Grid security: lessons for peer-to-peer systems

摘要

The vision of the Grid is to provide a computational infrastructure supporting flexible, secure, coordinated resource sharing among dynamic collections of individuals, institutions, and resources. The Grid involves access to computer systems and data outside one's own company or institution. Security is therefore a major element in any Grid infrastructure, as it is necessary to ensure that only authorised access is permitted. The early development of the Grid also largely failed to take account of operational realities such as network administrator responsibilities and network devices such as firewalls. We believe that the peer-to-peer community is also likely to face similar conflicts between its decentralized management approach and the day-to-day concerns of those entrusted to maintain our security. We have found that it is necessary to develop a radical solution to some of these problems, including "proxy-free" delegation models and semantically-aware firewalls. The challenge for computer system developers and operators is to allow legitimate users to go about their business, while preventing unauthorised users from perpetrating these various types of abuse.