Efficient integration of fine-grained access control and resource brokering in grid

In this paper, we present a novel resource brokering service for grid systems which considers authorization policies of the grid nodes in the process of selecting the resources to be assigned to a request. We argue such an integration is needed to avoid scheduling requests onto resources the policies of which do not authorize their execution. Our service, implemented in Globus as a part of Monitoring and Discovery Service (MDS), is based on the concept of fine-grained access control (FGAC) which enables participating grid nodes to specify fine-grained policies concerning the conditions under which grid clients can access their resources. Since the process of evaluating authorization policies, in addition to checking the resource requirements, can be a potential bottleneck for a large scale grid, we also analyze the problem of the efficient evaluation of FGAC policies. In this context, we present GroupByRule, a novel method for policy organization and compare its performance with other strategies.

Trustworthy remote compiling services for grid-based scientific applications

Grid computing, which is characterized by large-scale sharing and collaboration of dynamic resources, is becoming an emerging computing platform on a global scale for data-intensive and computation-intensive scientific application. However, the complications of large-scale scientific computations and simulations harnessing massive computing resources are compounded by extensive heterogeneity in environments arising from “the Grid.” Scientists and engineers lack an intuitive grid-based compilation tool, which has contributed to the difficulty of exploiting these diverse resources and developing their applications on the grid. While manual configuration of various toolkits simplifying the end-to-end completion of a job is adequate for a computational grid with a limited number of nodes, the compilation procedure becomes inefficient for a computational grid with an increasing number of heterogeneous computational service providers. On the other hand, a global-scale computational grid is a potentially untrustworthy computing environment. How to take advantage of the potentially untrustworthy grid resources to provide trustworthy computational services for large-scale scientific applications is another critical issue. In this article, a remote compiling service for a heterogeneous computational grid is developed. In addition to running compilation tasks, the remote compiling service provides security enforcement and validation facilities, including intermediate value checking, secure source program submission, restricted compilation, and binary inspection, to support trustworthy compilation and execution of grid-based scientific applications. Overall, it is expected that our remote compiling services on the grid can tackle the heterogeneity problem of the grid and provide a secure, trustworthy, reliable, and state-of-the-art mechanism to develop grid-aware scientific applications.

Usage-based dynamic pricing of Web services for optimizing resource allocation

Web services technology is becoming an important technological trend in Web application development and integration. Based on open standards, such as SOAP, WSDL, and UDDI, Web services allow Web-based applications to communicate with each other through standardized XML messaging and to form loosely coupled distributed systems. Although the open feature of Web services benefits service providers in servicing consumers, the unlimited computing resources access of Web services to network bandwidth, storage throughput, and CPU time may lead to overexploitation of the resources when applications based on the Web services technology are widely accepted. Therefore, it is critical to optimize the operation of Web services, subject to the QoS requirements of service requests, to assure the total benefits of the service providers and the service consumers. This paper proposes a usage-based dynamic pricing approach to optimizing resource allocation of Web services in the principle of economics, and reports on a pilot implementation demonstrating the technical feasibility of the proposed approach.

Intelligent Network Provisioning for Dynamically Downloadable Applications in Beyond 3G Mobile Networks

Mobile communications beyond 3G will integrate different (but complementary) access technologies into a common platform to deliver value-added services and multimedia content in an optimum way. However, the numerous possible configurations of mobile networks complicated the dynamic deployment of mobile applications. Therefore, research is intensely seeking a service provisioning framework that is technology-independent, supports multiple wireless network technologies, and can interwork high-level service management tasks to network management operations. This paper presents an open value chain paradigm, a model for downloadable applications and a mediating platform for service provisioning in beyond 3G mobile settings. Furthermore, we introduce mechanisms that support a coupled interaction between service deployment and network configuration operations, focusing on the dynamic provisioning of QoS state to data path devices according to the requirements of dynamically downloadable mobile value-added services (VAS).

A user-friendly platform for developing and accessing grid services

This article presents an enhanced platform that provides a friendly environment of developing grid services and accessing grid services over Globus Toolkit 3 (GT3). This platform includes a class of functions for processing parameters input from a developer via GUI, a class of functions for generating files required for defining a grid service specified, and a class of functions for creating client program and facilitating accesses of the deployed services. As a result, the development and access of grid services requires less special expert knowledge of a developer at the server side and users at the client side, the efficiency of developing and accessing grid services can be improved. This paper describes our design ideas, necessary functions, and implementations. The comparisons with other related toolkits are given and the extended version of the platform on top of the web service environment rather than GT3.

