Research On Security Authorization Technology In Grid

As people require more and more high performance computing and sharing of resources, traditional high performance computing pattern and computing share pattern can not fulfill the needs. People expect to gain the required computing and storing resources like obtaining electric power. Also they hope to find the required services not only from the local computers but also from the whole network. Traditional high computing pattern and resource sharing pattern can not satisfy the requirements. The development of technology and the appearance of new applications need new revolutionary computing pattern. Grid computing is such a new computing pattern to satisfy the requirements.Comparing with the traditional computing mode, Grid computing has many novel properties. Security is a vital factor to the success of grid computing, which relates to almost all the profiles of grid computing infrastructure and is complicated due to the property of dynamics. The thesis starts from the basic background knowledge and makes a conclusion of the characteristics and security requirements of Grid environment. Then we propose an available model of Grid security policy, and analyse the security policy of Grid. The thesis introduces GSI, the grid security architecture of the Globus project which is the most famous project in Grid area. The thesis studies several fundamental and extended security technologies in GSI, analyzes some techniques such as Proxy, Portal, Online Certificate Repository and Community Authority Service in detail, and introduces their application process in Grid through an example. A discussion is made upon the problems those techniques remain. Then the thesis introduces and analyzes several typical grid security schemes, such as CAS, VOMS, Akenti and PERMIS. According to these work, we can find out what problems are addressed in those schemes, how problems are settled and what problems are remained. At last, we design a role based access control method with CAS for Grid services. Our access control method provides increased manageability for a large number of users and reduces day-to-day administration tasks of the resource providers, while they maintain the ultimate authority over their resources. Performance analysis shows that our method adds very little overhead to the existing security infrastructure of Grid.