Computing and Information Systems - Research Publications
Permanent URI for this collection
Search Results
1 - 8 of 8
-
ItemThe design, development and application of a proxy credential auditing infrastructure for collaborative research(Springer, 2011)Single sign-on and delegation of privileges are fundamental tenets upon which e-Infrastructures and Grid-based research more generally have been based. The realisation of single sign-on and delegation of privileges in accessing resources such as the UK e-Science National Grid Service (NGS - http://www.ngs.ac.uk) and other national facilities is typically facilitated by X.509-based Public Key Infrastructures (PKI) and exploitation of proxy certificates. This model can be categorised by authentication-oriented access and usage of resources. It is the case however that proxy certificates, can potentially be obtained and abused by a malicious third party without the knowledge of the holder. There is currently no method for end users to detect such misuse. In this paper we describe a novel proxy auditing solution that addresses this issue directly. We describe the design and implementation of this solution and illustrate its application in widely distributed and heterogeneous research environments. We focus in particular on the needs and requirements of such a facility in the ESRC funded Data Management through e- Social Science (DAMES - www.dames.org.uk) project, where secure access and monitoring of social simulations and associated data sets are required by the researchers and associated data providers.
-
ItemSupporting the clinical trial recruitment process through the grid(NATL E-SCIENCE CENTRE, 2006)
-
ItemDyVOSE project: experiences in applying privilege management infrastructures(National e-Science Centre, 2006)Privilege Management Infrastructures (PMI) are emerging as a necessary alternative to authorization through Access Control Lists (ACL) as the need for finer grained security on the Grid increases in numerous domains. The 2-year JISC funded DyVOSE Project has investigated applying PMIs within an e-Science education context. This has involved establishing a Grid Computing module as part of Glasgow University’s Advanced MSc degree in Computing Science. A laboratory infrastructure was built for the students realising a PMI with the PERMIS software, to protect Grid Services they created. The first year of the course centered on building a static PMI at Glasgow. The second year extended this to allow dynamic attribute delegation between Glasgow and Edinburgh to support dynamic establishment of fine grained authorization based virtual organizations across multiple institutions. This dynamic delegation was implemented using the DIS (Delegation Issuing) Web Service supplied by the University of Kent. This paper describes the experiences and lessons learned from setting up and applying the advanced Grid authorization infrastructure within the Grid Computing course, focusing primarily on the second year and the dynamic virtual organisation setup between Glasgow and Edinburgh.
-
ItemMeeting the design challenges of nano-CMOS electronics: an introduction to an upcoming EPSRC pilot project(National e-Science Centre, 2006)The years of ‘happy scaling’ are over and the fundamental challenges that the semiconductor industry faces, at both technology and device level, will impinge deeply upon the design of future integrated circuits and systems. This paper provides an introduction to these challenges and gives an overview of the Grid infrastructure that will be developed as part of a recently funded EPSRC pilot project to address them, and we hope, which will revolutionise the electronics design industry.
-
ItemExperiences of using the GGF SAML Authz interface(Engineering and Physical Sciences Research Council, 2004)The BRIDGES project has been funded by the UK Department of Trade and Industry to develop a Grid infrastructure suitable for the research activities involved in the Wellcome Trust funded Cardiovascular Functional Genomics (CFG) project. The CFG project is investigating possible genetic causes of hypertension. Key requirements on this infrastructure are to link various distributed biomedical data sources together; to transparently address the different security requirements associated with those data resources, and develop tools for analysing and exploring those data sets. In this paper we discuss the security solutions that the BRIDGES team is pursuing through the first practical exploration of Global Grid Forum Security Assertion Markup Language (SAML) AuthZ interface to an authorisation infrastructure (PERMIS) using Globus Toolkit version 3 technology.
-
ItemGrid services supporting the usage of secure federated, distributed biomedical data(Engineering and Physical Sciences Research Council, 2004)The BRIDGES project is a UK e-Science project that provides grid based support for biomedical research into the genetics of hypertension – the Cardiovascular Functional Genomics Project (CFG). Its main goal is to provide an effective environment for CFG, and biomedical research in general, including access to integrated data, analysis and visualization, with appropriate authorisation and privacy, as well as grid based computational tools and resources. It also aims to provide an improved understanding of the requirements of academic biomedical research virtual organizations and to evaluate the utility of existing data federation tools.
-
ItemDynamic privilege management infrastructures utilising secure attribute exchange(Engineering and Physical Sciences Research Council, 2005)Technologies which implement dynamic privilege management infrastructures will be crucial to the secure sharing of resources on the Grid, especially as the number of resources and participating sites increases. The DyVOSE project has successfully deployed Grid services secured with the PERMIS authorisation software implementing a static Privilege Management Infrastructure (PMI) model. The second stage of this project focuses on the extension of the current PERMIS infrastructure to include dynamic delegation of authority and cross-certification of institutional security policies. This paper describes the existing static PMI that has been used within the Grid Computing module as part of the advanced MSc at Glasgow University. We also outline an e-Science education use case that will be used to highlight how dynamic PMIs can be established using an extended version of PERMIS and utilising the Internet2 Shibboleth software to transfer user attributes and authentication tokens across institutional boundaries. This work addresses one of the key challenges in the Grid, supporting the dynamic establishment of secure Virtual Organisations (VOs).
-
ItemComparison of advanced authorisation infrastructures for grid computing(Institute of Electrical and Electronics Engineers (IEEE), 2005)The widespread use of grid technology and distributed compute power, with all its inherent benefits, will only be established if the use of that technology can be guaranteed efficient and secure. The predominant method for currently enforcing security is through the use of public key infrastructures (PKI) to support authentication and the use of access control lists (ACL) to support authorisation. These systems alone do not provide enough fine-grained control over the restriction of user rights, necessary in a dynamic grid environment. This paper compares the implementation and experiences of using the current standard for grid authorisation with Globus - the grid security infrastructure (GSI) - with the role-based access control (RBAC) authorisation infrastructure PERMIS. The suitability of these security infrastructures for integration with regard to existing grid technology is presented based upon experiences within the JISC-funded DyVOSE project.