Correcting a Delegation Protocol for Grids
نویسنده
چکیده
Delegation is one important aspect of large-scale distributed systems where many processes and operations run on behalf of system users and clients in order to achieve highly computational and resource intensive tasks. As such, delegation is often synonymous with the concept of trust, in that the delegator would expect some degree of reliability regarding the delegatee’s ability and predictability to perform the delegated task. The delegation protocol itself is expected to maintain certain basic properties, such as integrity, traceability, accountability and the ability to determine delegation chains. In this paper, we give an overview of the vulnerabilities that one such delegation protocol exhibits, namely DToken, a lightweight protocol for Grid systems, as interesting examples of design mistakes. We also propose an alternative protocol, DToken II, which fixes such vulnerabilities.
منابع مشابه
Using Trust for Restricted Delegation in Grid Environments
Delegation is an important tool for authorization in large distributed environments. However, current delegation mechanisms used in emerging Grids have problems to allow for flexible and secure delegation. This paper presents a framework to realize restricted delegation using a specific attribute certificate with trust value in grid environments. The framework employs attribute certificates to ...
متن کاملRB-GDM: A Role-Based Grid Delegation Model
Grid delegation is the procedure by which a valid user endows another user or a program or service with the ability to act on that user’s behalf. Delegation is the primary form of authorization in grids. The large and geographically distributed, dynamic, heterogeneous and scalable grid environment poses unique delegation requirements. Presently there are no standard mechanisms to guide grid del...
متن کاملOn-demand Restricted Delegation : A Framework for Dynamic, Context-Aware, Least-Privilege Delegation in Grids
In grids, delegation is a key facility that can be used to authenticate and authorize requests on behalf of disconnected users. In current grid systems, delegation is either performed dynamically, in an unrestricted manner, or by a secure but static method. Unfortunately, the former compromises security and the latter cannot satisfy the requirements of dynamic grid application execution. Theref...
متن کاملToward Realizable Restricted Delegation in Computational Grids1
In a Computational Grid, or Grid, a user often requires a service to perform an action on his behalf. Currently, the user has few options but to grant the service the ability to wholly impersonate him, which opens the user to seemingly unbounded potential for security breaches if the service is malicious or errorful. To address this problem, eight approaches are explored for realizable, practic...
متن کاملBatch Pairing Delegation
Abstract. Pairing-based cryptography (PBC) has enabled the construction of many cryptographic protocols. However, there are scenarios when PBC is too heavyweight to use, such as when the computing devices are resource-constrained. Pairing delegation introduced in [19] provides a solution by offloading the computation to more powerful entities. In this paper, we introduce the concept of, and con...
متن کامل