This query concerns only resources held in libraries.
17 results
Sort by:
Add to the list:
    • Article
    Select

    Mediated definite delegation - certified grid jobs in alice and beyond

    Schreiner, Steffen, Grigoras, Costin, Litmaath, Maarten, Betev, Latchezar, Buchmann, Johannes
    Journal of Physics: Conference Series, 2012, Vol.396(3), p.032096 (12pp) [Peer Reviewed Journal]
    IOPscience (IOP Publishing)
    Available
    More…
    Title: Mediated definite delegation - certified grid jobs in alice and beyond
    Author: Schreiner, Steffen; Grigoras, Costin; Litmaath, Maarten; Betev, Latchezar; Buchmann, Johannes
    Subject: Security ; Mathematical Models ; Middleware ; Dynamical Systems ; Computer Information Security ; Computational Grids ; Accounting ; Dynamics ; Atomic and Molecular Physics (General) (So) ; Physics of Metals (MD) ; Physics (General) (Ah);
    Description: Grid computing infrastructures need to provide traceability and accounting of their users’ activity and protection against misuse and privilege escalation, where the delegation of privileges in the course of a job submission is a key concern. This work describes an improved handling of Multi-user Grid Jobs in the ALICE Grid Services. A security analysis of the ALICE Grid job model is presented with derived security objectives, followed by a discussion of existing approaches of unrestricted delegation based on X.509 proxy certificates and the Grid middleware gLExec. Unrestricted delegation has severe security consequences and limitations, most importantly allowing for identity theft and forgery of jobs and data. These limitations are discussed and formulated, both in general and with respect to an adoption in line with Multi-user Grid Jobs. A new general model of mediated definite delegation is developed, allowing a broker to dynamically process and assign Grid jobs to agents while providing strong accountability and long-term traceability. A prototype implementation allowing for fully certified Grid jobs is presented as well as a potential interaction with gLExec. The achieved improvements regarding system security, malicious job exploitation, identity protection, and accountability are emphasized, including a discussion of non-repudiation in the face of malicious Grid jobs.
    Is part of: Journal of Physics: Conference Series, 2012, Vol.396(3), p.032096 (12pp)
    Identifier: 1742-6588 (ISSN); 1742-6596 (E-ISSN); 10.1088/1742-6596/396/3/032096 (DOI)

    • Article
    Select

    The dynamics of network topology

    Voicu, Ramiro, Legrand, Iosif, Newman, Harvey, Barczyk, Artur, Grigoras, Costin, Dobre, Ciprian
    Journal of Physics: Conference Series, 2011, Vol.331(5), p.052033 (6pp) [Peer Reviewed Journal]
    IOPscience (IOP Publishing)
    Available
    More…
    Title: The dynamics of network topology
    Author: Voicu, Ramiro; Legrand, Iosif; Newman, Harvey; Barczyk, Artur; Grigoras, Costin; Dobre, Ciprian
    Subject: Physics;
    Description: Network monitoring is vital to ensure proper network operation over time, and is tightly integrated with all the data intensive processing tasks used by the LHC experiments. In order to build a coherent set of network management services it is very important to collect in near real-time information about the network topology, the main data flows, traffic volume and the quality of connectivity. A set of dedicated modules were developed in the MonALISA framework to periodically perform network measurements tests between all sites. We developed global services to present in near real-time the entire network topology used by a community. For any LHC experiment such a network topology includes several hundred of routers and tens of Autonomous Systems. Any changes in the global topology are recorded and this information is can be easily correlated with traffic patterns. The evolution in time of global network topology is shown a dedicated GUI. Changes in the global topology at this level occur quite frequently and even small modifications in the connectivity map may significantly affect the network performance. The global topology graphs are correlated with active end to end network performance measurements, done with the Fast Data Transfer application, between all sites. Access to both real-time and historical data, as provided by MonALISA, is also important for developing services able to predict the usage pattern, to aid in efficiently allocating resources globally.
    Is part of: Journal of Physics: Conference Series, 2011, Vol.331(5), p.052033 (6pp)
    Identifier: 1742-6588 (ISSN); 1742-6596 (E-ISSN); 10.1088/1742-6596/331/5/052033 (DOI)

