Subject: |
Security Toolkit |
From: |
Ian Foster <[email protected]> |
Date: |
Tue, 28 Feb 1995 19:10:25 -0600 |
Hi,
A number of us in the Mathematics and Computer Science Division at
Argonne are putting together a project to build secure versions of
popular parallel programming tools, including the standard Message
Passing Interface (MPI) library and the parallel languages Fortran M
and CC++. These tools would incorporate both authentication on
process startup or connection, and the ability to ensure both the
integrity and confidentiality of data passed in messages. The goal is
to make it relatively painless to use security mechanisms in high
performance distributed applications.
It seems to us that EPICS users and developers may both have a strong
need for security mechanisms, and a lot to teach us about security
requirements in large-scale distributed applications. Hence, I would
be very interested to hear your thoughts on how you might use a secure
communications toolkit. Ensuring integrity of control messages and
encrypting proprietary data seem obvious requirements. However, you
doubtless have other perspectives.
Any thoughts would be greatly appreciated. I would be happy to meet
with some of you if this seems useful, or to talk on the phone.
I enclose a brief summary of the project.
Thanks, Ian Foster.
---------------------------------------------------------------------
ZIPPER: A Secure Communications Toolkit for High Performance
NII Applications
Future DOE information infrastructure applications such as distributed
simulation, remote control of experiments and instruments, and
distributed collaborative work, all require and depend on the
availability of security mechanisms. Indeed, without convenient
access to these mechanisms, many of the benefits expected to flow from
NII deployment will remain just dreams. In particular, it will be
impossible to perform experiments or simulations involving proprietary
data, to put instruments safely online, or to use collaborative
environments for confidential discussions.
Unfortunately, while there has been considerable progress in the
development of security mechanisms for low-performance Internet
transactions, such as electronic mail and commerce, there has been
little work on applications that stress network performance, demanding
low latencies and/or high communication rates. Nor has there been much
work on application programming interfaces to make it easy for users
writing distributed applications to incorporate security into their
codes. In particular, there are no security-enhanced versions of
popular communication libraries and languages such as MPI and HPF.
These deficiencies will be addressed in the Zipper project. The
execution of a secure, high performance NII application can be viewed
as a four-stage process: resource discovery, authentication, protocol
selection, and communication. The Zipper project will focus on the
problems of protocol selection and communication. Resource discovery
and authentication will be addressed by providing interfaces to
mechanisms under development by various groups, in particular the
DOE's Distributed Computing Coordinating Committee (DCCC). Protocol
selection and communication will be addressed by integrating existing
security technologies and communication libraries to provide a toolkit
for programmers developing secure, high-performance NII applications.
The Zipper toolkit will be based on the public-domain MPI and Nexus
libraries developed at Argonne. Both libraries are used extensively
both directly and as compiler targets for languages like HPF. Hence,
secure versions of these libraries will be familiar to programmers.
The toolkit will have a modular architecture, allowing different
security and privacy mechanism to be substituted without changes to
user-level interfaces. Specialized protocols will be incorporated
designed for low-latency, high bandwidth communication. In addition,
the toolkit will permit fine-grained control of security requirements,
for example allowing different security levels for control and data
streams, or over trusted and untrusted parts of a network. As much as
possible, the programmer will be able to specify security policies,
letting the choice of mechanisms be made by the toolkit.
The toolkit will be deployed and evaluated in several testbed
environments. At ANL and NERSC, it will be deployed on various
parallel computer systems and used to conduct experiments in secure
wide area computing. And at ANL, it will be used in the Labspace
project, which is developing technologies for distributed
collaborative work.
- Navigate by Date:
- Prev:
Re: How to use CVS to backup soft links ? Alan K Biocca
- Next:
[none given] Bill McDowell
- Index:
1994
<1995>
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: How to use CVS to backup soft links ? Alan K Biocca
- Next:
R3.12 Environment Parameter system Andrew Johnson
- Index:
1994
<1995>
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|