Naqvi, Syed Salar Hussain (2005) Architecture de sécurité pour les grands systèmes ouverts, répartis et hétérogènes. PhD thesis Informatique et Réseaux, ENST - INFRES Informatique et Réseaux, ENST.

Full text available as: - These_Naqvi.pdf ( 2894 Kb )

Licence: Copyright

Abstract

Nous avons proposé une architecture de sécurité apte à répondre aux besoins généraux de sécurité de des systèmes hétérogènes distribués ouverts à grande échelle. Nous avons procédé à d'importants travaux de terrain pour déterminer les limitations et les failles des solutions de sécurité actuellement proposées pour ces systèmes et pour établir quels sont les véritables besoins que doit satisfaire l'architecture de sécurité, de manière à réduire les pertes de performances et à assurer une sécurité robuste. Nous avons notamment identifié l'analyse des besoins, l'analyse du risque, la modélisation des menaces et la faisabilité de mise en œuvre.
Le concept de virtualisation des services de sécurité est introduit pour les services en question. Il est nécessaire de disposer d'une totale liberté de choix des mécanismes de sécurité sous-jacents. Du point de vue de la sécurité, la virtualisation de la définition d'un service tient compte des besoins de sécurité qui permettent d'accéder à ce service. Il permet à chaque terminaison participante d'exprimer la politique qu'elle souhaite voir appliquer lorsqu'elle s'engage dans un échange sécurisé avec une autre terminaison.
Un mécanisme configurable d'appel des services de sécurité est proposé pour répondre aux besoins de sécurité des différentes catégories d'utilisateurs. Cette approche permet de faire évoluer l'infrastructure de sécurité avec des effets moindres sur les fonctionnalités de gestion des ressources, qui sont encore en pleine phase d'évolution. En outre, elle permet aux utilisateurs et aux fournisseurs de ressources de configurer l'architecture de sécurité en fonction de leurs besoins et de leur niveau de satisfaction.

References

1. Naqvi S., Riguidel M., Security Architecture for Heterogeneous Distributed Computing Systems, IEEE International Carnahan Conference on Security Technology 2004 (IEEE ICCST2004), Albuquerque, New Mexico - USA, October 11-14, 2004. pp 34-41 (ISBN 0780385063)
2. Naqvi S., Riguidel M., Problems in the Implementation of Grid Security Services, Cracow Grid Workshop 2004 (CGW'04), Krakow - Poland, December 12-15, 2004. pp 338-346 (ISBN 8391514145)
3. Naqvi S., Riguidel M., Security Challenges for Highly Available Systems, IEEE International Carnahan Conference on Security Technology 2005 (IEEE ICCST2005), Las Palmas, Spain, October 11-14, 2005
4. Naqvi S., Riguidel M., Security Risk Analysis for Grid Computing, Proceedings of Cracow Grid Workshop 2003 (CGW'03), Krakow - Poland, October 27-29, 2003. pp 174-189 (ISBN 8391514137)
5. Naqvi S., Riguidel M., Threat Model for Grid Security Services, European Grid Computing Conference 2005 (EGC2005), Amsterdam, Netherlands, February 14-16, 2005. pp 1048-1055 (ISBN 8391514145)
6. Naqvi S., Riguidel M., Addressing Secure Access Challenges for Nomadic Grid: A Hospital Case Study, Grid Asia Conference 2005, Biopolis, Singapore, May 2-6, 2005
7. Naqvi S., Riguidel M., Secure Data Exchange Between Intelligent Devices and Computing Centers, SPIE Defense and Security Symposium 2005 (SPIE-DSS2005), Orlando, Florida - USA, March 28-April 01, 2005. pp 157-166 (ISBN 0819457884
8. Naqvi S., Riguidel M., Demeure I., Security Architecture for Health Grid using Ambient Intelligence, Health Grid Conference 2004 (HG2004), Clermont-Ferrand - France, January 29-30, 2004.- Published in the Special Grid Issue of Methods of Information in Medicine (MIM), vol. 44, May 2005, pp 202-206 (ISSN 0026-1270)
9. Kreuwels C., Electronic data interchange, IEEE Information Technology Conference 'Next Decade in Information Technology' (Cat. No. 90TH0326-9) 1990, Jerusalem, October 22-25, 1990, pp 214-224
