Authors: Jianxin Li, Jinpeng Huai, Li Lin
Addresses: School of Computer Science and Engineering, Beihang University, Beijing, 100083 China. ' School of Computer Science and Engineering, Beihang University, Beijing, 100083 China. ' School of Computer Science and Engineering, Beihang University, Beijing, 100083 China
Abstract: In order to build trust relationship between service requesters and service providers in an open grid computing environment, we design a novel negotiation-based trust establishment service, which supports distributed credential chain construction and privacy preservation to enhance the grid security infrastructure. In this service, we develop a novel credential chain aware negotiation strategy for trust establishment on the fly by gradually disclosing credentials according to various access control policies. This strategy can protect sensitive credentials, partial credential chains and sensitive information in an access control policies based on two concepts: soft protection and hard protection. What|s more, a credential federation mechanism is designed for this service when the negotiators use heterogeneous security infrastructures, for example, Kerberos and PKI. Our approach has been successfully implemented as useful components and fundamental security services in the CROWN grid, and techniques such as trust tickets and policy caching that can greatly increase service efficiency are used. Comprehensive experiments have been conducted, which demonstrate our approach is feasible.
Keywords: credential federation; grid computing; privacy protection; trust management; trust negotiation; security policy; grid security.
International Journal of Autonomous and Adaptive Communications Systems, 2009 Vol.2 No.4, pp.362 - 381
Published online: 08 Nov 2009 *Full-text access for editors Access for subscribers Purchase this article Comment on this article