An adaptive and trustworthy software testing framework on the grid

Grid computing, which is characterized by large-scale sharing and collaboration of dynamic distributed resources has quickly become a mainstream technology in distributed computing and is changing the traditional way of software development. In this article, we present a grid-based software testing framework for unit and integration test, which takes advantage of the large-scale and cost-efficient computational grid resources to establish a testbed for supporting automated software test in complex software applications. Within this software testing framework, a dynamic bag-of-tasks model using swarm intelligence is developed to adaptively schedule unit test cases. Various high-confidence computing mechanisms, such as redundancy, intermediate value checks, verification code injection, and consistency checks are employed to verify the correctness of each test case execution on the grid. Grid workflow is used to coordinate various test units for integration test. Overall, we expect that the grid-based software testing framework can provide efficient and trustworthy services to significantly accelerate the testing process with large-scale software testing.

Using OGRO and CertiVeR to improve OCSP validation for Grids

Authentication and authorization in many distributed systems rely on the use of cryptographic credentials that in most of the cases have a defined lifetime. This feature mandates the use of mechanisms able to determine whether a particular credential can be trusted at a given moment. This process is commonly named validation. Among available validation mechanisms, the Online Certificate Status Protocol (OCSP) stands out due to its ability to carry near real time certificate status information. Despite its importance for security, OCSP faces considerable challenges in the computational Grid (i.e. Proxy Certificate’s validation) that are being studied at the Global Grid Forum’s CA Operations Work Group (CAOPS-WG). As members of this group, we have implemented an OCSP validation infrastructure for the Globus Toolkit 4, composed of the CertiVeR Validation Service and our Open GRid Ocsp (OGRO) client library, which introduced the Grid Validation Policy. This paper summarizes our experiences on that work and the results obtained up to now. Furthermore we introduce the prevalidation concept, a mechanism analogous to the Authorization Push-Model, capable of improving OCSP validation performance in Grids. This paper also reports the results obtained with OGRO’s prevalidation rules for Grid Services as a proof of concept.

Tycho: a wide-area messaging framework with an integrated virtual registry

In a distributed environment remote entities, usually the producers or consumers of services, need a means to publish their existence so that clients, needing their services, can search and find the appropriate ones that they can then interact with directly. The publication of information is via a registry service, and the interaction is via a high-level messaging service. Typically, separate libraries provide these two services. Tycho is an implementation of a wide-area asynchronous messaging framework with an integrated distributed registry. This will free developers from the need to assemble their applications from a range of potentially diverse middleware offerings, which should simplify and speed application development and more importantly allow developers to concentrate on their own domain of expertise. In the first part of the paper we outline our motivation for producing Tycho and then review a number of registry and messaging systems popular with the Grid community. In the second part of the paper we describe the architecture and implementation of Tycho. In the third part of the paper we present and discuss various performance tests that were undertaken to compare Tycho with alternative similar systems. Finally, we summarise and conclude the paper and outline future work.

Delegating revocations and authorizations in collaborative business environments

Efficient collaboration allows organizations and individuals to improve the efficiency and quality of their business activities. Delegations, as a signif icant approach, may occur as workflow collabora tions, supply chain collaborations, or collaborative commerce. Role-based delegation models have been used as flexible and efficient access management for collaborative business environments. Delegation revocations can provide significant functionalities for the models in business environments when the delegated roles or permissions are required to get back. However, problems may arise in the revocation process when one user delegates user U a role and another user delegates U a negative authorization of the role. This paper aims to analyse various role-based delegation revocation features through examples. Revocations are categorized in four dimensions: Dependency, Resilience, Propagation and Dominance. According to these dimensions, sixteen types of revocations exist for specific requests in collaborative business environments: DependentWeakLocalDelete, Dependent WeakLocalNegative, DependentWeakGlobalDelete, DependentWeakGlobalNegative, IndependentWeak LocalDelete, IndependentWeakLocalNegative, Inde pendentWeakGlobalDelete, IndependentWeakGlobal Negative, and so on. We present revocation delegating models, and then discuss user delegation authorization and the impact of revocation operations. Finally, comparisons with other related work are discussed.