10. Foster I., Kesselman C., The Grid: Blueprint for a New Computing Infrastructure, Morgan Kaufman Publishers, ISBN 1-55860-475-8, August 1998
11. Lorch M., Kafura D., Grid Community Characteristics and their Relation to Grid Security, Technical Report TR-03-20, Computer Science, Virginia Tech., June 2003
12. Connor D., Grid Computing Hits Security Gridlock, Network World Fusion online magazine, 06 October 2002
13. European Union Information Society Technologies, A thematic priority for Research and Development under the Specific Program "Integrating and Strengthening the European Research Area" in the Community sixth Framework Program, http://www.cordis.lu/ist
14. National Science Foundation, http://www.nsf.gov
15. Naqvi S., Riguidel M., Designing Security Architecture for Large Scale, Open, Distributed Heterogeneous Systems, IEEE Symposium on Security and Privacy 2005 (IEEE-SP2005), Berkeley/Oakland, California - USA May 8-11, 2005
16. Naqvi S., Riguidel M., VIPSEC: Virtualized and Pluggable Security Services Infrastructure for Adaptive Grid Computing, Proceedings of IEEE International Symposium on Network Computing and Applications (IEEE NCA04), Cambridge, Massachusetts - USA, August 30-September 01, 2004 (ISBN 0769522424)
17. Naqvi S., Riguidel M., Security and Trust Assurances for Smart Environments, IEEE International Workshop on Resource Provisioning and Management in Sensors Network 2005 (RPMSN05), Washington DC, USA, November 7-10, 2005
18. Naqvi S., Riguidel M., Dynamic Distribution of Trust in the Grid Environments, eChallenges Conference 2005, Ljubljana, Slovenia, October 19-21, 2005
19. Naqvi S., Riguidel M., Trust Establishment in Pervasive Grid Environments, Cracow Grid Workshop 2005 (CGW'05), Krakow - Poland, November 20-23, 2005
20. Naqvi S., Riguidel M., G3S: Grid Security Services Simulator, Health Grid Conference 2005 (HG2005), Oxford, UK, April 7-9, 2005
21. Naqvi S., Riguidel M., Grid Security Services Simulator (G3S) - A Simulation Tool for the Design and Analysis of Grid Security Solutions, IEEE International Conference on e-Science and Grid Computing 2005 (e-Science 2005), Melbourne, Australia, December 5-8, 2005
22. Buyya R. and Murshed M., GridSim: A Toolkit for the Modeling and Simulation of Distributed Resource Management and Scheduling for Grid Computing, The Journal of Concurrency and Computation: Practice and Experience, Wiley Press, May 2002. pp 1-32
23. Naqvi S., Riguidel M., Performance Measurements of the VIPSEC Model, High Performance Computing Symposium (HPC 2005), San Diego, California - USA, April 3-7, 2005. pp 182-187 (ISBN 1565552938)
24. Naqvi S., Riguidel M., Impact of Comprehensive Security Services on Grid Computing Performance, IEEE International Conference on Dependable Systems and Networks 2005 (IEEE-DSN2005), Yokohama, Japan, June 28 - July 1, 2005 (ISBN 0769522823)
25. Naqvi S., Riguidel M., Dynamic Access Control for Pervasive Grid Applications, IEEE International Conference on Computational Intelligence and Security 2005 (IEEE-CIS05), Xi'an, China, December 15-19, 2005
26. Naqvi S., Riguidel M., Evaluation of Grid Security Solutions using Common Criteria, Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland, September 27 - October 01, 2004. pp 854-857 (ISBN 9290832452)
27. Naqvi S., Riguidel M., Securing Grid-Based Critical Infrastructures, IEEE International Conference on Intelligence and Security Informatics (IEEE ISI-2005), Atlanta, Georgia - USA May 19-20, 2005, pp 654-655 (ISBN 3540259996)
28. Foster I., Kesselman C., Tsudik G., Tuecke S., A Security Architecture for Computational Grids, Proceedings of the 5th ACM conference on Computer and communications security, Sann Francisco, California, United States, 1998, pp 83-92, ISBN:1581130074
29. Foster I., Kesselman C., Nick J., Tuecke S., The Physiology of the Grid: An Open Grid Services Architecture for Distributed Systems Integration, January 2002.
