Interposition agents: transparently interposing user code at the system interface
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Unified login with pluggable authentication modules (PAM)
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
The grid: blueprint for a new computing infrastructure
The grid: blueprint for a new computing infrastructure
Multiple Bypass: Interposition Agents for Distributed Computing
Cluster Computing
A Unified Framework for Periodic, On-Demand, and User-Specified Software Information
GRID '04 Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing
From gridmap-file to VOMS: managing authorization in a Grid environment
Future Generation Computer Systems - Special issue: High-speed networks and services for data-intensive grids: The DataTAG project
The Anatomy of the Grid: Enabling Scalable Virtual Organizations
International Journal of High Performance Computing Applications
Identity Boxing: A New Technique for Consistent Global Identity
SC '05 Proceedings of the 2005 ACM/IEEE conference on Supercomputing
Surfer: an extensible pull-based framework for resource selection and ranking
CCGRID '04 Proceedings of the 2004 IEEE International Symposium on Cluster Computing and the Grid
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
A scalable aural-visual environment for security event monitoring, analysis, and response
ISVC'07 Proceedings of the 3rd international conference on Advances in visual computing - Volume Part I
Maintaining high performance communication under least privilege using dynamic perimeter control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
High performance reliable file transfers using automatic many-to-many parallelization
Euro-Par'12 Proceedings of the 18th international conference on Parallel processing workshops
| Hi-index | 0.00 |
Grid computing promises gains in effective computational power, resource utilization, and resource accessibility, but in order to achieve these gains, organizations must deploy grid middleware that, in most cases, does not adhere to fundamental security principles. This paper introduces a new lightweight grid middleware called Mesh, which is based on the addition of a single sign-on capability to the built-in public key authentication mechanism of SSH using system call interposition. The initial Mesh implementation is compatible with approximately 90% of the world's SSH servers and any SSH client that supports public key authentication. Resources maybe added to a Mesh-based grid in a matter of minutes using just five small files and two environment variable settings. Mesh adheres to fundamental security principles and was designed to be compatible with strong security mechanisms including two-factor authentication, SSH bastions, and restrictive firewalls. Mesh uses a remote command model, which is based on the syntax and commands already understood by users, thus requires no additional knowledge to utilize effectively. Several existing services have been integrated with Mesh to provide resource discovery and query, high performance file transfer, and job management.