Speaker
Ms
Yulia Dubenskaya
(SINP MSU)
Description
The report presents our current work on design and development of security infrastructure of modern kind that is intended for different types of distributed computing systems (DCS). The main goal of the approach is to provide users and administrators with transparent, intuitive and yet secure interface to the computational resources.
The key points of the proposed approach to security infrastructure development are listed as follows:
-- All the connections in the DCS must be secured with SSL/TLS protocol.
-- Initial user authentication is performed using a pair of login and password with the use of multi-factor authentication where necessary.
-- After successful login a user obtains a special session key with a limited validity period for further password-free work.
-- Every single computational request is protected by the individual hash which is not limited in time.
-- These hashes are registered by the special authentication and authorization service, and states of the hashes are tracked on real time. The service also provides online requests authorization for delegation of user rights to the other services in the DCS.
A prototype of the proposed security infrastructure was deployed on a testbed. It includes an authentication and authorization service, an execution service, a storage management service, and a user interface. Various tests have shown that the proposed algorithm and architecture are competitive in terms of functionality, usability, and performance. The results can be used in the grid systems, cloud structures, large data processing systems (Big Data), as well as for the organization of remote access via the Internet to supercomputers and computer clusters.
This work is supported by the Ministry of Education and Science of the Russian Federation, agreement No.14.604.21.0146 (RFMEFI60414X0146).
Primary author
Ms
Yulia Dubenskaya
(SINP MSU)
Co-authors
Dr
Alexander Kryukov
(SINP MSU)
Dr
Andrey Demichev
(SINP MSU)