Single sign-on and delegation of privileges are key requirements for e-Infrastructures and Grids. The realisation of single sign-on and delegation of privileges in accessing resources such as the UK e-Science National Grid Service (NGS - www.ngs.ac.uk) is usually facilitated by X.509-based Public Key Infrastructures (PKI) and exploitation of proxy certificates. However, proxy certificates can potentially be obtained and abused by a malicious third party without the knowledge of the holder. There is currently no method for end users to detect such misuse. In this project we intend to address this issue directly.

A Proxy Credential Auditing Infrastructure for the UK e-Science National Grid Service

Download final report

Single sign-on and delegation of privileges are key requirements for e-Infrastructures and Grids. The realization of single sign-on and delegation of privileges in accessing resources such as the UK e-Science National Grid Service (NGS - www.ngs.ac.uk) is usually facilitated by X.509-based Public Key Infrastructures (PKI) and exploitation of proxy certificates. However, proxy certificates can potentially be obtained and abused by a malicious third party without the knowledge of the holder. There is currently no method for end users to detect such misuse. In this project we intend to address this issue directly.

Aims and objectives

We will develop a proxy certificate auditing infrastructure and demonstrate a solution that enables a thorough auditing and monitoring of proxy credential usage in widely distributed and heterogeneous research environments exemplified by NGS. In undertaking this we shall develop a secure service through which auditing information can be tracked and used for user-level monitoring, virtual organization (VO)-level usage and monitoring, and resource provider-level usage and monitoring. We aim to make this auditing service available to the NGS for longer term auditing and monitoring purposes of its customer and research base, and demonstrate use of this auditing service in international settings.

Project methodology

We shall establish a proxy credential auditing infrastructure and show how this can be used to identify and predict potential compromise and misuse of proxy credentials. This work will be undertaken by the researchers at TVU and at NeSC in Glasgow. The infrastructure will be demonstrated in numerous projects and application domains including those with an international dimension and exploiting international Grid resources.

Anticipated outputs and outcomes

  • An auditing infrastructure middleware and overall methodology to support proxy credential auditing and monitoring 
  • Integration of proxy certificate auditing infrastructure into the NGS, and implementation of case studies
  • Two project workshops for community engagement and technology transfer
  • Publications on major journals and conferences
Technology / Standards used
  • X509
  • Web Services Resource Framework (WSRF)

Project Staff

Project manager
  • Dr Wei Jie begin_of_the_skype_highlighting     end_of_the_skype_highlighting, Lecturer, Thames Valley University, School of Computing, TC372, St Mary’ Road, Ealing, London W5 5RF Tel: 020 8231 2612 Fax: 020 8282 0259 wei.jie@tvu.ac.uk
Project Team
  • Prof. Richard Sinnott, Technical Director of the National e-Science Centre, University of Glasgow 
  • Christopher Bayliss & David Martin, National e-Science Centre, University of Glasgow 
  • Junaid Arshad, Thames Valley University 
  • Dr Christopher Kunz, University of Hannover 
  • Prof. Shantenu Jha, University of Louisiana 
  • Prof Asen Asenov (nanoCMOS) 
  • Prof Mark Birkin (NeISS) 
  • Dr Jean Anderson (ENROLLER) 
  • Dr Paul Lambert (DAMES)  

 

Documents & Multimedia

Bookmark and Share
Summary
Start date
1 January 2010
End date
31 March 2011
Funding programme
Access and Identity Management Programme
Project website
Lead institutions
Thames Valley University
Partner institutions
National e-Science Centre, University of Glasgow
Committees
  • JISC Infrastructure and Resources Committee
Topic