Security Requirements for ChinaGrid Applications - What the current grid security solutions cannot do Hai Jin Huazhong University of Science and Technology.

Slides:



Advertisements
Similar presentations
GT 4 Security Goals & Plans Sam Meder
Advertisements

NRL Security Architecture: A Web Services-Based Solution
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
High Performance Computing Course Notes Grid Computing.
Some contributions to the management of data in grids Lionel Brunie National Institute of Applied Science (INSA) LIRIS Laboratory/DRIM Team – UMR CNRS.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.
CoLaB 22nd December 2005 Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell Informatics Institute University of Leeds, UK.
DAME Collaborative Workflow & Access Control Duncan Russell University of Leeds.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Scientific Data Infrastructure in CAS Dr. Jianhui Scientific Data Center Computer Network Information Center Chinese Academy of Sciences.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
ChinaGrid Experience with GT4 Hai Jin Huazhong University of Science and Technology
The Grid System Design Liu Xiangrui Beijing Institute of Technology.
1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Security Protection on Trust Delegated Medical Data in Public Mobile Networks Dasun Weerasinghe, Muttukrishnan Rajarajan and Veselin Rakocevic Mobile Networks.
FP6−2004−Infrastructures−6-SSA CNGrid Middleware GOSv2 Yongjian Wang BUAA – Beijing, China Interoperability workshop of euchinagrid Beijing,
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
What is SAM-Grid? Job Handling Data Handling Monitoring and Information.
Ruth Pordes November 2004TeraGrid GIG Site Review1 TeraGrid and Open Science Grid Ruth Pordes, Fermilab representing the Open Science.
Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments Onur Kalyoncu, Yi Pan, Matthias Assel High Performance.
International Symposium on Grid Computing (ISGC-07), Taipei - March 26-29, 2007 Of 16 1 A Novel Grid Resource Broker Cum Meta Scheduler - Asvija B System.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
INDIGO – DataCloud Security and Authorization in WP5 INFN RIA
ACGT Architecture and Grid Infrastructure Juliusz Pukacki ‏ EGEE Conference Budapest, 4 October 2007.
ChinaGrid: National Education and Research Infrastructure Hai Jin Huazhong University of Science and Technology
Grid Services for Digital Archive Tao-Sheng Chen Academia Sinica Computing Centre
Grid Computing Activities in PKU Asso. Prof. CHEN Ping Prof. QIAN Sijin Asso. Prof. YU Huashan Peking University
Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.
Frascati, 2-3 July 2008 Slide 1 User Management compliance testing for G-POD HMA-T Phase 2 KO Meeting 2-3 July 2008, Frascati Andrew Woolf, STFC Rutherford.
Access Policy - Federation March 23, 2016
Accessing the VI-SEEM infrastructure
Applying eduGAIN to network operations The perfSONAR case
Grid Computing Security Mechanisms: the state-of-the-art
Big Data Enterprise Patterns
GISELA & CHAIN Workshop Digital Cultural Heritage Network
AAI for a Collaborative Data Infrastructure
Cloud Security– an overview Keke Chen
Shibboleth Roadmap
SuperComputing 2003 “The Great Academia / Industry Grid Debate” ?
HMA Identity Management Status
Ian Bird GDB Meeting CERN 9 September 2003
GGF OGSA-WG, Data Use Cases Peter Kunszt Middleware Activity, Data Management Cluster EGEE is a project funded by the European.
EMI Interoperability Activities
Similarities between Grid-enabled Medical and Engineering Applications
Recap: introduction to e-science
Adding Distributed Trust Management to Shibboleth
Interoperability & Standards
University of Technology
2.6.5 – International Co-operation
Secure Authentication System for Public WLAN Roaming
ESA Single Sign On (SSO) and Federated Identity Management
eCulture Science Gateway – reloaded
The Globus Toolkit™: Information Services
1st International Conference on Semantics, Knowledge and Grid
Liang Fang, Dennis Gannon Indiana University Frank Siebenlist
HIMSS National Conference New Orleans Convention Center
A Policy-Based Security Mechanism for Distributed Health Networks
GISELA & CHAIN Workshop Digital Cultural Heritage Network
EUDAT Site and Service Registry
The JISC Core Middleware Call
Presentation transcript:

Security Requirements for ChinaGrid Applications - What the current grid security solutions cannot do Hai Jin Huazhong University of Science and Technology Wuhan, China hjin@hust.edu.cn

Outline Introduction about ChinaGrid Typical ChinaGrid applications ChinaGrid security requirements Open Issues of ChinaGrid Security

ChinaGrid in a Nutshell China Education and Research Grid Funded by Ministry of Education As the pilot grid application supported by National 863 Hi-Tech R&D program Based on CERNET (China Education and Research Network) First Phase From 2003-2005 12 key universities as initiative More than 6Tflops w/60TB 20 key universities now

ChinaGrid (The First Phase)

