FLEXIBLE AND SECURE ACCESS TO COMPUTING CLUSTERS

Jan Meizner; Maciej Malawski; Marian Bubak

doi:10.7494/csci.2010.11.0.21

Authors

Jan Meizner ACC CYFRONET AGH,
Maciej Malawski AGH University of Science and Technology
Marian Bubak AGH University of Science and Technology, Universiteit van Amsterdam

DOI:

https://doi.org/10.7494/csci.2010.11.0.21

Keywords:

clusters, security, single sign-on, federations, PAM modules, SSH, Shibboleth, SAML

Abstract

The investigation presented in this paper was prompted by the need to provide a manageablesolution for secure access to computing clusters with a federated authentication framework.This requirement is especially important for scientists who need direct access to computingnodes in order to run their applications (e.g. chemical or medical simulations) with proprietary,open-source or custom-developed software packages. Our existing software, whichenables non-Web clients to use Shibboleth-secured services, has been extended to providedirect SSH access to cluster nodes using the Linux Pluggable Authentication Modules mechanism.This allows Shibboleth users to run the required software on clusters. Validationand performance comparison with existing SSH authentication mechanisms confirm that thepresented tools satisfy the stated requirements.

Downloads

Download data is not yet available.

Author Biographies

Maciej Malawski, AGH University of Science and Technology

Department of Computer Science, ACC CYFRONET AGH

Marian Bubak, AGH University of Science and Technology, Universiteit van Amsterdam

Department of Computer Science AGH, Informatics Institute

References

Morgan A.G.: Linux-PAM. http://www.kernel.org/pub/linux/libs/pam/, 2010.

Apache Software Foundation.: Xerces-C++. http://xerces.apache.org/xerces-c/, 2010.

Bonnefoi P., Sauveron D., Park J.H.: MANETs: An exclusive choice between use and security? Computing and Informatics, vol. 27, 2008, pp. 799–821.

Bubak M., Malawski M., Gubala T., Kasztelnik M., Nowakowski P., Harezlak D., Bartynski T., Kocot J., Ciepiela E., Funika W., Krol D., Balis B., Assel M., Ramos A.: Virtual laboratory for collaborative applications. [in:] Handbook of Research on Computational GridTechnologies for Life Sciences, Biomedicine and Healthcare, IGI Global, 2009, pp. 531–551.

Coppola M., Jegou Y., Matthews B., Morin C., Prieto L.P., Sanchez O.D., Yang E., Yu H.: Virtual organization support within a grid-wide operating system. IEEE Internet Computing, vol. 12, 2008, pp. 20–28.

Stenberg D. et al.: cURL. http://curl.haxx.se/, 2010.

Dyrda M., Malawski M., Bubak M., Naqvi S.: Providing security for MOCCA component environment. Proc. of 23rd IEEE International Symposium on Parallel and Distributed Processing, Rome, Italy, 2009, pp. 1–7.

Foster I. T., Kesselman C., Tsudik G., Tuecke S.: A Security Architecture for Computational Grids. ACM Conference on Computer and Communications Security, 1998, pp. 83–92.

GridSpace2 Platform. https://gs2.cyfronet.pl/, 2010.

Internet 2 Project OpenSAML. https://spaces.internet2.edu/display/OpenSAML/Home/, 2010.

Internet 2 Project Shibboleth. http://shibboleth.internet2.edu/, 2010.

Keahey K., Tsugawa M., Matsunaga A., Fortes J.: Sky computing. Internet Computing, IEEE, vol. 13, 2009, pp. 43–51.

Malawski M., Bartynski T., Bubak M.: Invocation of operations from script-based grid applications. Future Generation Computer Systems, vol. 26, 2010, pp. 138–146.

Meizner J., Malawski M., Ciepiela E., Kasztelnik M., Harezlak D., Nowakowski P., Król D., Gubała T., Funika W., Bubak M., Mikołajczyk T., Płaszczak P., Wilk K., Assel M.: ViroLab Security and Virtual Organization Infrastructure. Proc. of Advanced Parallel Processing Technologies 8th International Symposium, APPT 2009, Rapperswil, Switzerland, 2009.

OASIS Security Assertion Markup Language. http://saml.xml.org/ saml-specifications, 2010.

OpenBSD Project OpenSSH. http://www.openssh.com/, 2010.

OpenID Foundation, OpenID Specifications. http://openid.net/specs/, 2010.

PADL Software Pty Ltd. pam ldap module. http://www.padl.com/OSS/pam_ldap.html, 2010.

Mar´ın P´erez J.M., Bernal Bernab´e J., Alcaraz Calero J.M., Garcia Clemente F.J.,Mart´ınez P´erez G., Gómez Skarmeta A.F.: Semantic-based authorization architecture for grid. Future Generation Computer Systems, in press, Accepted

Manuscript, 2010.

PL-Grid project. PL-Grid web site. http://www.plgrid.pl/en, 2010.

Perez M., Xiao B.: Special section: Security on grids and distributed systems. Future Generation Computer Systems, vol. 23, 2007, pp. 774–775.

RSA Security. SecurID. http://www.rsa.com/node.aspx?id=1156, 2010.

Scavo T., Welch V.: A Grid Authorization Model for Science Gateways., Proc. of International Workshop on Grid Computing Environments, 2007.

Schwiegelshohn U., Badia R.M., Bubak M., Danelutto M., Dustdar S., Gagliardi F., Geiger A., Hluchy L., Kranzlmuller D., Laure E., Priol T., Reinefeld A., Resch M., Reuter A., Rienhoff O., Ruter T., Sloot P., Talia D., Ullmann K., Yahyapour R., von Voigt G.: Perspectives on grid computing. Future Generation Computer Systems, vol. 26, 2010, pp. 1104–1115.

Spence D. et al. ShibGrid: Shibboleth Access for the UK National Grid Service. Proc. of the Second IEEE International Conference on e-Science and Grid Computing, Washington, DC, USA, 2006.

University of Illinois. GSI-Enabled OpenSSH. http://grid.ncsa.illinois.edu/ssh/, 2010.

University of Illinois. MyProxy, http://grid.ncsa.illinois.edu/myproxy/, 2010.

Varrette1 S., Georget S., Montagnat J., Roch J.-L., Leprevost F.: Distributed Authentication in GRID5000. Proc. of OTM Confederated Internationl Workshops and Posters, AWeSOMe, CAMS, GADA, MIOS+INTEROP, ORM, PhDS, SeBGIS, SWWS, and WOSE, Agia Napa, Cyprus, 2005.

ViroLab Project Consortium. ViroLab http://virolab.org, 2010.