| With the rapid development of informationization construction, the demand for high performance computing is soaring. To meet the requirement, grid computing was proposed in 1990s. Grid computing is a new technology in the area of wide-area network computing. It connects lots of distributed heterogeneous resources together and aims at sharing all of the resources on the Internet, including computing resources, storage resources, communication resources, software resources, information resources, knowledge resources and so on. The procedural implementation method of sharing and coordinating is shielded to users. The development perspective of the grid computing is so attractive that many countries put a large outlay on the grid computing research and grid construction. Many grid computing platforms are putted into use and provide large scale computing power. The works of the thesis are based on the construction of the cngrid node in Hefei, and it has practical value.For the Grid Computing System is an open system, any authorized user can submit task to it and use the grid resource to execute his application. The security mechanism for Grid is more challenged. The Internet is the infrastructure of Grid, so we can use existing network security technologies to defense the attack in the Grid Computing System. Sometimes we must modified or extend the traditional security schemes, because Grid is a self-organizing, dynamic system and it is different from the Internet.This thesis gives a brief overview of Grid Security in the first. It surveyed the security threat of Grid Computing System, analyzed its secured needs from four security layers, describes a Grid Security Architecture Model and introduces Grid Security Standards, such as GSI. Based on these, we gave a conclusion that any security schemes for Grid must meet six requirements, such as Single Sign On, uniform credentials/certification mechanism.As the most popular Grid Security Standard, GSI, Grid Security Infrastructure, is a successful programme. Its kernel technology is Identify Authentication. Based on X.509 Certificates and SSL communication protocol, GSI can identify all the Grid entity. It takes Proxy Certificate into Grid Computing System so that users can use remote resources under Single Sign On.Unfortunately, the Proxy Certificate is secured enough and can not be revoked on demand, and a secure self-organized certificate management scheme is requisite urgently. Come with this, a new one-way hash chain based self-organized certificate management scheme is proposed in the thesis. In this scheme, any user or proxy can create, disseminate, renew, certify and revoke the certificate without the supports of Third Trusted Party online. It meets the Single Sign On requirement. As its security rests on not only private key but also the one-way hash chain, this scheme is more secure than previous ones.In the last, this thesis analyzed the application requirements of science computation. It presents strong demands of grid computing. Based on the principal of"service oriented, focus on user's needs", this paper presents an architecture design and a prototype implementation of Science Computational Tool Grid in Hefei grid node construction. This work aggregates computational resources and provides support of specific application's job scheduling. Based on Portlet framework, it also provides a simple way to access grid resources.In a word, this thesis proposed a secure self-organized certificate management scheme for Grid Proxy Certificates, and presents an architecture design and a prototype implementation of Science Computational Tool Grid. |
PDF Full Text Request