Proposed platform for improving grid security by trust management system

Transcription

1 (IJCSIS) Iteratoal Joural of Computer Scece ad Iformato Securty, Vol. 6, No., 009 Proposed platform for mprovg grd securty by trust maagemet system feh dat Islamc Azad Uversty, Scece ad Research Brach, Tehra, Ira Amr Masoud Rahma Islamc Azad Uversty, Scece ad Research Brach, Tehra, Ira Mehra Mohsezadeh Islamc Azad Uversty, Scece ad Research Brach, Tehra, Ira Abstract Wth creasg the applcatos of grd system, the rsk securty feld s ehacg too. Recetly Trust maagemet system has bee recogzed as a otceable approach ehacg of securty grd systems. I ths artcle due to mprove the grd securty a ew trust maagemet system wth two levels s proposed. The beefts of ths platform are addg ew doma grd system, selectg oe servce provder whch has closest adapto wth user requests ad usg from domas securty attrbute as a mportat factor computg the trust value. Keywords- trust, grd, platform, securty,compoet. I. INTRODUCTION Grd computg s a ewly developed techology for complex systems wth large-scale resource sharg, wdearea commucato, ad mult-sttutoal collaborato []. Due to the complexty of grd computg, the tradtoal etwork securty practces caot meet the securty requremet of grd. As a result, trust maagemet s crucal to securty ad trustworthess grds. Securty ad trust are two dstct cocepts. I lterature trust has bee sometmes termed as soft securty ad ca mplemet sophstcated securty decsos. So the TMS wll ot replace GSI, t oly assst t to provde more refed ad ratoal choces for Grd securty []. I ths paper a ovel TMS wth tow levels s proposed. The goal of ths platform s optmzg avalable TMS the grd systems. Our TMS s a comprehesve platform grd evromet ad try to remove the weakess of the old platform. I ew platform there are compoets such as securty maagemet ad demad trust evaluato that old trust maagemet system grd evromet had ot pad atteto yet. The presece of these compoets s crucal makg true decso. Securty maagemet compoet has used for measurg of dfferet doma securty level grd systems. Demad trust evaluato compoet select oe servce provder whch has closest adapto wth user requests. Other compoet used ths platform are trust egotato, regstrato, propagato, feedback evaluato, trust evaluato, access cotrol ad motorg whch they have specfed task. Trust egotato task s to add of ew doma grd systems. The actvty of regstrato compoet s to regster ew doma propertes grd systems. Propagato compoet task s to broadcast of ew doma propertes for all domas grd systems. Feedback evaluato compoet duty s evaluate ad update receved feedback from servce requester. Trust evaluato compoet task s to compute servers trust value based o receved feedback, user satsfacto value ad self defese capablty each doma. The task of accesses cotrol compoet s accessg cotrol o avalable ad the duty of motorg compoet s trust re-evaluato ad addg ew formato TMS. Outle of the paper: I Secto, related work s preseted. Secto 3 propose ewly developed platform. At last a cocluso ad future work s gve Secto 4. II. RELATED WORK Trust maagemet was frst troduced by Blaze, et al. 996 [3], ad may trust maagemet models were proposed, for stace, PolcyMaker [3], KeyNote [4], REFEREE [5], SPKI/SDSI [6]. Recetly trust maagemet s kow as a ew method to make secure grd systems ad some researches s doe usg TMS grd systems. A umber of researches are metoed below. The problems of maagg trust Grd evromets are dscussed by Azzed ad Maheswara [7]-[9]. They defe the oto of trust as cosstg of detty trust ad behavor trust. They separate the Grd