The Trellis Security Infrastructure: A Layered Approach to Overlay Metacomputers
نویسندگان
چکیده
Researchers often have access to a variety of different high-performance computer (HPC) systems in different administrative domains, possibly across a wide-area network. Consequently, the security infrastructure becomes an important component of an overlay metacomputer: a user-level aggregation of HPC systems. The Grid Security Infrastructure (GSI) uses a sophisticated approach based on proxies and certification authorities. However, GSI requires a substantial amount of installation support and it requires human-negotiated organization-toorganization security agreements. In contrast, the Trellis Security Infrastructure (TSI) is layered on top of the widely-deployed Secure Shell (SSH) and systems administrators only need to provide unprivileged accounts to the users. The contribution of the TSI approach is in demonstrating that a single sign-on (SSO) system can be implemented without requiring a new security infrastructure. We describe the design of the TSI and provide a tutorial of some of the tools created to make the TSI easier to use.
منابع مشابه
The Trellis security infrastructure for overlay metacomputers and bridged distributed file systems
Researchers often have non-privileged access to a variety of high-performance computer (HPC) systems in different administrative domains, possibly across a wide-area network. 1 Consequently, the security infrastructure becomes an important component of an overlay metacomputer: a user-level aggregation of HPC systems. The Trellis Security Infrastructure (TSI) is layered on top of the widely-depl...
متن کاملPractical Heterogeneous Placeholder Scheduling in Overlay Metacomputers: Early Experiences
A practical problem faced by users of highperformance computers is: How can I automatically load balance my jobs across different batch queues, which are in different administrative domains, if there is no existing grid infrastructure? It is common to have user accounts for a number of individual high-performance systems (e.g., departmental, university, regional) that are administered by differ...
متن کاملUser-Level Remote Data Access in Overlay Metacomputers
A practical problem faced by users of metacomputers and computational grids is: If my computation can move from one system to another, how can I ensure that my data will still be available to my computation? Depending on the level of software, technical, and administrative support available, a data grid or a distributed file system would be reasonable solutions. However, it is not always possib...
متن کاملAn identity-based approach to secure P2P applications with Likir
Structured overlay networks are highly susceptible to attacks aimed at subverting their structure or functionalities. Although many secure architectural design proposals have been presented in the past, a widely accepted and comprehensive solution is lacking. Likir (Layered Identity-based Kademlia-like Infrastructure) is our solution for implementing a secure Peerto-Peer network based on a Dist...
متن کاملA Security Architecture for Active Networks
One of the impediments in deploying active networks is its lack of support for security. In overlay type of active networks, required security is provided by sand boxing in Java. However, in the active networking approach where packets are processed in the network layer, there is only little support for security. This paper presents a new method of providing security using Public Key Infrastruc...
متن کامل