Decentralized Access Control Management for Network Configuration

Configuration management is of great importance for network operators and service providers today. Sharing of resources between business parties with conflicting interests is a reality and raises many issues with respect to configuration management. One issue is access control to configuration data. A network operator or service provider needs appropriate tools, not only to control its networked resources, but also to specify how this control should be exercised. We propose an access control model for the IETF NETCONF network configuration protocol, based on the OASIS XACML access control standard, which allows a flexible and fine-grained control for NETCONF commands. Our approach does not require any additions to the NETCONF protocol and is independent of the configuration’s data-model. Furthermore our approach can easily be extended to cover new NETCONF functionality.

Enabling Location-based Services—Multi-Graph Representation of Transportation Networks

Advances in wireless communications, positioning technologies, and consumer electronics combine to enable a range of applications that use a mobile user’s geo-spatial location to deliver on-line, location-enhanced services, often referred to as location-based services. This paper assumes that the service users are constrained to a transportation network, and it delves into the modeling of such networks, points of interest, and the service users with the objective of supporting location-based services. In particular, the paper presents a framework that encompasses two interrelated models—a two-dimensional, spatial representation and a multi-graph presentation. The former, high-fidelity model may be used for the positioning of content and users in the infrastructure (e.g., using map matching). The latter type of model is recognized as an ideal basis for a variety of query processing tasks, e.g., route and distance computations. Together, the two models capture central aspects of the problem domain needed in order to support the different types of queries that underlie location-based services. Notably, the framework is capable of capturing roads with lanes, lane shift and u-turn regulations, and turn restrictions. As part of the framework, the paper constructively demonstrates how it is possible map instances of the semantically rich two-dimensional model to instances of the graph model that preserve the topology of the two-dimensional model instances. In doing so, the paper demonstrates how a wealth of previously proposed query processing techniques based on graphs are applicable even in the context of complex transportation networks. The paper also presents means of compacting graphs while preserving aspects of the graphs that are important for the intended applications.

The PRIMA Grid Authorization System

PRIMA, a system for PRIvilege Management and Authorization, provides enhanced Grid security services. The requirements for these services are derived from usage scenarios and supported by a survey of Grid users. The requirements for added flexibility, increased expressiveness, and more precise enforcement are met by a combination of three mechanisms: (1) use of secure, fine-grained privileges representing externalized access rights for Grid resources that can be freely created, shared, and employed by Grid users; (2) a dynamic policy generated for each request combining the requests user-provided privileges with the resources access control policy; and (3) dynamic execution environments specially provisioned for each request that are enforced by the resources native operating system and which support legacy applications. PRIMA has been implemented as an extension of the Globus Toolkit Grid middleware.     

Ubiquitous enterprise service adaptations based on contextual user behavior

Recent advances in mobile technologies and infrastructures have created the demand for ubiquitous access to enterprise services from mobile handheld devices. Further, with the invention of new interaction devices, the context in which the services are being used becomes an integral part of the activity carried out with the system. Traditional human–computer interface (HCI) theories are now inadequate for developing these context-aware applications, as we believe that the notion of context should be extended to different categories: computing contexts, user contexts, and physical contexts for ubiquitous computing. This demands a new paradigm for system requirements elicitation and design in order to make good use of such extended context information captured from mobile user behavior. Instead of redesigning or adapting existing enterprise services in an ad hoc manner, we introduce a methodology for the elicitation of context-aware adaptation requirements and the matching of context-awareness features to the target context by capability matching. For the implementation of such adaptations, we propose the use of three tiers of views: user interface views, data views, and process views. This approach centers on a novel notion of process views to ubiquitous service adaptation, where mobile users may execute a more concise version or modified procedure of the original process according to their behavior under different contexts. The process view also serves as the key mechanism for integrating user interface views and data views. Based on this model, we analyze the design and implementation issues of some common ubiquitous access situations and show how to adapt them systematically into a context-aware application by considering the requirements of a ubiquitous enterprise information system.