    • Article
    Select

    A Mediated Definite Delegation Model allowing for Certified Grid Job Submission

    Schreiner, Steffen, Betev, Latchezar, Grigoras, Costin, Litmaath, Maarten
    Cornell University
    Available
    More…
    Title: A Mediated Definite Delegation Model allowing for Certified Grid Job Submission
    Author: Schreiner, Steffen; Betev, Latchezar; Grigoras, Costin; Litmaath, Maarten
    Subject: Computer Science - Distributed, Parallel, And Cluster Computing ; Computer Science - Cryptography And Security
    Description: Grid computing infrastructures need to provide traceability and accounting of their users" activity and protection against misuse and privilege escalation. A central aspect of multi-user Grid job environments is the necessary delegation of privileges in the course of a job submission. With respect to these generic requirements this document describes an improved handling of multi-user Grid jobs in the ALICE ("A Large Ion Collider Experiment") Grid Services. A security analysis of the ALICE Grid job model is presented with derived security objectives, followed by a discussion of existing approaches of unrestricted delegation based on X.509 proxy certificates and the Grid middleware gLExec. Unrestricted delegation has severe security consequences and limitations, most importantly allowing for identity theft and forgery of delegated assignments. These limitations are discussed and formulated, both in general and with respect to an adoption in line with multi-user Grid jobs. Based on the architecture of the ALICE Grid Services, a new general model of mediated definite delegation is developed and formulated, allowing a broker to assign context-sensitive user privileges to agents. The model provides strong accountability and long- term traceability. A prototype implementation allowing for certified Grid jobs is presented including a potential interaction with gLExec. The achieved improvements regarding system security, malicious job exploitation, identity protection, and accountability are emphasized, followed by a discussion of non- repudiation in the face of malicious Grid jobs.
    Identifier: 1112.2444 (ARXIV ID)

    • Article
    Select

    A Mediated Definite Delegation Model allowing for Certified Grid Job Submission

    Schreiner, Steffen, Betev, Latchezar, Grigoras, Costin, Litmaath, Maarten
    arXiv.org, Dec 12, 2011
    © ProQuest LLC All rights reserved, Engineering Database, Publicly Available Content Database, ProQuest Engineering Collection, ProQuest Technology Collection, ProQuest SciTech Collection, Materials Science & Engineering Database, ProQuest Central (new), ProQuest Central Korea, SciTech Premium Collection, Technology Collection, ProQuest Central Essentials, ProQuest One Academic, Engineering Collection (ProQuest)
    Available
    More…
    Title: A Mediated Definite Delegation Model allowing for Certified Grid Job Submission
    Author: Schreiner, Steffen; Betev, Latchezar; Grigoras, Costin; Litmaath, Maarten
    Contributor: Litmaath, Maarten (pacrepositoryorg)
    Subject: Accountability ; Middleware ; Computational Grids ; Theft ; Computer Security ; Distributed, Parallel, and Cluster Computing ; Cryptography and Security
    Description: Grid computing infrastructures need to provide traceability and accounting of their users" activity and protection against misuse and privilege escalation. A central aspect of multi-user Grid job environments is the necessary delegation of privileges in the course of a job submission. With respect to these generic requirements this document describes an improved handling of multi-user Grid jobs in the ALICE ("A Large Ion Collider Experiment") Grid Services. A security analysis of the ALICE Grid job model is presented with derived security objectives, followed by a discussion of existing approaches of unrestricted delegation based on X.509 proxy certificates and the Grid middleware gLExec. Unrestricted delegation has severe security consequences and limitations, most importantly allowing for identity theft and forgery of delegated assignments. These limitations are discussed and formulated, both in general and with respect to an adoption in line with multi-user Grid jobs. Based on the architecture...
    Is part of: arXiv.org, Dec 12, 2011
    Identifier: 2331-8422 (E-ISSN)

    • Article
    Select

    Securing the alien file catalogue - enforcing authorization with accountable file operations