30. Lai C., Medvinsky G. and Neuman, B., Endorsements, Licensing, and Insurance for Distributed System Services, Proceedings of the 2nd ACM Conference on Computer and Communication Security, 1994.
31. Nagaratnam, N, Janson P., Dayka J., Nadalin A., Siebenlist F., Welch V, Foster I. and Tuecke S., The Security Architecture for Open Grid Services, Version 1, 17 July 2002
32. Gordon L., Loeb M., Lucyshyn W., and Richardson R., 2004 CSI/FBI Computer Crime and Security Survey, Computer Security Institute, 2004
33. LinuxWorld Report, Linux Attacks On the Rise, Says Report - But It's Not As Simple As That, February 22, 2004, http://www.linuxworld.com/story/43760.htm
34. ComputerWorld Report, Security Statistics, July 09, 2001, http://www.computerworld.com/securitytopics/security/story/0,10801,62002,00.html
35. San Diego Supercomputer Center (SDSC) Security Experiment - worm.sdsc.edu http://security.sdsc.edu/incidents/worm.2000.01.18.shtml
36. CERT Vulnerability Notes, http://www.cert.org
37. Nicole D., Scalability of Network Simulators Revisited, Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference Orlando, FL , February 2003
38. Bernstein D., Infosecurity News - Industry Survey, Infosecurity News, May 1997
39. Owens M., A Discussion of Covert Channels and Steganography, SANS Report, March 2002
40. IBM, Introduction to Business Security Patterns, IBM White Paper
41. Information Processing Systems, Open System Interconnection, Basic Reference Model, Part 2: Security Architecture (ISO 7498-2)
42. Massachusetts Medical Society House of Delegates, Massachusetts Medical Society Policy: Patient Privacy and Confidentiality, 1996
43. Internet Engineering Task Force (IETF) RFC 3280, http://www.ietf.org/rfc/rfc3280.txt
44. MyProxy Online Credential Repository, http://grid.ncsa.uiuc.edu/myproxy
45. Foster I., Kesselman C., Tuecke S., The Anatomy of the Grid: Enabling Scalable Virtual Organizations, International Journal of Supercomputer Applications, volume 15, issue 3, 2001.
46. http://www.globus.org
47. http://www.unicore.org
48. Fu Y., Chase J., Chun., Schwab S., and Vahdat A., SHARP: An Architecture for Secure Resource Peering, Proceedings of the 19th ACM Symposium on Operating Systems Principles, Bolton Landing, NY, August 2003
49. Zeiger A., Grid Security: State of the Art, IBM developerWorks online magazine, August 2003
50. http://www.cs.wisc.edu/condor
51. Frey J., Tannenbaum T., Foster I., Livny M., and Tuecke S., Condor-G: A Computation Management Agent for Multi-Institutional Grids, Journal of Cluster Computing volume 5, pages 237-246, 2002
52. http://legion.virginia.edu
53. Kunszt P., Guy L., The Open Grid Services Architecture and Data Grids, Grid Computing: Making The Global Infrastructure a Reality (Edited by Fran Berman), John Wiley & Sons 2003.
