Extending user-controlled security domain with TPM/TCG in Grid-based virtual collaborative environment

The paper proposes an integral approach to building multilayer security for Grid based virtual collaborative environment that leverages the general user-controlled complex resource provisioning (CRP-UC) model. The CRP-UC is considered as comprising of three layers: trusted computing platform, secure virtualised workspace, and collaborative/application session. The suggestions on the technology selection are provided for the first two layers: industry adopted Trusted Computing (TCG) platform, and Virtual Workspace Service (VWSS) developed in the framework of the Globus Toolkit. Solutions and implementation are proposed and discussed for the service/application authorisation session and security context management in multidomain applications based on the GAAA Authorisation Framework that can be used with the major service-oriented AuthZ framework. The current implementation of the XML-based authorisation ticket format is discussed and possible extensions to address wider user session management issues are suggested, in particular those related to the TCG-rooted chain of trust and session context negotiation. The paper is based on experiences gained from major Grid based and Grid oriented projects including EGEE, Phosphorus, Globus Toolkit.