    Schreiner, Steffen, Bagnasco, Stefano, Banerjee, Subho Sankar, Betev, Latchezar, Carminati, Federico, Datskova, Olga Vladimirovna, Furano, Fabrizio, Grigoras, Alina, Grigoras, Costin, Lorenzo, Patricia Mendez, Peters, Andreas Joachim, Saiz, Pablo, Zhu, Jianlin
    Journal of Physics: Conference Series, 2011, Vol.331(6), p.062044 (6pp) [Peer Reviewed Journal]
    IOPscience (IOP Publishing)
    Available
    More…
    Title: Securing the alien file catalogue - enforcing authorization with accountable file operations
    Author: Schreiner, Steffen; Bagnasco, Stefano; Banerjee, Subho Sankar; Betev, Latchezar; Carminati, Federico; Datskova, Olga Vladimirovna; Furano, Fabrizio; Grigoras, Alina; Grigoras, Costin; Lorenzo, Patricia Mendez; Peters, Andreas Joachim; Saiz, Pablo; Zhu, Jianlin
    Subject: Storage Systems ; Messages ; Design Engineering ; Fraud ; Catalogues ; Tables (Data) ; Simplification ; Tracking ; Atomic and Molecular Physics (General) (So) ; Physics of Metals (MD) ; Physics (General) (Ah);
    Description: The AliEn Grid Services, as operated by the ALICE Collaboration in its global physics analysis grid framework, is based on a central File Catalogue together with a distributed set of storage systems and the possibility to register links to external data resources. This paper describes several identified vulnerabilities in the AliEn File Catalogue access protocol regarding fraud and unauthorized file alteration and presents a more secure and revised design: a new mechanism, called LFN Booking Table, is introduced in order to keep track of access authorization in the transient state of files entering or leaving the File Catalogue. Due to a simplification of the original Access Envelope mechanism for xrootd-protocol-based storage systems, fundamental computational improvements of the mechanism were achieved as well as an up to 50% reduction of the credential's size. By extending the access protocol with signed status messages from the underlying storage system, the File Catalogue receives trusted information about a file's size and checksum and the protocol is no longer dependent on client trust. Altogether, the revised design complies with atomic and consistent transactions and allows for accountable, authentic, and traceable file operations. This paper describes these changes as part and beyond the development of AliEn version 2.19.
    Is part of: Journal of Physics: Conference Series, 2011, Vol.331(6), p.062044 (6pp)
    Identifier: 1742-6588 (ISSN); 1742-6596 (E-ISSN); 10.1088/1742-6596/331/6/062044 (DOI)

    • Article
    Select

    Enhancing the alien web service authentication

    Zhu, Jianlin, Saiz, Pablo, Carminati, Federico, Betev, Latchezar, Zhou, Daicui, Lorenzo, Patricia Mendez, Grigoras, Alina Gabriela, Grigoras, Costin, Furano, Fabrizio, Schreiner, Steffen, Datskova, Olga Vladimirovna, Banerjee, Subho Sankar, Zhang, Guoping
    Journal of Physics: Conference Series, 2011, Vol.331(6), p.062048 (6pp) [Peer Reviewed Journal]
    IOPscience (IOP Publishing)
    Available
    More…
    Title: Enhancing the alien web service authentication
    Author: Zhu, Jianlin; Saiz, Pablo; Carminati, Federico; Betev, Latchezar; Zhou, Daicui; Lorenzo, Patricia Mendez; Grigoras, Alina Gabriela; Grigoras, Costin; Furano, Fabrizio; Schreiner, Steffen; Datskova, Olga Vladimirovna; Banerjee, Subho Sankar; Zhang, Guoping
    Subject: Certificates ; Access Control ; Running ; Web Services ; Xml ; Servers (Computers) ; Authentication ; World Wide Web ; Atomic and Molecular Physics (General) (So) ; Physics of Metals (MD) ; Physics (General) (Ah);
    Description: Web Services are an XML based technology that allow applications to communicate with each other across disparate systems. Web Services are becoming the de facto standard that enable inter operability between heterogeneous processes and systems. AliEn2 is a grid environment based on web services. The AliEn2 services can be divided in three categories: Central services, deployed once per organization; Site services, deployed on each of the participating centers; Job Agents running on the worker nodes automatically. A security model to protect these services is essential for the whole system. Current implementations of web server, such as Apache, are not suitable to be used within the grid environment. Apache with the mod_ssl and OpenSSL only supports the X.509 certificates. But in the grid environment, the common credential is the proxy certificate for the purpose of providing restricted proxy and delegation. An Authentication framework was taken for AliEn2 web services to add the ability to accept X.509 certificates and proxy certificates from client-side to Apache Web Server. The authentication framework could also allow the generation of access control policies to limit access to the AliEn2 web services.
    Is part of: Journal of Physics: Conference Series, 2011, Vol.331(6), p.062048 (6pp)
    Identifier: 1742-6588 (ISSN); 1742-6596 (E-ISSN); 10.1088/1742-6596/331/6/062048 (DOI)

