Proxy Restrictions for Grid Usage

Authors:
Joni Hahkala;John White;Ákos Frohner
Affiliations:
Helsinki Institute of Physics, Helsingin Yliopisto, Finland FIN-00014;Helsinki Institute of Physics, Helsingin Yliopisto, Finland FIN-00014;CERN European Organization for Nuclear Research, Geneve 23, Switzerland CH-1211
Venue:
GPC '09 Proceedings of the 4th International Conference on Advances in Grid and Pervasive Computing
Year:
2009

Citing 2
Cited 0

A Credential Renewal Service for Long-Running Jobs

GRID '05 Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing
Dynamic security context management in Grid-based applications

Future Generation Computer Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

The scale and power of Grid infrastructures makes them an inviting target for attack. Even if the Grid software is secure the Grid infrastructure is vulnerable via operating system vulnerabilities and misconfiguration. One of the worst results of the exploit of these vulnerabilities is user proxy credential compromise. This paper describes a pragmatic and simple way, using proxy certificate extensions, to mitigate the damage in case of credential compromise. The potential damage is limited by restricting the range of hosts that the credentials can be used to open connections to and be accepted from. This paper also describes a way to help investigate credential delegation problems.