Detecting Credential Abuse in the Grid Using Bayesian Networks
GRID '11 Proceedings of the 2011 IEEE/ACM 12th International Conference on Grid Computing
Hi-index | 0.00 |
In modern Grids, authentication is usually implemented via an X.509 PKI. Proxy certificates are employed to facilitate interaction with the Grid, especially for purposes of delegation and single sign-on. However, due to the nature of proxy credentials, these can be obtained by an unauthorized third party and abused for disruptive actions or unauthorized resource consumption. We propose modifications to the Grid Security Infrastructure that allow reporting of proxy usage information to a database, giving the end user an opportunity to review by whom and why his credentials were used. Furthermore, we plan to implement a heuristic method of automated abuse detection for proxy credentials which will give the user a way to easily detect unauthorized usage of their credentials.