54. World Wide Web Consortium, XQuery 1.0: An XML Query Language, W3C Working Draft, December 2001.
55. Sandholm T., Tuecke S., Gawor J., Seed R., Maguire T., Rofrano J., Sylvester S., Williams M., Java OGSI Hosting Environment Design - A Portable Grid Service Container Framework, Global Grid Forum Drafts, GGF7 Meetings, March 2003.
56. Wasson G., Beekwilder N., Morgan M., Humphrey M., OGSI.NET: OGSI-compliance on the .NET Framework, Proceedings of 2004 IEEE International Symposium on Cluster Computing and the Grid, Chicago, Illinois, April 19-22, 2004
57. Gonzalez-Castano F., Vales-Alonso J., Livny M., Condor Grid Computing from Mobile Handheld Devices, Mobile Computing and Communications Review. Vol. 6, No. 2. ACM SIGMOBILE Mobile Computing and Communications Review. Volume 6, Issue 2, April 2002.
58. Phan T., Huang L., Dulan C., Challenge: Integrating Mobile Wireless Devices into the Computational Grid, Proceedings of MOBICOM'02, Atlanta, Georgia, USA, ISBN 1-58113-486-X, September 23-26, 2002, pp 271-278
59. Clarke B., Humphrey M., Beyond the ‘Device as Portal': Meeting the Requirements of Wireless and Mobile Devices in the Legion Grid Computing System, 2nd International Workshop on Parallel and Distributed Computing Issues in Wireless Networks and Mobile Computing (associated with IPDPS 2002), Ft. Lauderdale, April 19, 2002.
60. Rowstron, A., Druschel, P., Pastry: Scalable, Distributed Object Location and Routing for Large Scale Peer-to-Peer Systems, Proceedings of the IFIP/ACM Middleware 2001, Heidelberg, Germany, 2001
61. Ratnasamy, S., Francis, P., Handley, M., Karp, R., Shenker, S., A Scalable Content Addressable Network, Proceedings of the ACM SIGCOMM'01, San Diego, California, US, 2001
62. Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H., Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications, Proceedings of the ACM SIGCOMM'01, San Diego, California, USA 2001
63. Zhao, B., Kubiatowicz, J., Joseph, A., Tapestry: An infrastructure for fault-resilient wide-area location and routing, Technical Report UCB//CSD-01-1141, University of California Berkeley, 2001
64. Douceur J., The Sybil Attack, Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), Cambridge, Massachusetts, USA, 2002
65. Merkle R., Secure Communications Over Insecure Channels, Communications of the ACM 21, 1978, pp 294-299
66. Schwartz J., Tedeschi B., New Software Quietly Diverts Sales Commissions, New York Times, 2002
67. Spring T., KaZaA Sneakware Stirs Inside PCs, PC World 2002
http://www.cnn.com/2002/TECH/internet/05/07/kazaa.software.idg/index.html
68. Weatherall D., Active Network Vision and Reality: Lessons from a Capsule-based System, Proceedings of the 17th ACM Symposium on Operating System Principles, Kiawah Island, SC, 1999, pp 64-79
69. Hicks M., Kakkar P., Moore J., Gunter C., Nettles S., PLAN: A Packet Language for Active Networks, Proceedings of the 3rd ACM SIGPLAN International Conference on Functional Programming Languages, ACM, 1998, pp 86-93
70. Wallach D., Balfanz D., Dean D., Felten E., Extensible Security Architectures for Java, Proceedings of the 16th ACM Symposium on Operating System Principles, Saint-Malo, France, 1997, pp 116-128
71. Reed M., Syverson P., Goldschlag D., Anonymous Connections and Onion Routing, IEEE Journal on Selected Areas in Communication: Special Issue on Copyright and Privacy Protection 16, 1998
72. Reiter M., Rubin A., Anonymous Web Transactions with Crowds, Communications of the ACM 42, 1999, pp 32-48
