that in the process of first-tier resources identification, multiplesub-mobile agents can perform tasks Parallel and they autonomously search for the resources theyneed in grid environmental resource pool without grid users’intervene; in the process of second-tier resource identification, such methods as formula, fuzzy mathematics and fuzzy clustering canbe used to carry out further resource selection, making usable resources more definite andoptimized; and in the process of third-tier resources identification, only idle and usable resourcesafter optimization can carry out identity authentication, making Certificate Authority (CA) center escaped from a great deal of complex identity authentication which may make mistake easily andhas no value, conductive to improve the efficiency of grid identity authentication.Data grid replica management is a hot topic in the field of grid computing in which thesecurity issues is also very important. In data grid replica management, the security includes dataintegrity and confidentiality of the data transmission. The characteristics of data grid show thatdata grid replica management is different from the replica technology used in the traditionalapplied fields, which decides that the specific realization mechanism and key technology ofreplica management in the separate fields are different. So, the followings as replica creation, theselection of the replica location, replica deletion, and secure data replica and data access patternare the focuses of the research. In the paper, the contents studied in grid data replicationtechnology are explored in depth and each data replication key technology in data grid system isanalyzed. In the aspect of data access, it breaks through traditional mode and adopts distributedfile sharing mode to data access. The experiments show that its performance is improvedcompared with traditional download mode. It reduces the response time of the data and improvesthe performance of job-execution.