Addressing the pilot security problem with gLExec

I. Sfiligoi; O. Koeroo; G. Venekamp; D. Yocum; D. Groep; D. Petravick

doi:10.1088/1742-6596/119/5/052029

Addressing the pilot security problem with gLExec

I. Sfiligoi, O. Koeroo, G. Venekamp, D. Yocum, D. Groep, D. Petravick

Research output: Contribution to journal › Article › peer-review

Abstract

The Grid security mechanisms were designed under the assumption that users would submit their jobs directly to the Grid gatekeepers. However, many groups are starting to use pilot-based infrastructures, where users submit jobs to a centralized queue and are successively transferred to the Grid resources by the pilot infrastructure. While this approach greatly improves the user experience, it does introduce several security and policy issues, the more serious being the lack of system level protection between the users and the inability for Grid sites to apply fine grained authorization policies. One possible solution to the problem is provided by gLExec, a X.509 aware suexec derivative. By using gLExec, the pilot workflow becomes as secure as any traditional one.

Original language	English (US)
Article number	052029
Journal	Journal of Physics: Conference Series
Volume	119
Issue number	5
DOIs	https://doi.org/10.1088/1742-6596/119/5/052029
State	Published - Jul 1 2008
Externally published	Yes

ASJC Scopus subject areas

General Physics and Astronomy

Online availability

10.1088/1742-6596/119/5/052029

Library availability

Discover UIUC Full Text

Cite this

@article{985322beb4364e62837a38d62bf3ac67,

title = "Addressing the pilot security problem with gLExec",

abstract = "The Grid security mechanisms were designed under the assumption that users would submit their jobs directly to the Grid gatekeepers. However, many groups are starting to use pilot-based infrastructures, where users submit jobs to a centralized queue and are successively transferred to the Grid resources by the pilot infrastructure. While this approach greatly improves the user experience, it does introduce several security and policy issues, the more serious being the lack of system level protection between the users and the inability for Grid sites to apply fine grained authorization policies. One possible solution to the problem is provided by gLExec, a X.509 aware suexec derivative. By using gLExec, the pilot workflow becomes as secure as any traditional one.",

author = "I. Sfiligoi and O. Koeroo and G. Venekamp and D. Yocum and D. Groep and D. Petravick",

year = "2008",

month = jul,

day = "1",

doi = "10.1088/1742-6596/119/5/052029",

language = "English (US)",

volume = "119",

journal = "Journal of Physics: Conference Series",

issn = "1742-6588",

publisher = "IOP Publishing Ltd.",

number = "5",

}

TY - JOUR

T1 - Addressing the pilot security problem with gLExec

AU - Sfiligoi, I.

AU - Koeroo, O.

AU - Venekamp, G.

AU - Yocum, D.

AU - Groep, D.

AU - Petravick, D.

PY - 2008/7/1

Y1 - 2008/7/1

N2 - The Grid security mechanisms were designed under the assumption that users would submit their jobs directly to the Grid gatekeepers. However, many groups are starting to use pilot-based infrastructures, where users submit jobs to a centralized queue and are successively transferred to the Grid resources by the pilot infrastructure. While this approach greatly improves the user experience, it does introduce several security and policy issues, the more serious being the lack of system level protection between the users and the inability for Grid sites to apply fine grained authorization policies. One possible solution to the problem is provided by gLExec, a X.509 aware suexec derivative. By using gLExec, the pilot workflow becomes as secure as any traditional one.

AB - The Grid security mechanisms were designed under the assumption that users would submit their jobs directly to the Grid gatekeepers. However, many groups are starting to use pilot-based infrastructures, where users submit jobs to a centralized queue and are successively transferred to the Grid resources by the pilot infrastructure. While this approach greatly improves the user experience, it does introduce several security and policy issues, the more serious being the lack of system level protection between the users and the inability for Grid sites to apply fine grained authorization policies. One possible solution to the problem is provided by gLExec, a X.509 aware suexec derivative. By using gLExec, the pilot workflow becomes as secure as any traditional one.

UR - http://www.scopus.com/inward/record.url?scp=50849122033&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=50849122033&partnerID=8YFLogxK

U2 - 10.1088/1742-6596/119/5/052029

DO - 10.1088/1742-6596/119/5/052029

M3 - Article

AN - SCOPUS:50849122033

SN - 1742-6588

VL - 119

JO - Journal of Physics: Conference Series

JF - Journal of Physics: Conference Series

IS - 5

M1 - 052029

ER -

Addressing the pilot security problem with gLExec

Abstract

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this