Roadmap to Grid Authorization Systems

Authorization is perhaps one of the most important needs for an enterprise today. Though grids are mostly concentrated to high computing jobs or en- terprise batch jobs, the grids are shared across the enterprises, sometimes across geography. Therefore, authorization is needed mainly for account- ing purposes. For example, there are three departments A, B, and C in an enterprise. The enterprise wants to enforce a host of different policies based on the usage of the grid. The policies can be really complex, as li- censing information, transient system level information, and user level in- formation needs to be incorporated. Following are some of the recommen- dations:

• Beyond Schedulers: Most of the authorization decisions are cur- rently implemented at the scheduler level. The enterprise grid ven- dors like Altair® _{PBS [87], Platform}® _{LSF Multicluster [88] re-} quires administrators to manage policies so that the scheduler is able to schedule based on the implemented policies. This is not a scalable model and complex policies based on all the different en- terprise requirements cannot be easily handled. Two ways can be used to apply authorization. First would be to provide adapters so that the authorization systems can interact with the underlying schedulers, and second would be through standardization.

• Beyond Batch Jobs: Currently, most of the grid systems are used as batch job systems in enterprises. However, to take grid forward it needs to cater to enterprise needs of subsecond jobs, messaging systems, workflows (and possible integration with BPEL), and so on.

• Towards Federation: Many enterprises are now looking at feder- ated identity management solutions. Grid authorization systems should be able to interact with the Liberty frameworks and Web services standards to make this possible.

5.6 Chapter Summary

Grid authorization systems are extremely important in the grid context mainly due to the distributed nature of the grid systems. The different characteristics of grid authorization systems are security, scalability, revo- cation, and inter-operability. Like any other systems, security is important where the adversary can pose as a valid user or compromise the authoriza- tion system as a whole. Grid systems may have thousands or potential

is determined by whether the system uses pull-based or push-based au- thorization. Finally, grid systems may also involve multiple stakeholders and encompass multiple authorization domains and systems. Hence, inter- operability is extremely critical. To organize the discussion of the grid based authorization systems, we have categorized the systems into two main types: Virtual Organization (VO) based systems, and resource based systems. Virtual organization level systems have a centralized authoriza- tion system which provides credentials for the users to access the re- sources. Resource level authorization systems, on the other hand, allow the users to access the resources based on the credentials presented by the us- ers. Examples of VO level grid authorization systems are Community Au- thorization Service (CAS), Virtual Organization Membership Service (VOMS), and Enterprise Authorization and Licensing System (EALS). Examples of resource level grid authorization systems are Gridmap, Akenti, and Privilege and Role Management Infrastructure Standards (PERMIS). These different systems have been discussed in this chapter. In the next chapter, we will look at the third component of the architecture is- sues, viz. grid service security.

6 Service Level Security in Grid Systems

6.1 Introduction

Last week, when I visited my bank, I found that there was a huge queue in front of the transaction counter. It took me half an hour to reach the counter and carry out my transaction. The queue, on that day, was created because of huge demand for bank transaction, as it was the last day before a series of holidays. Therefore, a huge surge of demand affected the Qual- ity-of-Service (QoS) that I generally receive and expect from my bank. On that day, there was a legitimate reason for the delay. However, the same ef- fect can be simulated to create delays in the banking transactions. Let us imagine that there is an adversary, who wants to delay the services offered by the bank. He can employ a few people who can unnecessarily waste bank’s time and thus reducing the overall service offered by the bank to the legitimate customers. It may be because of personal enmity or competi- tion, or even just for fun. Such a malicious action is theoretically feasible. However, it is hard to imagine someone employing such a delaying tactics to reduce the quality of service in the banks. The reason is that the amount of effort involved may be more than the effect that the adversary achieves. In the digital world, however, it is an entirely different issue. In the digital world, unlike in the case of real worlds, it is possible to assume multiple identities and create attacks on the systems, servers, and infrastructure pro- viding some valuable services. There have been instances, especially in the Internet scenario, where malicious adversaries created attacks to reduce the service to the customers. The extreme impact of such a type of attacks is called Denial-of-Service (DoS) attacks, where the services are denied to the legitimate end-users using a variety of techniques. In this chapter, we will try to analyze the different types of attacks and solutions which can be effective in a grid based environment.