doma to a Clet doma ad a resource doma, ad the way they calculate trust s lmted terms of computatoal scalablty, because they try to cosder all domas the etwork; as the umber of domas grows, the computatoal overhead grows as well. Hwag et al. [0] ad Sobolewsk [] try to buld trust ad securty models for Grd evromets, usg trust metrcs based o e-busess crtera. Alukal et al. [] propose to buld a frastructure called Grd Egetrust usg a herarchcal model whch ettes are coected to sttutos whch the form a VO. They coclude wth the realzato of a Reputato Servce, however, wthout provdg mechasms that automatcally ca update trust values. Papallo ad 43 ISSN

2 (IJCSIS) Iteratoal Joural of Computer Scece ad Iformato Securty, Vol. 6, No., 009 Freslebe [3] has proposed a Bayesa based Trust model for Grd but the suggested metrcs cover oly lmted trust aspects practcal Grd. TeYa et al. [4] cosder trust oly to mprove the Grd Securty Ifrastructure (GSI) to acheve addtoal authetcato meas betwee Grd users ad Grd servces. Chg et al. [6] use the cocepts of the subjectve logc the cotext of Grd computg usg trust relatoshps to ehace the grd securty. M.H. Durad, Y. Cao proposed grd trust maagemet system. I ther research oly the platform was descrbed, whle there was ot the comprehesve descrpto of compoets mathematcally []. I ths artcle to coquer above problem a complete platform cludg mathematc formulato s proposed. III. PROPOSED PLATFORM As show Fg. the proposed platform has two levels that ext secto wll be explaed. I ewly developed platform there s oe DTM each doma of grd system that ts task s maagg the avalable resource odes that doma. DTM s oe of resource odes every domas selected by usg Rg algorthm. Also there s oe GRM that ts task s maagg DTMs. GRM s oe of DTMs selected by Rg algorthm ad located upper level of platform. I order to creasg fault tolerace, there are back up of DTM ad GRM. A. Upper level of platform There s GRM upper level whch ts task s maagemet of DTM. I ths level there s vrtual mappg of DTM from dfferet domas. By ths way the eghborhood of domas wll be saved grd systems. Upper level cludes 3 compoets: -Trust egotato compoet - Regstrato ad talzato compoet 3- Propagato compoet. ) Trust egotato compoet The task of ths compoet s addg ew doma grd systems. The trust egotato compoet has two levels: a) Authetcato level. b) Polcy mappg level. Ths compoet s llustrated Fg.. a) Authetcato level Ths level accomplshes the authetcato of ew doma that wats to be added grd systems. b) Polcy mappg level The task of ths level s to adapt the polcy of grd domas wth the ew doma polcy. After adapto process f there s mmum satsfacto betwee ew doma ad grd domas, ew domas wll be authorzed for addg grd systems. DEFINITION. MINIMUM SATISFACTION As show relato () ad (), If c, c, c 3,. c k are defed ad agreed polcy grd system, the doma has Doma Trust maager (DTM) Global Resource maager (GRM) authorzed to be added to grd system whch ca satsfy half of c, c,c 3, c k at least. c, c, c,..., c C. () 3 c, c, c 3,... cl C, l k. () Fg.3 llustrates algorthm of addg ew doma grd systems. Upper level Lower level GRM DTM Securty maagemet compoet Trust evaluato compoet DTM Trust Back up of GRM Demad trust evaluato compoet Fgure. Proposed platform Fgure. Trust egotato compoet ) Regstrato ad talzato compoet The actvty of ths compoet s to regster ew doma property whch s authorzed by trust egotato compoet doma property. The other task of regstrato ad talzato compoet s talzg trust value of ew doma resource ode by 0.5 because ths platform has bee assumed that to every resource odes added to grd system, the allocated trust value s mddle. k Regstrato ad talzato compoet Trust egotato compoet Propagato compoet Back up of DTM Access cotrol compoet Trust egotato compoet Authetcato level Polcy mappg level Domas property Motorg compoet Feedback evaluato compoet Polcy 44 ISSN

