Скачать презентацию Security Requirements for China Grid Applications — What Скачать презентацию Security Requirements for China Grid Applications — What

81e70ed1b45da18e5980b38f99a576a9.ppt

  • Количество слайдов: 20

Security Requirements for China. Grid Applications - What the current grid security solutions cannot Security Requirements for China. Grid Applications - What the current grid security solutions cannot do Hai Jin Huazhong University of Science and Technology Wuhan, China hjin@hust. edu. cn

Outline • Introduction about China. Grid • Typical China. Grid applications • China. Grid Outline • Introduction about China. Grid • Typical China. Grid applications • China. Grid security requirements • Open Issues of China. Grid Security 2

China. Grid in a Nutshell • China Education and Research Grid • Funded by China. Grid in a Nutshell • China Education and Research Grid • Funded by Ministry of Education • As the pilot grid application supported by National 863 Hi-Tech R&D program • Based on CERNET (China Education and Research Network) • First Phase v From 2003 -2005 v 12 key universities as initiative v More than 6 Tflops w/60 TB v 20 key universities now 3

China. Grid (The First Phase) 4 China. Grid (The First Phase) 4

Main Research Tasks • Campus grid platform • Common platform for China. Grid • Main Research Tasks • Campus grid platform • Common platform for China. Grid • Grid application platform and representative grid applications v. Image processing grid v. Bioinformatics grid v. Course on-line grid v. Computational fluid dynamic grid v. Large scale information processing grid 5

Campus Grids and their Computing Power and Storage Capacity • HUST: 0. 8 Tflops, Campus Grids and their Computing Power and Storage Capacity • HUST: 0. 8 Tflops, 5 TB • THU: 1. 3 Tflops, 20 TB • PKU: 0. 5 Tflops, 10 TB • BUAA: 0. 5 Tflops, 5 TB • SCUT: 0. 9 Tflops, 20 TB • SJTU: 0. 3 Tflops, 9 TB • SEU: 0. 5 Tflops, 5 TB • XJTU: 0. 1 Tflops, 2. 5 TB • NUDT: 0. 2 Tflops, 5 TB • NEU: 0. 8 Tflops, 5 TB • ZSU: 1. 0 Tflops, 10 TB • SDU: 1. 3 Tflops, 18 TB • NWPU: 0. 4 Tflops, 2 TB • ZJU: 0. 6 Tflops, 3 TB • FUDAN: 1. 8 Tflops, 6 TB • TONGJI: 0. 2 Tflops, 1 TB • USTC: 1. 2 Tflops, 5 TB • UESTC: 0. 3 Tflops, 2 TB • RUC: 0. 1 Tflops, 0. 5 TB • LZU: 0. 3 Tflops, 1 TB China. Grid:>13 Tflops, 135 TB 6

Layered Infrastructure of China. Grid ZSU PKU SJTU XJTU NEU HUST SCUT BUAA NUDT Layered Infrastructure of China. Grid ZSU PKU SJTU XJTU NEU HUST SCUT BUAA NUDT Remote Image education processing grid THU Fluid dynamics grid Bioinformatics grid SEU SDU Massive information processing grid China. Grid Supporting Platform (CGSP) High performance computing environment (campus grid) 7

CGSP 1. 0 Architecture 8 CGSP 1. 0 Architecture 8

Typical China. Grid Application - Image Processing Grid Interface Application Middleware Grid Infrastructure Grid Typical China. Grid Application - Image Processing Grid Interface Application Middleware Grid Infrastructure Grid Resource Portal and Application Interface Image resource sharing Image process programming environment Information service Clusters Typical application support Resource manager Mainframes Application monitoring tool Remote visual tools Data manager Grid security Instruments Databases 9

