A Brokered Approach to Interoperable Security in OGSA-Based Grid Systems

The need for organisations to share data and collaborate on a large scale with geographically dispersed parties has increased dramatically in recent years. Grid Services allow for large scale collaboration between geographically-dispersed parties running diverse hardware and software platforms, over public networks such as the Internet. Grid Services are an evolution of Web Service technology and other open, platform-independent standards. Current research efforts have been undertaken to standardize grid implementations. With the efforts of the Global Grid Forum (GGF) and other interested parties, the Globus Toolkit has been developed. The focus of this paper is to define a holistic security strategy for implementing Globus-based Grids. The Globus Toolkit is an open source software initiative, providing a set of tools and a platform for grid developers to build onto. The Toolkit is currently the de facto standard for Grid Service implementations, and is in its fourth major revision GT4 (Globus Toolkit version 4). The Globus Toolkit consists of a number of core components for implementing grids; the component of interest to this research is the Globus Security Infrastructure (GSI). This research looks at a layered approach to securing grids, making use of a defence-in-depth approach. The focus is on the Globus Toolkit and GSI, local hardware and software configurations for remote sites, and communications (i.e. TCP/IP stack, RMI, RPC, etc). The STRIDE model will be used to provide a base for understanding hackers attack methodologies and threats faced by modern Grids.