Evaluating Grid Portal Security

Grid portals are an increasingly popular mechanism for creating customizable, Web-based interfaces to grid services and resources. Due to the powerful, general-purpose nature of grid technology, the security of any portal or entry point to such resources cannot be taken lightly. This is particularly true if the portal is running inside of a trusted perimeter, such as a science gateway running on an SDSC machine for access to the TeraGrid. To evaluate the current state of grid portal security, we undertake a comparative analysis of the three most popular grid portal frameworks that are being pursued as frontends to the TeraGrid: GridSphere, OGCE and clarens. We explore general challenges that grid portals face in the areas of authentication (including user identification), authorization, auditing (logging) and session management then contrast how the different grid portal implementations address these challenges. We find that although most grid portals address these security concerns to a certain extent, there is still room for improvement, particularly in the areas of secure default configurations and comprehensive logging and auditing support. We conclude with specific recommendations for designing, implementing and configuring secure grid portals