Intrinsic security in SORCER (Service Oriented) grid

A grid is a vast repository of virtual services. SORCER is a computational grid environment based on the Service Oriented Paradigm. Security and trust, in SORCER, are of utmost importance since the grid resources and the requestors connecting to faceless service providers are at high risk. For example, if a virus code is sent for computation, the grid resources are at high risk. Similarly, if rogue services are present on the network, requestor’s privacy and security are at risk. A security framework for a grid shall ensure access control to the federated services by authenticated and authorized users so that the requestors and services are able to work with mutual–trust.

Today, grids are being used to build the systems which build up, rather than replace, legacy components. This makes securing virtual services even more difficult.

The task of securing the SORCER grid can be accomplished by incorporating the following security practices into the SORCER environment: -Requestor (Client/Service) Identification and Authentication -Proxy Verification (building trust) -Authorization -Resource Control and Containment -Privacy and Integrity -Non-Repudiation -Accountability (Auditing)

The security mechanism needs to be intrinsic to the grid, so that secure services can be built without being concerned with security on a per service basis. This will greatly reduce the effort required in patching security of individual services.

Our goal is to achieve Intrinsic Security by developing robust, scaleable, and multi-layered security solutions for federated services.