Design and implementation of a Grid proxy auditing infrastructure

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Authors

  • Christopher Kunz
  • Christian Szongott
  • Jan Wiebelitz
  • Christian Grimm

Research Organisations

View graph of relations

Details

Original languageEnglish
Title of host publicatione-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops
Pages11-18
Number of pages8
Publication statusPublished - 1 Dec 2009
Event2009 5th IEEE International Conference on e-Science Workshops, e-science 2009 - Oxford, United Kingdom (UK)
Duration: 9 Dec 200911 Dec 2009

Publication series

Namee-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops

Abstract

Single sign-on and delegation of rights are key requirements for modern Grid infrastructures. These requirements are usually facilitated by X.509 und Private-Key Infrastructures (PKI) and proxy certificates. Proxy certificates, however, can be obtained and abused by a malicious third party. There is currently no method for end users to detect such abuse. We have designed a solution that enables a thorough auditing of Grid proxy usage in Globus-based Grids and implemented a service that accepts auditing information via a web service interface and saves them to a back-end database. We introduce modifications to the Grid Security Infrastructure that allow sending audit trails from within Globus components if the user desires to track credential usage. A web-based front-end shows all logged information. With our approach, expert users can now closely monitor how their credentials are used after job submission. This will help build trust in Grid infrastructures and delegated authentication and authorization.

ASJC Scopus subject areas

Cite this

Design and implementation of a Grid proxy auditing infrastructure. / Kunz, Christopher; Szongott, Christian; Wiebelitz, Jan et al.
e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops. 2009. p. 11-18 5407982 (e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops).

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Kunz, C, Szongott, C, Wiebelitz, J & Grimm, C 2009, Design and implementation of a Grid proxy auditing infrastructure. in e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops., 5407982, e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops, pp. 11-18, 2009 5th IEEE International Conference on e-Science Workshops, e-science 2009, Oxford, United Kingdom (UK), 9 Dec 2009. https://doi.org/10.1109/ESCIW.2009.5407982
Kunz, C., Szongott, C., Wiebelitz, J., & Grimm, C. (2009). Design and implementation of a Grid proxy auditing infrastructure. In e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops (pp. 11-18). Article 5407982 (e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops). https://doi.org/10.1109/ESCIW.2009.5407982
Kunz C, Szongott C, Wiebelitz J, Grimm C. Design and implementation of a Grid proxy auditing infrastructure. In e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops. 2009. p. 11-18. 5407982. (e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops). doi: 10.1109/ESCIW.2009.5407982
Kunz, Christopher ; Szongott, Christian ; Wiebelitz, Jan et al. / Design and implementation of a Grid proxy auditing infrastructure. e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops. 2009. pp. 11-18 (e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops).
Download
@inproceedings{aa053179cc364eb2843ef1d3776792bf,
title = "Design and implementation of a Grid proxy auditing infrastructure",
abstract = "Single sign-on and delegation of rights are key requirements for modern Grid infrastructures. These requirements are usually facilitated by X.509 und Private-Key Infrastructures (PKI) and proxy certificates. Proxy certificates, however, can be obtained and abused by a malicious third party. There is currently no method for end users to detect such abuse. We have designed a solution that enables a thorough auditing of Grid proxy usage in Globus-based Grids and implemented a service that accepts auditing information via a web service interface and saves them to a back-end database. We introduce modifications to the Grid Security Infrastructure that allow sending audit trails from within Globus components if the user desires to track credential usage. A web-based front-end shows all logged information. With our approach, expert users can now closely monitor how their credentials are used after job submission. This will help build trust in Grid infrastructures and delegated authentication and authorization.",
author = "Christopher Kunz and Christian Szongott and Jan Wiebelitz and Christian Grimm",
year = "2009",
month = dec,
day = "1",
doi = "10.1109/ESCIW.2009.5407982",
language = "English",
isbn = "9781424459452",
series = "e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops",
pages = "11--18",
booktitle = "e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops",
note = "2009 5th IEEE International Conference on e-Science Workshops, e-science 2009 ; Conference date: 09-12-2009 Through 11-12-2009",

}

Download

TY - GEN

T1 - Design and implementation of a Grid proxy auditing infrastructure

AU - Kunz, Christopher

AU - Szongott, Christian

AU - Wiebelitz, Jan

AU - Grimm, Christian

PY - 2009/12/1

Y1 - 2009/12/1

N2 - Single sign-on and delegation of rights are key requirements for modern Grid infrastructures. These requirements are usually facilitated by X.509 und Private-Key Infrastructures (PKI) and proxy certificates. Proxy certificates, however, can be obtained and abused by a malicious third party. There is currently no method for end users to detect such abuse. We have designed a solution that enables a thorough auditing of Grid proxy usage in Globus-based Grids and implemented a service that accepts auditing information via a web service interface and saves them to a back-end database. We introduce modifications to the Grid Security Infrastructure that allow sending audit trails from within Globus components if the user desires to track credential usage. A web-based front-end shows all logged information. With our approach, expert users can now closely monitor how their credentials are used after job submission. This will help build trust in Grid infrastructures and delegated authentication and authorization.

AB - Single sign-on and delegation of rights are key requirements for modern Grid infrastructures. These requirements are usually facilitated by X.509 und Private-Key Infrastructures (PKI) and proxy certificates. Proxy certificates, however, can be obtained and abused by a malicious third party. There is currently no method for end users to detect such abuse. We have designed a solution that enables a thorough auditing of Grid proxy usage in Globus-based Grids and implemented a service that accepts auditing information via a web service interface and saves them to a back-end database. We introduce modifications to the Grid Security Infrastructure that allow sending audit trails from within Globus components if the user desires to track credential usage. A web-based front-end shows all logged information. With our approach, expert users can now closely monitor how their credentials are used after job submission. This will help build trust in Grid infrastructures and delegated authentication and authorization.

UR - http://www.scopus.com/inward/record.url?scp=77950133010&partnerID=8YFLogxK

U2 - 10.1109/ESCIW.2009.5407982

DO - 10.1109/ESCIW.2009.5407982

M3 - Conference contribution

AN - SCOPUS:77950133010

SN - 9781424459452

T3 - e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops

SP - 11

EP - 18

BT - e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops

T2 - 2009 5th IEEE International Conference on e-Science Workshops, e-science 2009

Y2 - 9 December 2009 through 11 December 2009

ER -