[security-area] Daonity progress

[Wenbo Mao]

Dear Colleagues,

The Daonity team of tc-rg has done a first version of the system working 
on the TPM chip of Infineon and HP platforms, to be demo shown on 
Thursday 1:45-3:15.  To help grasping what to be shown, attached is an 
accompanying paper for it. Any comments would be gratefully received.

Best wishes,
Wenbo Mao

Title:
Daonity - Grid Security with Behavior Conformity from Trusted Computing

Author:
The Daonity Team
A Research Group in Global Grid Forum
Led by HP Labs China and participated by Huazhong University of
Science and Technology, Wuhan University and Oxford University

Abstract:
A central security requirement for Grid computing, or more generally
federated computing, can be referred to as behavior conformity. This
is a strong assurance for the system that a remote principal (user,
computing platform or instrument) will be acting in conformity with
the rules defined by the policies of the federated computing. However,
as will be analyzed and discussed in this paper, Grid security
practice at present, e.g., Grid Security Infrastructure (GSI) for a
standard Grid middleware Globus Toolkit, has little means for this
requirement to be met and consequently falls short of satisfactory
solutions to a number of Grid computing problems.

Trusted Computing (TC) technology developed by Trusted Computing
Group (TCG) forms an important industrial initiative for improving
computer security by means of a hardware supported security
architecture. For a federated computing system, the TC technology can
not only improve security in a conventional sense (such as stronger
protection on cryptographic key material), but also allow conformed
behavior of principal(s) in a remote environment to be measured by the
rest of the confederation. We consider that the TC technology can
provide practical and readily available solutions to meeting behavior
conformity requirements needed by Grid computing.

In the main part of this paper we report Daonity system. This is a
TC-technology enabled Grid security system which we have designed for
improving GSI. We shall see a number of TC innovations applicable to
GSI. These include: (i) security suitable for constructing a dynamic
virtual organization of an unbounded resource supply, (ii)
construction of property based virtual organization with conformed
quality of services, (iii) supporting sharing of security resource,
and (iv) stronger protection of the Grid authorization mechanism.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Daonity.pdf
Type: application/pdf
Size: 128682 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/security-area/attachments/20060507/971091c1/attachment.pdf