trust establishment in pervasive grid environments syed naqvi, michel riguidel tÉlÉcom paris Énst...
Post on 19-Dec-2015
212 views
TRANSCRIPT
Trust Establishment in
Pervasive Grid Environments
Syed Naqvi, Michel Riguidel
TÉLÉCOM PARISTÉLÉCOM PARIS
ÉÉcole NNationale SSupérieur des TTélécommunications (ENST)
46 Rue Barrault, Paris 75013, France
{naqvi, riguidel}@enst.fr
22 November 2005 CGW'05 - Krakow, Poland 2
Outline
• Introduction
• Trust Establishment
• Implementation Status
• Conclusions
22 November 2005 CGW'05 - Krakow, Poland 3
Outline
• Introduction
• Trust Establishment
• Implementation Status
• Conclusions
22 November 2005 CGW'05 - Krakow, Poland 4
The reliance on a property or a virtue of a person, or the conviction that a given premise is true.
Oxford Dictionary
An entity A is considered to trust another entity B when entity A believes that entity B will behave exactly as expected and required.
International Telecommunication Union
Trust
Pervasive Grid Environments
• The Grid can be accessed from any networked device– laptop, mobile phone, PDA, …
• The Grid can be composed of Internet-connected light-weight devices– Inherent limitations of these devices, physical security, …
• Ubiquitous access to the computing and storage resources– Adaptable to users’ environments; available anywhere anytime– Enable mobile users to launch, monitor, and steer applications
on the Grid
• Introduces new challenges– Bandwidth, heterogeneity, connectivity, scalability, interfacing– Security: physical; gaps; requires knowledge of context and
state
22 November 2005 CGW'05 - Krakow, Poland 6
The Problem Statement
• How pervasive grid nodes can trust unknown infrastructure with their private data; and
• How a computing infrastructure can trust a mobile node which is seeking access to its resources.
22 November 2005 CGW'05 - Krakow, Poland 7
Outline
• Introduction
• Trust Establishment
• Implementation Status
• Conclusions
8
Trust Requirements
• Identification, Access Control, Privacy, …
• User-based Trust Relationships– If a user has the right to use sites A and B, the user should be
able to use sites A and B together without requiring the security administrators from sites A and B to interact.
• Distributed Trust Evaluation– The decentralized nature of administration makes it difficult to
establish and propagate trust. A distributed trust evaluation scheme is therefore required for the pervasive grid environments.
• Non-History-based Trust Establishment– If there is no trust among parties and there is no mechanism to
build some trust based on a history of previous interactions.
22 November 2005 CGW'05 - Krakow, Poland 9
• Delegation of trust– Decentralized hierarchical administration, scalability of certificate
issuing capacity, …
• Continuous monitoring of the changes to the trust level of each node– Dynamic evaluation of the trust relationships, broadcast the
presence of a malicious node in the environment, …
• Consideration of context and state– Determination of the access control on the basis of user’s
location and the state of the user’s environment.
Trust Establishment Approach
22 November 2005 CGW'05 - Krakow, Poland 10
• Instead of having a single value representing the trust-worthiness of a node, the value should be broken into separate attributes – confidences– Each confidence represents a characteristic of a node from which
trust can be synthesized. For example:• We can trust a node to be accurate (important for data integrity)
• We can trust a node to complete task reliably
• We can trust nodes to return data quickly (or always in the guaranteed time).
• These attributes form a virtual plane to link the resources, users (individuals & services) and the applications– Virtual and extensible basis for synthesizing
varying types of trust• Signifies that there is not a fix form of trust
among the various entities
• Allows the greatest flexibility from one entityto the other
22 November 2005 CGW'05 - Krakow, Poland 11
• From the functional point of view: – Attribute certificates are used in compliment with identity
certificates provided by the existing infrastructure.• Identity certificates are used to verify the identity of an entity in a
highly anonymous environment (e.g. the internet)
• Attribute certificates are used to determine the trustworthiness of an uncertain environment (such as Pervasive Grid)
– For direct trust relationship within a single domain, a node estimates the trustworthiness of the node it is going to interact.
• By using the centralized credentials architecture to determine the trust values of the individual nodes.
• By maintaining a trust table of the domain.
– For indirect trust relationships across multiple domains, a node has to trust all the intermediaries that it traversed before arriving the second node.
• By evaluating the trust degree along the whole path.
22 November 2005 CGW'05 - Krakow, Poland 12
Outline
• Introduction
• Trust Establishment
• Implementation Status
• Conclusions
22 November 2005 13
Exam Hall Library
CA / Storage & Display Center
S S S S
T T
SS
Experimental Set-up
22 November 2005 CGW'05 - Krakow, Poland 15
Outline
• Introduction
• Trust Establishment
• Implementation Status
• Conclusions
22 November 2005 CGW'05 - Krakow, Poland 16
• The computing world is moving from the desktop computing to the mobile and nomadic computing.
• The near future Grid users will prefer to access the grid resources from their smart devices.
• Current research efforts to address trust problem in a Grid environment focus on relatively static scenarios.
• Pervasive Grid Environments require dynamic establishment of trust.
• These pervasive Grid environments may be few years ahead but its important to envision how things will be dealt with in the future.
• Our future directions include:– Implementation of deeper and fine grained interactions among
the various entities of the Pervasive Grid Environments.– Implementation of our trust model as an extension to the GSI.