Design and implementation of a workflow-based resource broker with information system on computational grids

The grid is a promising infrastructure that can allow scientists and engineers to access resources among geographically distributed environments. Grid computing is a new technology which focuses on aggregating resources (e.g., processor cycles, disk storage, and contents) from a large-scale computing platform. Making grid computing a reality requires a resource broker to manage and monitor available resources. This paper presents a workflow-based resource broker whose main functions are matching available resources with user requests and considering network information statuses during matchmaking in computational grids. The resource broker provides a graphic user interface for accessing available and the appropriate resources via user credentials. This broker uses the Ganglia and NWS tools to monitor resource status and network-related information, respectively. Then we propose a history-based execution time estimation model to predict the execution time of parallel applications, according to previous execution results. The experimental results show that our model can accurately predict the execution time of embarrassingly parallel applications. We also report on using the Globus Toolkit to construct a grid platform called the TIGER project that integrates resources distributed across five universities in Taichung city, Taiwan, where the resource broker was developed.

Mires: a publish/subscribe middleware for sensor networks

A wireless sensor network (WSN) consists of a large number of small devices with computational power, wireless communication and sensing capability. These networks have been developed for a wide range of applications, such as habitat monitoring, object tracking, precision agriculture, building monitoring and military systems. Meanwhile, middleware systems have also been proposed in to facilitate both the development of these applications and provide common application services. The development of middleware for sensor networks, however, places new challenges on middleware developers due to the low availability of resources and processing capacity of the sensor nodes. In this context, this paper presents the design and implementation of a middleware for WSN named Mires. Mires incorporates characteristics of message-oriented middleware by allowing applications communicate in a publish/subscribe way. In order to illustrate the proposed middleware, we have also developed an environment-monitoring application and a data aggregation service.

Defining the grid: a snapshot on the current view

The term “Grid” was introduced in early 1998 with the launch of the book “The Grid. Blueprint for a new computing infrastructure”. Since that time many technological changes have occurred in both hardware and software. One of the most important ones seems to be the wide acceptance of Web services. Although the basic Grid idea has not changed much in the last decade, many people have different ideas about what a Grid really is. In the following article we report on a survey where we invited many people in the field of Grid computing to give us their current understanding.

Advanced networking services for distributed multimedia streaming applications

Increased network speeds coupled with new services delivered via the Internet have increased the demand for intelligence and flexibility in network systems. This paper argues that both can be provided by new hardware platforms comprised of heterogeneous multi-core systems with specialized communication support. We present and evaluate an experimental network service platform that uses an emergent class of devices—network processors—as its communication support, coupled via a dedicated interconnect to a host processor acting as a computational core. A software infrastructure spanning both enables the dynamic creation of application-specific services on the network processor, mediated by middleware and controlled by kernel-level communication support. Experimental evaluations use a Pentium IV-based computational core coupled with an IXP 2400 network processor. The sample application services run on both include an image manipulation application and application-level multicasting.

Enabling Routes of Road Network Constrained Movements as Mobile Service Context

With the continuing advances in wireless communications, geo-positioning, and portable electronics, an infrastructure is emerging that enables the delivery of on-line, location-enabled services to very large numbers of mobile users. A typical usage situation for mobile services is one characterized by a small screen and no keyboard, and by the service being only a secondary focus of the user. Under such circumstances, it is particularly important to deliver the “right” information and service at the right time, with as little user interaction as possible. This may be achieved by making services context aware. Mobile users frequently follow the same route to a destination as they did during previous trips to the destination, and the route and destination constitute important aspects of the context for a range of services. This paper presents key concepts underlying a software component that identifies and accumulates the routes of a user along with their usage patterns and that makes the routes available to services. The problems associated with of route recording are analyzed, and algorithms that solve the problems are presented. Experiences from using the component on logs of GPS positions acquired from vehicles traveling within a real road network are reported.

Building Scalable Wireless VoD Systems Through Efficient Management of Collocated Access Points

The growing need for ubiquitous access to video on demand (VoD) applications by large audiences has driven researches to build new scalable VoD systems that can guarantee Quality of Service (QoS) over wireless networks. In this paper, we propose and evaluate a novel system-level design that guarantees QoS by eliminating the service latency for short videos over IEEE 802.11 networks. Furthermore, our VoD system attains scalable performance by employing collocated access points (APs) coupled with an efficient association management of clients to the APs using a generic least-loaded-first heuristic on non-overlapping channels. Simulated results of our VoD system demonstrated that it achieved scalable performance due to its effective use of available bandwidth of the APs while supporting a low blockage rate for short videos up to 360 s. These results suggest that our VoD system can be an attractive solution for several classes of scalable VoD applications that require QoS guarantee such as movie trailers, news, video clips, and commercials.