Main Research Tasks Campus grid platform Common platform for ChinaGrid Grid application platform and representative grid applications Image processing grid Bioinformatics grid Course on-line grid Computational fluid dynamic grid Large scale information processing grid

Campus Grids and their Computing Power and Storage Capacity HUST:0.8Tflops, 5TB THU:1.3Tflops, 20TB PKU:0.5Tflops, 10TB BUAA:0.5Tflops, 5TB SCUT:0.9Tflops, 20TB SJTU:0.3Tflops, 9TB SEU:0.5Tflops, 5TB XJTU:0.1Tflops, 2.5TB NUDT:0.2Tflops, 5TB NEU:0.8Tflops, 5TB ZSU:1.0Tflops, 10TB SDU:1.3Tflops, 18TB NWPU:0.4Tflops, 2TB ZJU:0.6Tflops, 3TB FUDAN:1.8Tflops, 6TB TONGJI:0.2Tflops, 1TB USTC:1.2Tflops, 5TB UESTC:0.3Tflops, 2TB RUC:0.1Tflops, 0.5TB LZU:0.3Tflops, 1TB ChinaGrid:>13Tflops, 135TB

Layered Infrastructure of ChinaGrid High performance computing environment (campus grid) ChinaGrid Supporting Platform (CGSP) NUDT THU HUST ZSU PKU SJTU XJTU NEU SCUT BUAA SEU SDU Remote education grid Image processing Fluid dynamics Massive information processing grid Bioinformatics

CGSP1.0 Architecture

Typical ChinaGrid Application - Image Processing Grid Grid Resource Application Middleware Image process programming environment Image resource sharing Portal and Application Interface Typical application support Mainframes Instruments Databases Grid Interface Application monitoring tool Remote visual tools Information service Resource manager Data manager Grid security Grid Infrastructure Clusters

Workflow of Image Processing Grid Application - Remote Sensing Original Image Original Image Signal & Auxiliary Data Distill Optical Original Image Meta-data Pre-Processing Layer Image Radiation Validity & System Geometric Validity Validity Image Precise Check Image Multi-Source & Physic Data Data Processing Layer Increment Comeback Transfer Encoding Single Breadth &Multiple-Spectrum Data Info Abstract Layer Automated Match Histogram Statistic Division Classification Description Abstraction Compound Data Features, Identifier, Knowledge Data Image Description & Inference 3D Model Scenario Back Identification Knowledge Layer Application:Resource Monitor, Modification Check, Target Identify, Image Spelling, Map Navigation etc

Typical ChinaGrid Application - Massive Information Processing Grid

Workflow of Mass Information Processing Grid (UMDGrid) BUAA SDU NJU KMST Control Flow Data Flow Static Registry

ChinaGrid Security Requirements (1) Security requirements for ChinaGrid platform Interoperate with existing security infrastructures Adapt to domain autonomy Meet the security requirements of various applications Construct security architecture Trusted computing for platform legality

ChinaGrid Security Requirements (2) Security requirements for image processing grid Basic security requirement (encryption transfer and authentication) Protect sensitive information produced by remote image processing Service (including key data, key software, key hardware) authorization requirement - for virtual human and remote sensing image processing grid User-profile based sensitive record authorization requirement (a decentralized trust management problem) - for medical image diagnosis grid Security requirement for virtual organization based collaboration processing (more general and abstract level)

Scenario for Image Processing Grid (Medical Diagnosis)

ChinaGrid Security Requirements (3) Security requirements for massive information processing grid Basic security requirement (encryption transfer and authentication) Database security operation requirement (to deal with federation of distributed information) - for UDMGrid and DPKDD Grid Data access authorization for different users in cooperative processing

Scenario for Massive Information Processing Grid (University Digital Museum) SDU Database Authorization Service Authentication Admin NJU Computing Resource BUAA Mass Storage Delegation Users

Open Issues for ChinaGrid Security (1) Technical aspects Standard policy and assertion presentation Attribute based authorization and access control Autonomous authorization delegation Dynamic and flexible secure virtual organization collaboration Secure group communication (provide secure group communication mechanism for VO participants)

Open Issues for ChinaGrid Security (2) Practical aspects Support Web Service/Grid Service Adopt standard draft and implement for policy and assertion (SAML, XACML) Conform to some security drafts, such as WS Security, Liberty Alliance Adopt ideas from some existing authorization infrastructure, such as PERMIS, AKENTI, CARDEA Adopt ideas from Single Sign-on (SSO) systems, such as Shibboleth and SourceID (for the SSO in a virtual organization) Adopt some ideas from decentralized trust management for Authorization Delegation

Open Issues for ChinaGrid Security (3) Some aspects need to be further discussed Security policy negotiation and reconciliation inside the virtual organization (because of security policy conflict in VO) ChinaGrid security architecture Evaluation for ChinaGrid security technology and policy Trusted computing mechanism for ChinaGrid

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.