| In recent years, driven by applications, grid technology has made a rapid progress and had many forms such computing grid, data grid and so on, each of which has its application background. Today data grid becomes a new hotspot in the computer circle, which mainly aims at all kinds of data-intensive applications, and deals with mass-data in the wide network environment. With the transition from research field towards commerce step by step, grid security has been becoming more important in grid. The distribution of resources and the differences among security mechanisms and access policies make the data grid need many security mechanisms' support such as security authentication, data confidentiality, access control, and so on. But traditional security model can not satisfy these requirements. It is very important to strengthen the research of data grid security for promoting the grid development.Our project focuses on the key technologies of data grid. According to the characteristic of data intensive application, we design and develop our own data grid called GridDaEn. It adopts Java mechanism, provides uniform access and management of the large-scale distributed scientific datasets and converts different bottom accessing protocols automatically, providing a service platform for high-level application development.This paper studies security problems, which is an important part of the GridDaen project. It mainly studies and implements the key technologies about security authentication and access control in GridDaen. GridDaen' security is completed by using existing security standards and security technologies based on GridDaen's structure, and it can provide reliable and secure functions. The system introduces modularization structure, so it can provide uniform API interfaces and easy to expand the system.When designing and implementing the system, firstly, this paper completes GridDaen CA to sign and maintain certifications for users. Secondly, this paper implements security authenticate and communication confidentiality by requirements of GridDaen. And by means of proxy credential and relevant authentication pattern, single-sign-on across multiple domains can be achieved. Meanwhile, this paper presents a GridDaen's authority mechanism, including defining authority polices, building structure model and implementing means.This paper also presents a security authentication mechanism based on shared Contextin order to improve performance. This mechanism improves performance by reducing the number of security authentication by sharing Context. Experiments show that this mechanism can guarantee system security and reliability with great performance enhancement. |
PDF Full Text Request