+1 Recommend
1 collections
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Deploying the Globus Security Infrastructure in a Production Environment: Testing and Evaluation

      , ,

      EuroWeb 2002 Conference (EW)


      17-18 December 2002

      Read this article at

          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.


          The Globus Toolkit emerged among several projects as the standard de facto for the design of an infrastructure for computational grids. The Globus Security Infrastructure (GSI) provides security features that integrate and extend standard protocols for distributed systems with original solutions. In this paper we investigate the functional correctness and effectiveness of the GSI features with respect to the main security services peculiar of a production environment. With this aim, we design and deploy a multiplatform, multiversion and multisite testbed for a computational grid. We then define a formal plan of tests and accomplish it in our testbed. Our results show that: message integrity, authentication and non repudiation are well addressed; access control and availability are problematic; message confidentiality was not implemented in the software release available at the time experiments have been accomplished. These results point out that GSI can be transferred to a production environment only if supported with a series of countermeasures aimed to reduce risks implied from a not satisfactory user credentials management and a lack of an effective monitoring system. Finally, we discuss the main points to be fixed in the deployment of a computational grid, such as the integration with Certification Authorities other than the one provided by Globus, and the adopted countermeasures mainly consisting in some additional features, such as an automatic tool for grid user management, a tool for advanced local access control, and a monitoring system for grid resources.

          Related collections

          Author and article information

          December 2002
          December 2002
          : 1-10
          Servizio Reti di Telecomunicazioni del C.N.R., Roma, Italy
          Netlab, Istituto di Analisi dei Sistemi ed Informatica del CNR, Roma, Italy
          © M. Draoli et al. Published by BCS Learning and Development Ltd. EuroWeb 2002 Conference

          This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

          EuroWeb 2002 Conference
          St Anne’s College, Oxford, UK
          17-18 December 2002
          Electronic Workshops in Computing (eWiC)
          Product Information: 1477-9358BCS Learning & Development
          Self URI (journal page): https://ewic.bcs.org/
          Electronic Workshops in Computing


          Comment on this article