Title :
A Concept for Grid Credential Lifecycle Management and Heuristic Credential Abuse Detection
Author :
Kunz, Christopher ; Wiebelitz, Jan ; Piger, Stefan ; Grimm, Christian
Author_Institution :
Regional Comput. Center for Lower Saxony, Leibniz Univ. Hannover, Hannover
Abstract :
In modern grids, authentication is usually implemented via an X.509 PKI. Proxy certificates are employed to facilitate interaction with the grid, especially for purposes of delegation and single sign-on. However, due to the nature of proxy credentials, these can be obtained by an unauthorized third party and abused for disruptive actions or unauthorized resource consumption. We propose modifications to the grid security infrastructure that allow reporting of proxy usage information to a database, giving the end user an opportunity to review by whom and why his credentials were used. Furthermore, we plan to implement a heuristic method of automated abuse detection for proxy credentials which will give the user a way to easily detect unauthorized usage of their credentials.
Keywords :
authorisation; digital signatures; grid computing; public key cryptography; X.509 PKI; automated abuse detection; grid credential lifecycle management; grid security infrastructure; heuristic method; heuristic proxy credential abuse detection; message authentication; proxy certificate; unauthorized resource consumption; unauthorized third party; Authentication; Authorization; Computer network management; Computer networks; Conference management; Data security; Grid computing; Middleware; Operating systems; Protection; Grid; PKI; X.509; abuse detection; auditing; proxy certificate;
Conference_Titel :
Networking and Services, 2009. ICNS '09. Fifth International Conference on
Conference_Location :
Valencia
Print_ISBN :
978-1-4244-3688-0
Electronic_ISBN :
978-0-7695-3586-9
DOI :
10.1109/ICNS.2009.51
