G-Pass: An Instance-Oriented Security Infrastructure For Grid Travelers

Grid computing unifies distributed resources via its support for the creation and use of virtual organizations (VOs), where a VO represents a collection of distributed resources to be accessed through predefined resource sharing and coordination policies. We consider a special type of mobile processes, named Grid travelers, which can travel across boundaries of VOs for the detection of resource availability, to negotiate for the approval of access privileges and to conduct remote execution. A new security infrastructure named G-PASS is proposed to guarantee the validity and integrity of the travelers and the critical security knowledge they collect while traveling, especially while crossing some VOs. G-PASS borrows the idea of passport and custom, as well as the procedures for people's travel in real life, to provide role-based delegation mapping and access control. We demonstrate the power and feasibility of G-PASS with a simulated mobile agent environment and a distributed ray-tracing application running on multiple VOs. Various security overheads coming from migration decisions and actual agent or process migration are reported. G-PASS can be installed with Grid Security Infrastructure (GSI) as the base, which makes it compatible with the existing Grid middleware. Copyright (c) 2006 John Wiley & Sons, Ltd.