73. Waldman M., Rubin A., Cranor L., Publius: A Robust, Tamper-Evident, Censorship-Resistant, Web Publishing System. Proceedings of the 9th USENIX Security Symposium, Denver, Colorado, USA, 2000, pp 59-72
74. Waldman M., Mazires D., Tangler: A Censorship Resistant Publishing System based on Document Entanglements, Proceedings of the 8th ACM Conference on Computer and Communication Security (CCS-8), Philadelphia, Pennsylvania, USA, 2001
75. Hazel S., Wiley B., Achord: A Variant of the Chord Lookup Service for Use in Censorship Resistant Peer-to-Peer, Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), Cambridge, Massachusetts, USA, 2002
76. Serjantov A., Anonymizing Censorship Resistant Systems, Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), Cambridge, Massachusetts, USA, 2002
77. Freedman M., Sit E., Cates J., Morris R., Tarzan: A Peer-to-Peer Anonymizing Network Layer, Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS'02), Cambridge, Massachusetts, USA, 2002
78. Sit E., Morris R., Security Considerations for Peer-to-Peer Distributed Hash Tables, Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), Cambridge, Massachusetts, USA, 2002
79. Dingledine R., Freedman M., Molnar D., Accountability Measures for Peer-to-Peer Systems, Peer-to-Peer: Harnessing the Power of Disruptive Technologies, O'Reilly and Associates, 2000
80. Bellovin S., Security Aspects of Napster and Gnutella, Invited talk in Usenix Annual Technical Conference, Boston, Massachusetts, USA, 2001
81. Yurcik W., Koenig G., Meng X., Greenseid J., Cluster Security as a Unique Problem with Emergent Properties: Issues and Techniques, The 5th LCI International Conference on Linux Clusters: The HPC Revolution 2004, May 2004.
82. Amoroso E., Fundamentals of Computer Security Technology, Prentice Hall International, 1994, ISBN 0-13305-541-8
83. Sheyner O., Haines J., Jha S., Lippmann R., Wing J., Automated Generation and Analysis of Attack Graphs, IEEE Symposium on Security and Privacy, 2002.
84. Burgess M., Cluster Management with GNU cfengine. Newsletter of the IEEE Computer Society's Task Force on Cluster Computing, 2002.
85. Kim G. and Spafford E., The Design and Implementation of Tripwire: A File System Integrity Checker, Proceedings of the 2nd ACM Conference on Computer and Communications Security, 1994, pp 18-29
86. Gorsuch N., Linux Cluster Security, Linux Revolution Conference, Urbana, Illinois, USA, June 26-27, 2001.
87. Distributed Security Infrastructure Open Source Project, http://disec.sourceforge.net
88. C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartmann, Linux Security Modules: General Security Support for the Linux Kernel, Usenix Security Symposium, 2002. http://lsm.immunix.org
89. Weiser M., The Computer for the Twenty-First Century, Scientific American, September, 1991, pp 94-10
90. MIT Project Media Lab - www.media.mit.edu/~nmarmas/comMotion.html
91. Carnegie Melon University Aura Project - www-2.cs.cmu.edu/~aura
92. University of California at Berkeley's Endeavour project - endeavour.cs.berkeley.edu
93. MIT Oxygen Project - www.oxygen.lcs.mit.edu
94. University of Washington Portolano project - portolano.cs.washington.edu
95. The Sentient Computing Project - www.uk.research.att.com/spirit
96. The CoolTown Project - www.cooltown.com
97. Microsoft Easy Living Project - research.microsoft.com/easyliving
98. Kishimoto H., Savva A., Snelling D., OGSA Fundamental Services: Requirements for Commercial GRID Systems, Technical Report, Open Grid Services Architecture Working Group (OGSA WG), April 2003.
