ACM Transactions on Computer Systems (TOCS)
A security architecture for computational grids
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Using encryption for authentication in large networks of computers
Communications of the ACM
HPDC '96 Proceedings of the 5th IEEE International Symposium on High Performance Distributed Computing
The CRISIS wide area security architecture
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
| Hi-index | 0.00 |
The need to share information while maintaining privacy and security is a growing problem in health, finance, defense, and other distributed environments. Mitigating threats in a distributed computing environment is a difficult task and requires constant vigilance and defense-in-depth. Most systems lack a secure model that guarantees an end-to-end security. In this paper, we devise a model that mitigates a number of threats to the distributed computing pervasive in corporate and institutional information technology enterprises. This authentication process is part of a larger information assurance systemic approach that requires that all active entities (users, machines and services) are named, and credentialed. Authentication is bilateral using PKI credentialing, and authorization is based upon Security Assertion Markup Language (SAML) attribution statements. Communication across domains is handled as a federation activity using WS-* protocols. We present the architectural model, elements of which are currently being demonstrated and tested in a functional prototype in a boundary protected area processing center. The architecture is also applicable to a private cloud.