A Critical Survey of Grid Security Requirements and Technologies

Abstract

Security in grid applications is a wide topic, touching many of the core issues in Information Security. We survey the distinctive features of grids from a security perspective, recording the principal security requirements which arise in some current projects we are engaged with, and in the literature. These include particular requirements on authentication, authorisation, revocation, confidentiality, distributed trust, integrity, and freshness. These requirements inform an analysis of existing technologies deployed in the European DataGrid, and we present an appraisal of the extent to which these meet the requirements presented. The paper includes an analysis of the key software engineering security issues which remain to be addressed.