Tutorial at ICS'2009: Security and VO Management in Grids
This tutorial provides an overview of security and Virtual Organization management in established and new Grid systems. We survey the security and Virtual Organization management features provided by some major Grid middleware packages, and introduce the comparable functionality in XtreemOS, a Grid-based operating system.
Concepts in Grid security are introduced, including their respective challenges and protection mechanisms. We describe the Globus, gLlite and UNICORE middleware packages, showing the services they provide, their VO management functions, and security abilities. The tutorial then explores the features of the XtreemOS Grid operating system, demonstrating the advantages of close integration between Grid functionality and operating system facilities.
A basic understanding of Grid concepts is required.
The target audience for this tutorial comprises the following:
- Grid users looking for an appropriate grid technology for running applications
- Grid developers wishing to make use of technologies such as P2P
- Grid administrators wishing to evaluate flexible resource allocation/brokering and VO management
The ICS Conference is the premier international conference for parallel computing, distributed systems and processing. A significant number of ICS2009 attendees are concerned with Grid computing and participate in collaborative inter-organizational and organizational projects. Security, trust, and VO management are central to the facilitation of such short-, mid-, and long-term collaborations. The tutorial will be given by members of the XtreemOS project, an Integrated Project supported by the European Commission's IST program to develop a next-generation Grid-aware operating system.
General description of tutorial content:
There are three parts to this tutorial. It starts with an overview of the security and VO management concepts that underlie Grid computing. Implementations of these concepts are described in the next section, which compares the approaches being adopted in some popular Grid middleware packages. To finish, the XtreemOS Grid operating system is described and compared to Grid middleware packages.
3. Content and Schedule
Date: workshops and tutorials will be held on June 12th (http://www.ics-conference.org/workshops.html#5)
(Duration 3 hours)
Grid security and VO Management: concepts and issues - 1 hour
- Concepts of user identity - authentication, authorization and access control to resources
- Challenges to Grid security
- Single-Sign On and Federation
- VO concepts and models
Security and VO management in the state-of-the-art Grid systems - 1 hour
- Globus – authentication & Single-sign on, authorization, delegation, Community Authorization Service, plugins for VOMS
- gLite - authentication, authorization, delegation, VOMS
- UNICORE - clients and authentication Gateway
VOMS Attribute Authority for UNICORE using SAML
- Security and VO management in XtreemOS
XtreemOS: a Grid-based Operating System – 1 hour
- XtreemOS objectives
- XtreemOS Foundation layer (credential storage via Key Retention Service, mention use of PAM)
- UID/GID mapping from VO attributes
- XtreemOS Grid layer - Services and Applications
Show a job submission workflow invoking XtreemOS services
- XtreemOS advantages
- XtreemOS roadmap for interoperability
- Yvon Jégou
Yvon Jégou is full time INRIA researcher and he is working in the PARIS research project of INRIA-Rennes Bretagne Atlantique in France. He got his engineering degree from Institut National des Sciences Appliquées (INSA) of Rennes (France) and then his PhD degree from the University of Rennes in 1979. His research activities are centered on computer architecture, operating systems and compilation techniques for parallel and distributed computing. His current research is focused on the development of DSM technologies for the implementation of runtime systems on large clusters and for the management of data repositories on the Grid. In the XtreemOS project, he is mainly involved in the management of Virtual Organizations, in the definition of the security architecture and in the exploitation of low level Linux capabilities for grid application sandboxing.
- Christine Morin
Christine Morin received her engineering degree from the Institut National des Sciences Appliquées (INSA), of Rennes (France), in 1987 and master and PhD degrees in Computer Science from the University of Rennes I in 1987 and 1990, respectively. In March 1998, She got her Habilitation à Diriger des Recherches in Computer Science from the Université de Rennes 1.
Since 1991, she has held a researcher position at INRIA and has carried out her research activities at IRISA/INRIA-Rennes. Since January 2000, she has been a member of the INRIA PARIS project-team contributing to the programming of large scale parallel and distributed systems. From October 2000 to August 2002, she has held a temporary assistant professor position at IFSIC (University of Rennes I). Since September 2002, she has held a senior researcher position at INRIA. Since 1999, she has led research activities on single system image OS for high performance computing in clusters, resulting in Kerrighed cluster OS, now developed in open source (http://www.kerrighed.org). She is the scientific coordinator of the XtreemOS project which is a 4-year European integrated project started in June 2006 (http://wwwxtreemos.eu). She is a co-founder of Kerlabs start-up, created in 2006 to exploit Kerrighed technology (http://www.kerlabs.com). Her research interests are in operating systems, distributed systems, fault tolerance, cluster and grid computing. She is the author of more than 70 papers in refereed international journals and conferences. She is a member of ACM and IEEE.
- Haiyan Yu
Haiyan Yu received his PhD in Systems Engineering in 2000 from Beijing JiaoTong University of China. He worked as a post-doctoral fellow at INRIA of France from 2001 to 2002. He is currently an associate professor of ICT. He served as the key R&D member of the Vega Grid project and the Chinese National Grid(CNGrid) project.
- Corina Stratan
Corina Stratan is a postdoctoral researcher at the Computer Systems Group at Vrije Universiteit Amsterdam, working with prof. Guillaume Pierre and prof. Maarten van Steen, on resource selection in large scale distributed systems. In 2008 she obtained a Ph.D. in Computer Science from the Politehnica University of Bucharest, Romania; the Ph.D. research was focused on monitoring and performance analysis in distributed systems. In 2006 and 2007 she worked as a summer intern at the IBM T.J. Watson Research Center, with dr. Liana Fong, in a project that investigated the dynamic adaptation of WS-BPEL business processes.
Dr. Christine Morin - christine.morin(at)inria.fr
23rd International Conference on Supercomputing (ICS'09)
June 8-12, 2009
IBM T.J. Watson Research Center, Metro New York City Area, USA http://www.ics-conference.org/