Workflow of Image Processing Grid Application - Remote Sensing Original Image Signal & Auxiliary Workflow of Image Processing Grid Application - Remote Sensing Original Image Signal & Auxiliary Data Distill Optical Original Image Meta-data Pre-Processing Layer Image Radiation Validity & System Geometric Validity Image Precise Check Image Multi-Source & Physic Data Increment Comeback Transfer Data Processing Layer Encoding Single Breadth &Multiple-Spectrum Data Automated Match Compound Data Info Abstract Layer Histogram Statistic Division. Classification Description Abstraction Features, Identifier, Knowledge Data 3 D Model Scenario Back Identification Image Description & Inference Knowledge Layer Application: Resource Monitor, Modification Check, Target Identify, Image Spelling, Map Navigation etc 10

Typical China. Grid Application - Massive Information Processing Grid 11 Typical China. Grid Application - Massive Information Processing Grid 11

Workflow of Mass Information Processing Grid (UMDGrid) Control Flow Data Flow Static Registry BUAA Workflow of Mass Information Processing Grid (UMDGrid) Control Flow Data Flow Static Registry BUAA SDU NJU KMST 12

China. Grid Security Requirements (1) • Security requirements for China. Grid platform v Interoperate China. Grid Security Requirements (1) • Security requirements for China. Grid platform v Interoperate with existing security infrastructures v Adapt to domain autonomy v Meet the security requirements of various applications v Construct security architecture v Trusted computing for platform legality 13

China. Grid Security Requirements (2) • Security requirements for image processing grid v Basic China. Grid Security Requirements (2) • Security requirements for image processing grid v Basic security requirement (encryption transfer and authentication) v Protect sensitive information produced by remote image processing v Service (including key data, key software, key hardware) authorization requirement - for virtual human and remote sensing image processing grid v User-profile based sensitive record authorization requirement (a decentralized trust management problem) - for medical image diagnosis grid v Security requirement for virtual organization based collaboration processing (more general and abstract level) 14

Scenario for Image Processing Grid (Medical Diagnosis) 15 Scenario for Image Processing Grid (Medical Diagnosis) 15

China. Grid Security Requirements (3) • Security requirements for massive information processing grid v China. Grid Security Requirements (3) • Security requirements for massive information processing grid v Basic security requirement (encryption transfer and authentication) v Database security operation requirement (to deal with federation of distributed information) for UDMGrid and DPKDD Grid v Data access authorization for different users in cooperative processing 16

Scenario for Massive Information Processing Grid (University Digital Museum) SDU NJU Computing Resource Database Scenario for Massive Information Processing Grid (University Digital Museum) SDU NJU Computing Resource Database Users Authentication Service Authorization Delegation Admin BUAA Mass Storage Users Authorization Delegation Authentication Service Authorization Delegation Authorization Service Admin 17

Open Issues for China. Grid Security (1) • Technical aspects v Standard policy and Open Issues for China. Grid Security (1) • Technical aspects v Standard policy and assertion presentation v Attribute based authorization and access control v Autonomous authorization delegation v Dynamic and flexible secure virtual organization collaboration v Secure group communication (provide secure group communication mechanism for VO participants) 18

Open Issues for China. Grid Security (2) • Practical aspects v Support Web Service/Grid Open Issues for China. Grid Security (2) • Practical aspects v Support Web Service/Grid Service v Adopt standard draft and implement for policy and assertion (SAML, XACML) v Conform to some security drafts, such as WS Security, Liberty Alliance v Adopt ideas from some existing authorization infrastructure, such as PERMIS, AKENTI, CARDEA v Adopt ideas from Single Sign-on (SSO) systems, such as Shibboleth and Source. ID (for the SSO in a virtual organization) v Adopt some ideas from decentralized trust management for Authorization Delegation 19

Open Issues for China. Grid Security (3) • Some aspects need to be further Open Issues for China. Grid Security (3) • Some aspects need to be further discussed v Security policy negotiation and reconciliation inside the virtual organization (because of security policy conflict in VO) v China. Grid security architecture v Evaluation for China. Grid security technology and policy v Trusted computing mechanism for China. Grid 20