CS Document 2781-v1
A Minimalistic Approach to End-to-End Protection of Grid Job Payloads
- Document #:
- CS-doc-2781-v1
- Document type:
- Technical Note
- Submitted by:
- Igor Sfiligoi
- Updated by:
- Igor Sfiligoi
- Document Created:
- 28 Jul 2008, 10:20
- Contents Revised:
- 28 Jul 2008, 10:20
- Metadata Revised:
- 28 Jul 2008, 10:20
- Abstract:
- The security mechanisms for Grid job submission were designed under the assumption that users would submit their jobs directly to remote Grid gatekeepers handling the computing resources. However, in the last several years direct submission has never been the main submission mechanism in Grids like OSG and EGEE, as most users prefer to submit their jobs to a chain of intermediate workload management systems (WMSes) instead. This introduces additional security risks since any WMS can alter the job payload, allowing for execution of arbitrary code in a user's name. In this paper we describe the potential attack vectors and outline a minimalistic end-to-end conceptual solution, based on extensions to user credentials, to contrast them.
- Files in Document:
-
- Paper (e2e_final.pdf, 148.3 kB)
- Topics:
- Authors:
- Keywords:
- security Grid X509 end-to-end
