Title: A negotiation-based trust establishment service for CROWN grid

Authors: Jianxin Li, Jinpeng Huai, Li Lin

Addresses: School of Computer Science and Engineering, Beihang University, Beijing, 100083 China. ' School of Computer Science and Engineering, Beihang University, Beijing, 100083 China. ' School of Computer Science and Engineering, Beihang University, Beijing, 100083 China

Abstract: In order to build trust relationship between service requesters and service providers in an open grid computing environment, we design a novel negotiation-based trust establishment service, which supports distributed credential chain construction and privacy preservation to enhance the grid security infrastructure. In this service, we develop a novel credential chain aware negotiation strategy for trust establishment on the fly by gradually disclosing credentials according to various access control policies. This strategy can protect sensitive credentials, partial credential chains and sensitive information in an access control policies based on two concepts: soft protection and hard protection. What|s more, a credential federation mechanism is designed for this service when the negotiators use heterogeneous security infrastructures, for example, Kerberos and PKI. Our approach has been successfully implemented as useful components and fundamental security services in the CROWN grid, and techniques such as trust tickets and policy caching that can greatly increase service efficiency are used. Comprehensive experiments have been conducted, which demonstrate our approach is feasible.

Keywords: credential federation; grid computing; privacy protection; trust management; trust negotiation; security policy; grid security.

DOI: 10.1504/IJAACS.2009.029171

International Journal of Autonomous and Adaptive Communications Systems, 2009 Vol.2 No.4, pp.362 - 381

Published online: 08 Nov 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article