99. Bussard L., Trust Establishment Protocols for Communicating Devices, PhD Thesis, October 2004
100. Pearlman L., Welch V., Foster I., Kesselman C., Tuecke S., A Community Authorization Service for Group Collaboration, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY '02), Monteray, California, U.S.A. June 2002
101. F. Stajano and R. Anderson. The Resurrecting Duckling: Security Issues in Ad-Hoc Wireless Networks. In M. Roe B. Christianson, B. Crispo, editor, Security Protocols, 7th International Workshop Proceedings, Lecture Notes in Computer Science. Springer-Verlag, 1999.
102. F. Stajano. The Resurrecting Duckling - what next? In M. Roe B. Christianson, B. Crispo, editor, Security Protocols, 8th International Workshop Proceedings, Lecture Notes in Computer Science. Springer-Verlag, 2000.
103. Welch V., Siebenlist F., Foster I., Bresnahan J., Czajkowski K., Gawor J., Kesselman C., Meder S., Pearlman L., Tuecke S., Security for Grid Services, Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing (HPDC'03), 2003
104. International Standards Organization, ISO/IEC 1508: Common Criteria, 1999
105. Wallace K., Common Criteria and Protection Profiles: How to Evaluate Information Technology Security, SANS Institute GIAC practical repository - version 1.4b, 2003
106. The Health Grid Organization, Whitepaper on Health Grid, 2004 - www.healthgrid.org
107. Takefusa A., Matsuoka S., Aida K., Nakada H., and Nagashima U., Overview of a performance evaluation system for global computing scheduling algorithms, Proceedings of the Eighth IEEE International Symposium on High Performance Distributed Computing (HPDC'99), Washington, DC, USA, 3-6 August 1999, pp 97-104
108. Legrand A., Marchal L., Casanova H., Scheduling Distributed Applications: The SimGrid Simulation Framework, Proceedings of the 3rd IEEE/ACM International Symposium on Cluster Computing and the Grid 2003 (CCGrid2003), May 12-15, 2003, pp 138-145
109. Dumitrescu C. and Foster I., Gangsim: A Simulator for Grid Scheduling Studies, Proceedings of the IEEE International Symposium on Cluster Computing and the Grid (CCGrid'05), Cardiff, UK, may 2005
110. Cameron D., Carvajal-Schiaffino R., Millar P., Nicholson C., Stockinger K., and Zini F., OptorSim: A Grid Simulator for Replica Optimisation, UK e-Science All Hands Conference 31 August - 3 September 2004.
111. www.opnet.com
112. Schneck, P.A. and Schwan, K, "Dynamic Authentication for High-Performance Networked Applications", Technical Report GIT-CC-98-08, Georgia Institute of Technology, College of Computing, Atlanta, GA, 1998
113. Ellison R., Fisher D., Linger R., Lipson H., Longstaff T., Mead N., Survivability: Protecting Your Critical Systems. IEEE Internet Computing, Volume 3, No. 6, November/December 1999
114. A. Wood and J. Stankovic. Denial of service in sensor networks. IEEE Computer. 15(4), 48-56, 2002.
115. L. Zhou and Z. Hass. Securing ad hoc networks. IEEE Network. 13(6), 24-30, 1999.
116. D. Carman, P. Kruus and B. Matt. Constraints and approaches for distributed sensor network security. NAI Labs: Technical Report # 00-010, 2000.
117. V. Wen, A. Perrig and R. Szewczyk. SPINS: Security protocols for sensor networks. Proceedings of the seventh annual international conference on mobile computing and networking. Rome, Italy, July 16-21, 2001. pp 189-199.
118. S. Marti, T. Giuli, K. Lai and M. Baker. Mitigating routing misbehavior in mobile ad hoc networks. Proceedings of the sixth annual international conference on mobile computing and networking. Boston, MA, August 6-11, 2000. pp 255-265.
119. H. Yang, X. Meng and S. Lu. Self-organized network layer security in mobile ad hoc networks. Proceedings of the first ACM Workshop on Wireless Security (WiSe). Atlanta, GA, September 28, 2002. pp 11-20.