    • Several versions

    The Security model of the ALICE next generation Grid framework

    Martinez Pedreira Miguel, Grigoras Costin, Yurchenko Volodymyr, Melnik Storetvedt Maksim
    EPJ Web of conferences, 01 January 2019, Vol.214, p.03042 [Peer Reviewed Journal]

    • Article
    Select

    Atool for optimization of the production and user analysis on the grid, c. grigoras for the alice collaboration

    Grigoras, Costin, Carminati, Federico, Datskova, Olga Vladimirovna, Schreiner, Steffen, Lee, Sehoon, Zhu, Jianlin, Gheata, Mihaela, Gheata, Andrei, Saiz, Pablo, Betev, Latchezar, Furano, Fabrizio, Lorenzo, Patricia Mendez, Grigoras, Alina Gabriela, Bagnasco, Stefano, Peters, Andreas Joachim, Santos, Maria Dolores Saiz
    Journal of Physics: Conference Series, 2011, Vol.331(7), p.072018 (5pp) [Peer Reviewed Journal]
    IOPscience (IOP Publishing)
    Available
    More…
    Title: Atool for optimization of the production and user analysis on the grid, c. grigoras for the alice collaboration
    Author: Grigoras, Costin; Carminati, Federico; Datskova, Olga Vladimirovna; Schreiner, Steffen; Lee, Sehoon; Zhu, Jianlin; Gheata, Mihaela; Gheata, Andrei; Saiz, Pablo; Betev, Latchezar; Furano, Fabrizio; Lorenzo, Patricia Mendez; Grigoras, Alina Gabriela; Bagnasco, Stefano; Peters, Andreas Joachim; Santos, Maria Dolores Saiz
    Subject: Management ; Data Processing ; Computer Simulation ; Reconstruction ; End Users ; Tasks ; Weight Reduction ; Raw ; Atomic and Molecular Physics (General) (So) ; Physics of Metals (MD) ; Physics (General) (Ah);
    Description: With the LHC and ALICE entering a full operation and production modes, the amount of Simulation and RAW data processing and end user analysis computational tasks are increasing. The efficient management of all these tasks, all of which have large differences in lifecycle, amounts of processed data and methods to analyze the end result, required the development and deployment of new tools in addition to the already existing Grid infrastructure. To facilitate the management of the large scale simulation and raw data reconstruction tasks, ALICE has developed a production framework called a Lightweight Production Manager (LPM). The LPM is automatically submitting jobs to the Grid based on triggers and conditions, for example after a physics run completion. It follows the evolution of the job and publishes the results on the web for worldwide access by the ALICE physicists. This framework is tightly integrated with the ALICE Grid framework AliEn. In addition to the publication of the job status, LPM is also allowing a fully authenticated interface to the AliEn Grid catalogue, to browse and download files, and in the near future will provide simple types of data analysis through ROOT plugins. The framework is also being extended to allow management of end user jobs.
    Is part of: Journal of Physics: Conference Series, 2011, Vol.331(7), p.072018 (5pp)
    Identifier: 1742-6588 (ISSN); 1742-6596 (E-ISSN); 10.1088/1742-6596/331/7/072018 (DOI)

    • Several versions

    Towards the integrated ALICE Online-Offline (O2) monitoring subsystem

    Barroso, Vasco, Elia, Domenico, Grigoras, Costin, Vino, Gioacchino, Wegrzynek, Adam
    EPJ Web of Conferences, Vol.214 [Peer Reviewed Journal]

    • Several versions

    The ALICE Analysis Framework for LHC Run 3

    Berzano Dario, Deckers Roel, Grigoras¸ Costin, Floris Michele, Hristov Peter, Krzewicki Mikolaj, Zimmermann Markus
    EPJ Web of conferences, 01 January 2019, Vol.214, p.05045 [Peer Reviewed Journal]