ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Adapting globus and kerberos for a secure ASCI grid
Full text PdfPdf (143 KB)
Source Conference on High Performance Networking and Computing archive
Proceedings of the 2001 ACM/IEEE conference on Supercomputing (CDROM) table of contents
Denver, Colorado
Pages: 21 - 21  
Year of Publication: 2001
ISBN:1-58113-293-X
Authors
Patrick C. Moore  Sandia National Laboratories, Albuquerque
Wilbur R. Johnson  Sandia National Laboratories, Albuquerque
Richard J. Detry  Sandia National Laboratories, Albuquerque
Sponsors
ACM: Association for Computing Machinery
SIGARCH: ACM Special Interest Group on Computer Architecture
IEEE-CS\DATC : IEEE Computer Society
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 6,   Downloads (12 Months): 30,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/582034.582055
What is a DOI?

ABSTRACT

Porting a complex secure application from one security infrastructure to another is often difficult or impractical. Grid security associated with the Globus toolkit is supported by a Grid Security Infrastructure (GSI) based on a Public Key Infrastructure where users authenticate to the grid using X509 certificates. Kerberos security is based on a trusted third party, secret key infrastructure where users authenticate using encrypted tickets. However, both GSI and Kerberos provide a Generic Security Services Application Program Interface (GSSAPI) for source code portability. We describe the porting of our Globus system from GSI security to Kerberos V5 security, and the Kerberos modifications necessary to achieve that portability. Our case study provides details and insights that will be of value to developers and designers interested in GSSAPI portability. We conclude, based on our results, that designers of network security software should strive to accommodate the GSSAPI.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Judy I. Beiriger , Hugh P. Bivens , Steven L. Humphreys , Wilbur R. Johnson , Ronald E. Rhea, Constructing the ASCI Computational Grid, Proceedings of the Ninth IEEE International Symposium on High Performance Distributed Computing (HPDC'00), p.193, August 01-04, 2000
 
2
Bivens, H., Beiriger, J., GALE: Grid Access Language for High Performance Computing Environments. Work in progress, hpbiven@sandia.gov, Sandia National Laboratories, 2001.
 
3
S. Brunett , K. Czajkowski , S. Fitzgerald , C. Kesselman , I. Foster , S. Tuecke , A. Johnson , J. Leigh, Application Experiences with the Globus Toolkit, Proceedings of the The Seventh IEEE International Symposium on High Performance Distributed Computing, p.81, July 28-31, 1998
 
4
Burati, M. Pato, J., User-to-User Authentication --- Functional Specification. OpenGroup RFC 91.1 1996. http://www.opengroup.org/tech/rfc/rfc91.0.html
 
5
Randy Butler , Von Welch , Douglas Engert , Ian Foster , Steven Tuecke , John Volmer , Carl Kesselman, A National-Scale Authentication Infrastructure, Computer, v.33 n.12, p.60-66, December 2000  [doi>10.1109/2.889094]
 
6
Detry. R., Kleban, S., Moore, P., and Berg R., The Generalized Security Framework. Presented at CSCORE 2000. http://www.ccs.bnl.gov, Brookhaven National Laboratory, NY.
 
7
Entrust Inc., The EntrustSession™ Toolkit FAQ. Online documentation. 2001, https://www.entrust.com/developer/session/faqs.htm
 
8
Foster, I., and Kesselman, C., Globus: A Metacomputing Infrastructure Toolkit, International Journal of Supercomputer Applications, 1997.
 
9
Ian Foster , Carl Kesselman, The grid: blueprint for a new computing infrastructure, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1998
 
10
Kohl, John T., Neuman, B. Clifford, T'so, Theodore Y. The Evolution of the Kerberos Authentication System. In Distributed Open Systems, pages 78-94. IEEE Computer Society Press, 1994.
 
11
J. Kohl, J., C. Neuman, C., The Kerberos Network Authentication Service (V5), IETF RFC 1510. 1993. http://www.ietf.org/rfc/rfc1510.txt
 
12
Linn, J., The Kerberos Version 5 GSS-API Mechanism, IETF RFC 1964. 1996, http://www.ietf.org/rfc/rfc1964.txt
 
13
Linn, J., Generic Security Service Application Program Interface Version 2, Update 1, IETF, RFC 2743, 2000. http://www.ietf.org/rfc/rfc2743.
 
14
Mealling, M., A URN Namespace of Object Identifiers. IETF RFC 3061, 2001. http://www.ietf.org/rfc/rfc3061
 
15
The Microsoft Corporation. Answers to Frequently Asked Kerberos Questions. Online documentation Q266080, 2000. http://support.microsoft.com/support/kb/articles/Q266/0/80.ASP
 
16
Myers, J, SASL GSSAPI Mechanisms. IETF Draft (Work in progress, 2001), http://search.ietf.org/ID.html
 
17
Neuman, B. Clifford and Ts'o, Theodore. Kerberos: An Authentication Service for Computer Networks, IEEE Communications, 32(9):33-38. September 1994.
 
18
Rosenberry, W., Ed., DCE Today --- An Indispensable Guide to DCE. The Open Group 1998. http://www.opengroup.org/publications
 
19
Swift, M., Brezak, J., Moore, P., User to User Kerberos Authentication using GSS-API. IETF Informational Draft (work in progress, 2001), http://search.ietf.org/ID.html
 
20
Tung, B. et.al, Public Key Cryptography for Initial Authentication in Kerberos. IETF Draft (Work in progress, 2001) http://search.ietf.org/ID.html
 
21
Welch, V, Tuecke, S, Engert, D. GSS-API Extensions, GGF Draft (work in progress, 2001)
 
22
Wray, J., Generic Security Service API Version 2,: C-Bindings. IETF, RFC 2744, 2000. http://www.ietf.org/rfc/rfc2744.

CITED BY  2
Erin Cody , Raj Sharman , Raghav H. Rao , Shambhu Upadhyaya, Security in grid computing: A review and synthesis, Decision Support Systems, v.44 n.4, p.749-764, March, 2008
Andrew Martin , Po-Wah Yau, Grid security: Next steps, Information Security Tech. Report, v.12 n.3, p.113-122, January, 2007

INDEX TERMS

Primary Classification:
  E. Data
  E.3 DATA ENCRYPTION
      Subjects: Public key cryptosystems

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Algorithms, Design, Security


Keywords:
ASCI, GSSAPI, globus, grid, kerberos, security

Collaborative Colleagues:
Patrick C. Moore: colleagues
Wilbur R. Johnson: colleagues
Richard J. Detry: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player