Research on grid security technology of Portal
|School||Nanjing University of Technology and Engineering|
|Keywords||grid portal Portlet authentication proxy RBAC access control|
Grid portal provides users with friendly Web interfaces and consistent methods of operation to access Grid resources and services, but it needs a sound security management mechanism as a safeguard. Traditional security mechanisms target at isolated systems with strict user policy for resource conservation at large, which does not work well in a grid environment. With the growing number of Grid users, services and resources show a characteristic of dynamic changes, bring new challenges and problems on secure access control mechanism of grid resources and services, such as how to achieve the unity of portal resources and grid resources, the effective management of resources and security certificates on grid portals layer, the fine-grained authorization of the underlying grid resources, providing users with single sign-on features. There are no good solutions, mainly because there is a coarse granularity problem in the grid delegation at present, which can not guarantee the security of access to the portal resources.To solve the problems, this paper studies the basic characteristics, architecture, development tools (such as GridSphere and JetSpeed) of grid portals firstly, then gives a deep analysis of three techniques to bring about grid portal security, namely the agent technology, authentication technology and role-based access control technology. Finally, a Grid Portal security policy is proposed according to the characteristics and problems during the application of Grid Portal. MyProxy with security is used to guarantee the safety of the entrance and key, and Multi-Restriction Access Control model is applied to control the access effectively. Employing this model could adjust the security attributes as users access resources according to some constraints like their behavior and the context, manage portal resources and certificates reasonably and effectively, give a more fine-grained authorization on the underlying grid resources, and enable the single sign-on functionality on portal. As a result, it can solve better the access control failures due to the changes of the main attributes in a grid environment, address the security holes that a static authority may cause, and show "least privilege" principle better.Eventually, the security policy of a Campus Grid portal is tested, it proves that the research work in this paper has certain theoretical meaning and practical value.