A Credential Renewal Service for Long-Running Jobs
GRID '05 Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing
Dynamic security context management in Grid-based applications
Future Generation Computer Systems
Hi-index | 0.00 |
The scale and power of Grid infrastructures makes them an inviting target for attack. Even if the Grid software is secure the Grid infrastructure is vulnerable via operating system vulnerabilities and misconfiguration. One of the worst results of the exploit of these vulnerabilities is user proxy credential compromise. This paper describes a pragmatic and simple way, using proxy certificate extensions, to mitigate the damage in case of credential compromise. The potential damage is limited by restricting the range of hosts that the credentials can be used to open connections to and be accepted from. This paper also describes a way to help investigate credential delegation problems.