Fermilab Computing Division

CS Document 2781-v1

A Minimalistic Approach to End-to-End Protection of Grid Job Payloads

Document #:
CS-doc-2781-v1
Document type:
Technical Note
Submitted by:
Igor Sfiligoi
Updated by:
Igor Sfiligoi
Document Created:
28 Jul 2008, 10:20
Contents Revised:
28 Jul 2008, 10:20
Metadata Revised:
28 Jul 2008, 10:20
Viewable by:
  • Public document
Modifiable by:

Quick Links:
Latest Version

Abstract:
The security mechanisms for Grid job submission were designed under the assumption that users would submit their jobs directly to remote Grid gatekeepers handling the computing resources. However, in the last several years direct submission has never been the main submission mechanism in Grids like OSG and EGEE, as most users prefer to submit their jobs to a chain of intermediate workload management systems (WMSes) instead. This introduces additional security risks since any WMS can alter the job payload, allowing for execution of arbitrary code in a user's name. In this paper we describe the potential attack vectors and outline a minimalistic end-to-end conceptual solution, based on extensions to user credentials, to contrast them.
Files in Document:
  • Paper (e2e_final.pdf, 148.3 kB)
DocDB Home ]  [ Search ] [ Authors ] [ Events ] [ Topics ]

DocDB Version 8.8.9, contact Document Database Administrators