3 (IJCSIS) Iteratoal Joural of Computer Scece ad Iformato Securty, Vol. 6, No., 009 Beg ew domas sed to GRM addg request to grd system; 3 GRM call trust egotato compoet ( ); 4 f (trust egotato compoet authorze ew doma) the 5 Goto 8; 6 Else 7 Goto ; 8 New Doma sed to GRM ew doma propertes; 9 GRM call regstrato ad talzato compoet ( ); 0 regstrato ad talzato compoet call Fgure 3. addg ew doma grd systems 3) Propagato compoet The task of propagato compoet s broadcastg ew doma propertes for all domas grd systems. B. Lower level of platform Ths level cludes domas grd system. There s oe DTM each doma that ts task s maagemet of resource odes. Lower level cludes 6 compoets: - Securty maagemet compoet - Feedback evaluato compoet 3- Demad trust evaluato compoet 4- Trust evaluato compoet 5- Accesses cotrol compoet 6- Motorg compoet. Fg. 4 shows lower level of platform algorthm. Beg DTM receves request (C, D, PL, Q, T) // C (servce-request, feedback, securty) // D (ter-doma, tra-doma) //PL (parameter-lst) // Q = DTM-umber or resource-ode umber // T= type of servce 3 DTM seds request for securty maagemet compoet () 4 f (securty maagemet compoet() authorzed request) the 5 goto 8 6 else 7 goto 8 8 securty maagemet compoet seds request to DTM 9 DTM checks C request 0 f (C = servce request) the DTM calls demad trust evaluato (PL, Q) else f (C=feedback) the 3 DTM calls feedback evaluato compoet (PL) 4 else f (C = securty ad D = tra-doma) 5 DTM calls securty maagemet compoet () 6 else 7 goto 8 8 trust evaluato compoet ( ) 8 Ed. Fgure 4. Lower level of platforme algorthm ) Securty maagemet compoet Ths compoet has bee used for measurg dfferet doma securty level grd systems. I ths platform the doma securty level has bee appled as mportat factor for measurg resource ode trust value each doma. As show Fg.5 ths compoet has two levels: a) Authetcato level b) Self defese capablty level a) Authetcato level The receved request to each doma wll be authetcated by accessg the certfcate ths level also regsterg DTM certfcate property of each doma ts certfcate s the task of ths level. Two metoed jobs wll be doe by authorzato ad DTM regstry maagemet. a) Self defese capablty Ths level task s to evaluate the self defese capablty of dfferet domas grd system. The self defese ablty of dfferet grd domas wll be calculated by usg of securty attrbute. Securty attrbutes ad evaluato crtera of thers are show table. Relato (3) calculate self defese capablty dfferet doma grd systems where as s securty attrbute ad w s weght of each securty attrbute. m DF( ew) = w. (3) = ) Feedback evaluato compoet Ths compoet duty s evaluate ad update receved feedback from servce requester after recevg servce. Feedback s a statemet ssued by a clet about the qualty of a servce or product provded by the servce provder after trasacto. As show Fg.6 Feedback evaluato compoet has 3 levels: a) Feedback collecto level b) Feedback verfcato level c) Feedback updatg level a) Feedback collecto level Ths level has bee used for collectg receved feedback ad sedg them to feedback verfcato level. b) Feedback verfcato level The task of ths level s vestgatg the receved feedback by below sub process: - detfcato - legtmacy 3- Reasoablty 4- Tme 5- Rectfcato Above sub processes are descrbed [5]. The oly chage s o reasoablty sub processes. The modfcato reasoablty sub process s show Fg.7 that f p (ew) represet receved feedback of th parameter ad a s average of the ed l feedbacks. a) Feedback updatg level 45 ISSN

