2007
Secure Logistical Networking in Virtual Organizations
HEJTMÁNEK, Lukáš, Luděk MATYSKA a Michal PROCHÁZKAZákladní údaje
Originální název
Secure Logistical Networking in Virtual Organizations
Název česky
Bezpečné logistické sítě ve virtuálních organizacích
Autoři
Vydání
16 s. 2/2007, 2007
Nakladatel
CESNET z.s.p.o.
Další údaje
Jazyk
angličtina
Typ výsledku
Výzkumná zpráva
Obor
10201 Computer sciences, information science, bioinformatics
Stát vydavatele
Česká republika
Utajení
není předmětem státního či obchodního tajemství
Odkazy
Organizační jednotka
Fakulta informatiky
Klíčová slova anglicky
IBP; PKI; X509; authentication; authentization
Štítky
Změněno: 6. 4. 2007 23:24, RNDr. Lukáš Hejtmánek, Ph.D.
Anotace
V originále
In this paper, we propose an architecture that extends Logistical Networking to use Grid authentication and authorization services. Our architecture guarantees that user is authenticated to all services included in network storage stack, the authorization granularity is also at the service level and all authorizations can be revoked at any moment by service providers. We also support access policies. These can limit maximum amount of distributed storage space allocated to a user or group of users or they can limit the maximum amount of time the client can keep his data within the distributed storage. Advanced access control to files is supported, administrators can define access conditions. The prototype implementation has been used to evaluate overhead associated with the security enhancement. This overhead is negligible for Auth, Allocate, Load, and Store commands if only capabilities are encrypted, the Copy command has a penalty of some 10ms (rather negligible for large data transfers). When full data encryption is enforced, the Load, Store, and Copy command are bound by the speed of the used AES 128 cipher.
Návaznosti
| MSM0021622419, záměr |
|