120. Y. Hu, A. Perrig and D. Johnson. Ariadne: a secure on-demand routing protocol for ad hoc networks. Proceedings of the eighth annual international conference on mobile computing and networking (Mobicom). Atlanta, GA, September 23-26, 2002.
121. J. Deng, R. Han and S. Mishra. A performance evaluation of intrusion-tolerant routing in wireless sensor networks, Proceedings of the second international workshop of information processing in sensor networks. Palo Alto, CA, April 22-23, 2003. pp 349-363.
122. Montagnat J, Bellet F., Benoit H., Breton V., Brunie L., Duque H., Legre Y., Magnin I., Maigne L., Miguet S., Pierson J., Seitz L., Tweed T., Medical images simulation, storage and processing on the European DataGrid testbed, Journal of Grid Computing 2(4):387-400, December 2004, Springer Verlag, ISSN 1570-7873
123. Ribeyrol C., Support Policy for Future Projects on Critical Infrastructure Security, Conference on Critical Infrastructures, Grenoble, France, June 2003
124. Chivers H., McDermid J., Refactoring Service-Based Systems: How to Avoid Trusting a Workflow Service, Grid Workflow 2004 Special Issue of Concurrency and Computation: Practice and Experience.
125. United States General Accounting Office, Progress and Challenges for DOD's Advanced Distributed Learning Programs, Report to Congressional Committees, February 2003
126. The GRIDBUS Project - www.gridbus.org

Table of content

Acknowledgements - ii
table of contents - iv
resume - 1
1. cadre de recherche - 1
2. architecture de securite - 2
3. mise en Œuvre et evaluation fonctionnelle - 5
4. conclusions et futures orientations - 5
summary - 7
1. research context - 7
2. security architecture - 8
3. implementation and functional assessment - 10
4. conclusions and future directions - 11
chapter 1 introduction - 12
1.1. research context - 12
1.2. security challenges in a large scale heterogeneous distributed computing environment - 12
1.3. security requirements - 15
1.4. problematic - 17
1.5. motivations and prospects - 17
1.6. approach and methodology - 18
1.7. organization of thesis - 18
chapter 2 threats analysis - 19
2.1. client-server architecture - 20
2.2. peer-to-peer (p2p) - 22
2.3. distributed applications - 24
2.4. mobility - 27
2.5. applications - 40
chapter 3 towards a comprehensive security services model - 44
3.1. fundamental concepts - 44
3.2. security objectives - 49
3.3. security functions - 50
3.4. contemporary issues - 51
3.5. security policy - 54
3.6. security models - 55
chapter 4 state-of-the-art security mechanisms in existing systems - 56
4.1. grid computing - 56
4.2. cluster computing - 65
4.3. peer-to-peer (p2p) computing - 69
4.4. pervasive/ubiquitous computing - 73
4.5. mobile computing - 77
4.6. security shortcomings in existing systems - 80
chapter 5 proposed architecture - 81
5.1. overview - 81
5.2. virtualization - 82
5.3. configurability - 88
5.4. security brokering - 91
5.5. other features - 93
5.6. trust management - 100
5.7. salient features of the proposed architecture - 101
chapter 6 assessment of security functionalities - 106
6.1. common criteria (cc) [104] - 106
6.2. case study: grid computing simulations - 108
6.3. quality of protection (qop) - 122
6.4. quality of security services (qoss) - 123
chapter 7 applications - 125
7.1. overview - 125
7.2. life sciences - 125
7.3. critical infrastructures - 127
7.4. environmental/meteorological systems - 129
7.5. collaborative distance learning - 133
chapter 8 conclusions - 134
8.1. recommendations for the future research - 134
8.2. final comments - 135
references - 136
glossary - 143
appendix - 145
selected publications - 145

Statistiques de consultation

Repository Staff Only: edit this item