4 (IJCSIS) Iteratoal Joural of Computer Scece ad Iformato Securty, Vol. 6, No., 009 The duty of ths level s updatg receved feedback from feedback verfcato level feedback. 3) Demad trust evaluato compoet Ths compoet receves the user requests accordg to gettg a servce. Based o user request the best server wll be selected for provdg the servce. To acheve ths am users talze servce qualty parameters determed the platform. It should be otced that user eters the servce qualty parameters based o percetage. Ths compoet selects the server whch has earest adapto wth the request of user. Demad trust evaluato compoet respod to the user request batch maer. Ths compoet cludes two levels: a) Trust evaluato wth demad parameter level b) Server selecto ad request allocato. Ths compoet s llustrated Fg.8. a) Trust evaluato wth demad parameter level Ths level task s to compute the demad trust values ad to select multple servers as caddate of servce provder. The parameters whch are effectve servce qualty ths platform are: - delay - respose tme 3- accuracy 4- cost 5- avalablty 6- jtter. The user talze metoed parameters accordg to ther mportace provdg users request. Demad trust value wll be calculated based o above parameters wth accessg trust by weghts mddle method. I each computato p servers that have maxmum demad trust value wll be selected as caddate of servce provder. They wll be trasmtted to server selecto ad request allocato level. All of above processes are smulated by relato (4) utl (8). DP dp dp m = (... ). (4) Securty truso detecto capablty TABLE I. Atvrus capablty Frewall capablty Usage of secure etwork capablty Provso of executo sadbox Key maagemet capablty Idetfcato SECURITY ATTRIBUTE Evaluato crtera Traffc audt data-sze Sgature fle sze Sgature update frequecy Memory sca frequecy Number of frewall rule TLS ad/or IPsec Isolated JVM Securty attrbute Iclude Cryptographc fucto 6 Feedback evaluato compoet Feedback collecto level Feedback verfcato level Legtmacy Feedback updatg level Rectfcato Reasoablty Tme Feedback dp w =, w. m = dp = m j j, = j= (5) dtv = w, p. (6) Securty maagemet compoet Authetcato level DTM regstry maagemet Authorzato Self defese capablty level Itruso detecto capablty Usage of secure etwork capablty Provso of executo sadbox Certfcate Atvrus capablty Frewall capablty Key maagemet capablty Fgure 5. Securty maagemet compoet Securty attrbute Fgure 6. Feedback evaluato compoet DTV dtv dtv dtv dtv j = (,, 3,... ). (7) DTV DTV (8) DTV =... DTV k I relato (4) DP s lst of parameters talzed by user. I relato (5) w represet weght of each parameter. I relato (6) dtv stad for demad trust value of every servce provder ad m s the umber of parameter. I relato (7) dtv wll be stored DTV j for each request ad s the umber of resource ode. I relato (8) DTV represet a array of DTV j where as k s batch sze. a) Server selecto ad request allocato level Ths level based o DTV j determed by relato (8) wll select the approprate servce provder ad wll allocate the user request to selected servce provder. Ths level has two sectos. - Server selecto based o roulette wheel mechasm - user request allocato ISSN

