Personal tools
You are here: Home XtreemOS Project XtreemOS-related events Tutorial at ICS'2009: Security and VO Management in Grids

Tutorial at ICS'2009: Security and VO Management in Grids



 1. Abstract

This tutorial provides an overview of security and Virtual Organization management in established and new Grid systems. We survey the security and Virtual Organization management features provided by some major Grid middleware packages, and introduce the comparable functionality in XtreemOS, a Grid-based operating system.

Concepts in Grid security are introduced, including their respective challenges and protection mechanisms. We describe the Globus, gLlite and UNICORE middleware packages, showing the services they provide, their VO management functions, and security abilities. The tutorial then explores the features of the XtreemOS Grid operating system, demonstrating the advantages of close integration between Grid functionality and operating system facilities.

2.  Audience

Audience Prerequisites:
A basic understanding of Grid concepts is required.

Intended audience:
The target audience for this tutorial comprises the following:
- Grid users looking for an appropriate grid technology for running applications
- Grid developers wishing to make use of technologies such as P2P
- Grid administrators wishing to evaluate flexible resource allocation/brokering and VO management

The ICS Conference is the premier international conference for parallel computing, distributed systems and processing. A significant number of ICS2009 attendees are concerned with Grid computing and participate in collaborative inter-organizational and organizational projects. Security, trust, and VO management are central to the facilitation of such short-, mid-, and long-term collaborations. The tutorial will be given by members of the XtreemOS project, an Integrated Project supported by the European Commission's IST program to develop a next-generation Grid-aware operating system.

General description of tutorial content:
There are three parts to this tutorial. It starts with an overview of the security and VO management concepts that underlie Grid computing. Implementations of these concepts are described in the next section, which compares the approaches being adopted in some popular Grid middleware packages. To finish, the XtreemOS Grid operating system is described and compared to Grid middleware packages.

3. Content and Schedule

Date: workshops and tutorials will be held on  June 12th (

(Duration 3 hours)

Grid security and VO Management: concepts and issues - 1 hour
    - Concepts of user identity - authentication, authorization and access control to resources
    - Challenges to Grid security
    - Single-Sign On and Federation
    - VO concepts and models

Security and VO management in the state-of-the-art Grid systems - 1 hour
    - Globus – authentication & Single-sign on, authorization, delegation, Community Authorization Service, plugins for VOMS
    - gLite - authentication, authorization, delegation, VOMS
    - UNICORE - clients and authentication Gateway
        VOMS Attribute Authority for UNICORE using SAML
    - Security and VO management in XtreemOS

XtreemOS: a Grid-based Operating System – 1 hour
    - XtreemOS objectives
    - XtreemOS Foundation layer (credential storage via Key Retention Service, mention use of PAM)
    - UID/GID mapping from VO attributes
    - XtreemOS Grid layer - Services and Applications

    Show a job submission workflow invoking XtreemOS services

    - XtreemOS advantages
    - XtreemOS roadmap for interoperability

4. Presenters


  • Yvon Jégou

Yvon Jégou is full time INRIA researcher and he is working in the PARIS research project of INRIA-Rennes Bretagne Atlantique in France. He got his engineering degree from Institut National des Sciences Appliquées (INSA) of Rennes (France) and then his PhD degree from the University of Rennes in 1979.  His research activities are centered on computer architecture, operating systems and compilation techniques for parallel and distributed computing. His current research is focused on the development of DSM technologies for the implementation of runtime systems on large clusters and for the management of data repositories on the Grid.  In the XtreemOS project, he is mainly involved in the management of Virtual Organizations, in the definition of the security architecture and in the exploitation of low level Linux capabilities for grid application sandboxing.

  • Christine Morin

Christine Morin received her engineering degree from the Institut National des Sciences Appliquées (INSA), of Rennes (France), in 1987 and master and PhD degrees in Computer Science from the University of Rennes I in 1987 and 1990, respectively. In March 1998, She got her Habilitation à Diriger des Recherches in Computer Science from the Université de Rennes 1.
Since 1991, she has held a researcher position at INRIA and has carried out her research activities at IRISA/INRIA-Rennes. Since January 2000, she has been a member of the INRIA PARIS project-team contributing to the programming of large scale parallel and distributed systems. From October 2000 to August 2002, she has held a temporary assistant professor position at IFSIC (University of Rennes I). Since September 2002, she has held a senior researcher position at INRIA. Since 1999, she has led research activities on single system image OS for high performance computing in clusters, resulting in Kerrighed cluster OS, now developed in open source ( She is the scientific coordinator of the XtreemOS project which is a 4-year European integrated project started in June 2006 ( She is a co-founder of Kerlabs start-up, created in 2006 to exploit Kerrighed  technology ( Her research interests are in operating systems, distributed systems, fault tolerance, cluster and grid computing. She is the author of more than 70 papers in refereed international journals and conferences. She is a member of ACM and IEEE.

  • Haiyan Yu

Haiyan Yu received his PhD in Systems Engineering in 2000 from Beijing JiaoTong University of China. He worked as a post-doctoral fellow at INRIA of France from 2001 to 2002. He is currently an associate professor of ICT. He served as the key R&D member of the Vega Grid project and the Chinese National Grid(CNGrid) project.

  • Corina Stratan

Corina Stratan is a postdoctoral researcher at the Computer Systems Group at Vrije Universiteit Amsterdam, working with prof. Guillaume Pierre and prof. Maarten van Steen, on resource selection in large scale distributed systems. In 2008 she obtained a Ph.D. in Computer Science from the Politehnica University of Bucharest, Romania; the Ph.D. research was focused on monitoring and performance analysis in distributed systems. In 2006 and 2007 she worked as a summer intern at the IBM T.J. Watson Research Center, with dr. Liana Fong, in a project that investigated the dynamic adaptation of WS-BPEL business processes.

5. Contact


Dr. Christine Morin - christine.morin(at)