spacer back contents
ERCIM News No.49, April 2002


Security Issues underpinning Large Virtual Organisations

by Theo Dimitrakos, Brian Matthews and Juan Bicarregui

GRID computing has emerged as a new approach to a high-performance distributed computing infrastructure within the last five years. The GRID concept has been generalised to cover a virtual organisation, defined as any dynamic collection of individuals and institutions which are required to share resources to achieve certain goals. In this article we provide an overview of ongoing research towards building GRID-aware security and trust management solutions.

GRID technologies define a new powerful computing paradigm by analogy to the electric Power Gird. Based on the Internet, the GRID seeks to extend the scope of distributed computing to encompass large-scale resource sharing including massive data-stores and high-performance networking, and shared use of computational resources, be they supercomputers or large networks of workstations.The GRID concept has been generalised to cover a virtual organisation, defined as any dynamic collection of individuals and institutions which are required to share resources to achieve certain goals.

Currently the applications driving the development of this infrastructure are large-scale scientific collaborations, such as the Information Power GRID and the European DataGRID Project (, which have a clear need for the collaborative use of resources, both data and computational, and established communities which can pool their resources for common goals. Tools are appearing to support the GRID concept, notably those developed in the projects Globus (, Condor ( and Legion ( In the near future, the GRID concept will find applications in commerce and industry supporting distributed collaborative design and engineering, or distributed supply chains.

Grid technology will be used to allow enterprises to outsource computing resources and the ad-hoc creation of Virtual Organisations (VOs) within commercially available computing grids will allow for an effective management of computing resources at a global scale.

Security management is major obstacle to overcome in the route of commercialising GRID infrastructures. The traditional GRID infrastructure, such as the GRID Security Infrastructure (GSI) from Globus, using the X.509 certificates as its authentication mechanism, depends on interfaces at the protocol level to provide the security infrastructure. However, this approach has concentrated on authentication and does not cover all aspects of security management. In particular there is little support for authorisation management, the specification and enforcement of security policies, the treatment of cases where the (agents managing the) collaborating resources have no prior knowledge of each other (or their certifying authorities).

In the paper "Building Trust on the GRID - Trust Issues Underpinning Scalable Virtual Organisations", we identified the need to supplement this infrastructure by raising the level of the trust within a GRID architecture. This builts upon the established literature in trust analysis, which provides a framework for analysing how trust should be transmitted between agents in distributed systems, especially dealing with how to propagate trust between agents with little or no prior knowledge of each other. The basis of this infrastructure is the explicit declaration and publication of trust policies by participating resources on the GRID using an appropriate policy specification exchange language. Agents wishing to utilise resources would be able to present their credentials, policies and requirements to the participating resources and an automated process would verify the credentials, possibly referring to trusted third parties, to establish identity, deduce authorisation based upon supplier and consumer policies and to authorise (or revoke) access under the specified the conditions of use. To support this, one would need to add at least the following:

  • resource brokerage services to facilitate resource discovery and allocation in compliance with a contractual realisation of QoS requirements
  • a means of publishing, negotiating and exchanging policy statements
  • appropriate trust support services, such networks of trust authorities, and an infrastructure allowing for the dynamic formation of certification chains
  • a trust management framework able to cope with the complexity and uncertainty underpinning most interactions in open dynamic systems such as the GRID architectures; this will need to draw a distinction between perceived and actual security, relate trust to enterprise objectives and weigh it against transaction risk
  • a policy-driven security management system, which is able to support the dynamic formation of collectives of entities which are required to share resources to achieve certain goals.

In a paper entitlet "Policy-Driven Access Control over a Distributed Firewall Architecture" (in Proceedings of the IEEE Policy Workshop 2002, IEEE Press, 2002) we propose to address the latter by bringing together two current lines of research:

  • policy-driven access control, where policies are identified as first-class data objects in their own right, which can be negotiated and tailored to particular groups of clients
  • a distributed firewalls architecture augmented with the concept of Closed User Groups (CUG), which has the benefits of facilitating P2P collaboration, whilst allowing to maintain the integrity of systems supplied by central administration of the security policies.

So far we have focused on the realisation of policy-driven access control management for CUG-aware distributed firewalls that can easily adapted to facilitate a GRID based implementation. In the following months we plan to test the applicability of this architecture in a GRID test-bed in areas such as e-Science (within CLRC e-Science programme or e-Business (within GRASP a forthcoming European project aiming to explore an advanced infrastructure for Application Service Provision based on GRID technology.

CLRC e-Science programme:

Please contact:
Theo Dimitrakos, CLRC
Tel: +44 1235 44 6387