5 (IJCSIS) Iteratoal Joural of Computer Scece ad Iformato Securty, Vol. 6, No., 009 feedback verfcato level (receve feedbacks from feedback collecto level) Beg 3 for = to m do // m s the umber of parameter l 4 a = f p l = 5 If ( f ( ew) a > δ ) the p 6 rectfy ( ) 7 feedback updatg level ( ) 8 Ed Fgure 7. Feedback verfcato level SERVER SELECTION BASED ON ROULETTE WHEEL MECHANISM Ths secto uses roulette wheel mechasm to select approprate servce provder. The ma reaso of usg ths method s preservg load balace o all of servce provder a good maer. Relatos (9) to (3) compute the percetage of user requests trasmsso to each servce provder. I relato (9) m stad for the umber of parameter ad w s weght of each parameter. P s the value of every parameter that has bee stored trust. I relato (0) w s receved from relato (9). I relato () dtv wll be stored T.V array. sp represet the percetage of user sedg request to th servce provder relato (). Fally relato (3) sp wll be stored SP array. w= / m. (9) m j, (0) = j= tv. = w p T V tv tv tv. = (,,... ). () sp = tv. tv = = () SP = ( sp, sp,... sp), sp =. (3) USER REQUEST ALLOCATION Ths secto allocates approprate servce provder betwee servce provder caddates ad approprate servce provders to user request by use of SP ad roulette wheel mechasm. 4) Trust evaluato compoet Trust evaluato compoet task s computg the servers trust values based o receved feedback, users satsfacto value, doma self defese capablty. Fally ths compoet updates servce provder trust value saved trust. As show Fg.9 ths compoet has two levels: a) Trust value computg level b) Trust value updatg level. a) Trust value computg level The task of ths level s to calculate the user satsfacto value whch t wll be obtaed from relato (4), whereas P dm ad w have bee receved from demad trust evaluato compoet. F s obtaed from feedback evaluato p compoet ad m s the umber of parameters descrbed demad trust evaluato compoet. Relato (5) computes the recommedato that C s s a umber of successful recommedatos ad C f s a umber of faled recommedatos. I relato (6) DF(ew) represet self defese capablty whch has bee trasmtted from securty maagemet compoet to trust evaluato compoet. Relato (7) wll calculate trust value wth usg user satsfacto value, recommedato ad self defese capablty whereas α, β ad δ are the weght of thers. m pdm F p S = w. (4) p = c dm RE s = c c s + f. (5) SD = DF(ew). (6) TV. = α. S+ β.re + δ. SD, α + β + δ =. (7) a) Trust value updatg level The duty of Trust value updatg level s updatg trust wth usg below relato: β. Δt β. Δt Tew = e Told + ( e ) T. V. + + (8) Whereas T ew represet ew trust value, T old s old trust value, N stad for the curret umber of trasacto, T.V s computed by relato (7) ad t s the tme dfferece betwee T.V ad T old. e β. Δt represet a dscout factor of T old. Relato (8) s a reformed equato whch earler was used [6] to calculate trust value. I last relato T.V has bee computed from relato (7) whereas [6] r was a trader s feedback. 5) Accesses cotrol compoet Ths compoet has the task of accesses cotrol o avalable lowest level of proposed platform. 6) motorg compoet Trust motorg ad trust re-evaluato s very mportat for mplemetato of TMS. Most of trust maagemet solutos assume that trust s a statc cocept ad therefore does ot requre motorg or (perodc) re-evaluato. It volves updatg or addg ew formato. as stated 47 ISSN

