Symphony A Java-Based Composition and Manipulation Framework for Computational Grids

1. Symphony A Java-Based Composition and Manipulation Framework for Computational Grids Dennis Kafura Markus Lorch This work is supported by the Virginia Commonwealth Information Security Center (CISC)

2. Organization • Motivation • The Symphony Framework • Security Requirements • Security Architecture

3. Motivation • Different grid user categories- component developer- grid (meta) program composer/developer- end user • Existing grid middleware expose command-line interfaces and proprietary APIs and use scripts to define meta programs • Grid portals are build for specific applications (PSEs) and use specific grid middleware

4. Motivation (contd.) Need for a grid abstraction layer, that: • allows grid applications to be quickly composed, customized, executed and monitored • provides a unified API for grid portal and application developers, independent of the underlying grid middleware • provides for grid applications that run accross several grid middleware systems

5. The Symphony Framework • A component-based framework for creating, sharing, composing, and executing (elements of) grid applications • Components abstract local and remotely accessible data and software resources through customizable JavaBeans (programs, data files, and data streams) • Grid applications defined by linking components through data and control flow relationships • Beans are instantiated and customized (equipped with knowledge on the object this bean will be a surrogate for)

6. The Symphony Framework • Symphony beans can be customized and interconnected either interactively by a user or through programmatic means • Standard composition environment is Sun‘s BeanBox. A container supporting collaborative work (shared workspace) is Sieve • Symphony can currently incorporate Globus resources (using the Java COG Kit), Symphony resouces (RMI) and local resources into a single meta program

7. Sample Meta Program

8. Sample Bean Customization

9. Resource Browser

11. Security Requirements • Support for group collaboration- delegation of fine grained privileges - combination of privileges from sep. sources • Fine grained enforcement with support for legacy applications required • Support for multiple credentials • Low overhead setup mechanisms for ad-hoc collaborative groups • Support for short-term temporary users (without OS user accounts)

12. Proposed Security Mechanisms • Use proxy certificates as intended for authentication • Convey fine grained rights through attribute certificates to enable user collaboration • Interface grid middleware with POSIX OS extentions for portable enforcement of fine grained access policies

13. Symphony Security Mechanism

14. Symphony Security Summary • Can employ any combination of proxy certificates and attribute certificates • Enables ad-hoc group collaboration through user-to-user delegation • Based on widespread GSI, can incorporate CAS • Supports legacy applications even for fine-grained access policies

15. Current and Future Work • Refining and evaluation of our security mechanisms and integration in existing grid security architectures. • Support for additional grid middleware (Legion, Unicore) • Improvement of GUI and transformation into a three tier architecture

16. Conclusion • Evaluation version available athttp://symphony.cs.vt.edu Contact • Markus Lorch <mlorch@vt.edu> • Dennis Kafura <kafura@vt.edu>