6 (IJCSIS) Iteratoal Joural of Computer Scece ad Iformato Securty, Vol. 6, No., 009 earler the trust s dyamc the real world as t chages wth tme. Trust motorg esures to reduce the rsks volved []. Demad trust evaluato compoet Trust evaluato wth demad parameter level Server selecto ad user request allocato Server selecto Based o Roulette Wheel selecto User request allocato Fgure 8. Demad trust evaluato compoet Trust evaluato compoet Trust value computg level Trust value updatg level Fgure 9. Trust evaluato compoet IV. CONCLUSION AND FEATURE WORK I ths artcle the trust maagemet systems wth two levels order to mprovg the securty grd systems has bee proposed. I upper level there are trust egotato, regstrato ad talzato ad propagato compoets whch ther tasks are addg ew doma, regsterg ad propagatg ew doma propertes grd systems. Also the lower level cludes securty maagemet, feedback evaluato, demad trust evaluato, trust evaluato, access cotrol ad motorg compoets. Ther mssos have bee descrbed lower level secto. The beefts of ths platform are addg ew doma grd system, selectg oe servce provder whch has closest adapto wth user requests ad usg from domas securty attrbute as a mportat factor computg the trust value. For future work we propose usg of fuzzy method for computg trust value trust evaluato compoet. V. ACKNOWLEDGEMENT Ths work was supported by Ira Telecommucato Research Ceter (ITRC). REFERENCES [] Y.S. Da, M. Xe ad K.L. Poh, Avalablty Modelg ad Cost Optmzato for the Grd Resource Maagemet System, IEEE Trasactos o Systems, ad Cyberetcs Part A: Systems ad Humas, Vol. 38, No., pp [] M.H.DURAD, Y.CAO, A Vso for the Trust Maaged Grd, Proceedgs of the Sxth IEEE Iteratoal Symposum o Cluster Computg ad the Grd Workshops, 006,vol., pp.34. [3] M. Blaze ad J. Fegebaum, J. Lacy, Decetralzed Trust Maagemet, IEEE Symposum o Securty ad Prvacy, Oaklad, CA, USA, 996, pp [4] M. Blaze, J. Ioads ad A.D. Keromyts, Experece wth the KeyNote Trust Maagemet System: Applcatos ad Future Drectos, Trust 003,Heraklo, Crete, Greece, May 003, LNCS 69. [5] M. Strauss, REFEREE: Trust Maage-met for Web Applcatos, World Wde Web Joural, 997, (3), [6] D. Clarke, J.E. Ele, C. Ellso, M. Fredette, A. Morcos ad R.L. Rvest, Certfcate Cha Dscovery SPKI/SDSI, Joural of Computer Securty, 00, 9(4), [7] Azzed, F., Maheswara, M., Evolvg ad Maagg Trust Grd Computg Systems, Coferece o Electrcal ad Computer Egeerg,Caada. IEEE Computer Socety Press 00, pp [8] Azzed, F., Maheswara, M., Towards Trust-Aware Resource Maagemet Grd Computg Systems, Secod IEEE/ACM Iteratoal Symposum o Cluster Computg ad the Grd (CCGRID), Berl, Germay. IEEE Computer Socety 00, pp [9] Azzed, F., Maheswara, M., Itegratg Trust to Grd Resource Maagemet Systems, Iteratoal Coferece o Parallel Processg, Vacouver, B.C., Caada. The Iteratoal Assocato for Computers ad Commucatos. IEEE Computer Socety Press 00, pp [0] Hwag, K., Taachawwat, S., Trust Models ad NetSheld Archtecture for Securg Grd Computg Joural of Grd Computg 003. [] Goel, S., Sobolewsk, M., Trust ad Securty Eterprse Grd Computg Evromet Proceedgs of the IASTED Iteratoal Coferece o Commucato, Network ad Iformato Securty, New York, USA 003. [] Alukal, B., Veljkovc, I., vo Laszewsk, G., Reputato-Based Grd Resource Selecto, Workshop o Adaptve Grd Mddleware (AgrdM), New Orleas, Lousaa, USA 003. [3] Papallo E. ad Freslebe B., Towards a Flexble Trust Model for Grd Evromets GSEM 004, LNCS 370 Sprger-Verlag Berl Hedelberg 004, pp [4] Te-Ya L., HuaFe Z., ad Kwok-Ya L., A Novel Two-Level Trust Model for Grd, ICICS 003, LNCS 836 Sprger-Verlag Berl Hedelberg 003, pp [5] M. Qu, L.He, J.Xue, A Model for Feedback Credblty of Trust Maagemet Web Servces, Iteratoal Semar o Future Iformato Techology ad Maagemet Egeerg, 008. [6] H.L ad M.Sghal Trust Maagemet Dstrbuted Systems, Computer, vol. 40, o., pp , Feb [7] Fjeffkek [8] Fdjdkjvejv [9] Fd;fdfcvfde [0] Fdlerl,refrgr [] Efrgtgtr,gt;g, [] Freggtrgtr [3] Gfergtrg [4] Frfrgrtg [5] Efrerfg [6] Erfrefre [7] Refrefreferfree [8] Rerer [9] Reerejfj [30] Jferfjrej [3] Krffrkl Kmlml;;k; 48 ISSN