Symphony A JavaBased Composition and Manipulation Framework for

Symphony A Java-Based Composition and Manipulation Framework for Computational Grids Dennis Kafura Markus Lorch This work is supported by the Virginia Commonwealth Information Security Center (CISC)

Organization ¨ Motivation ¨ The Symphony Framework ¨ Security Requirements ¨ Security Architecture The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech

Motivation ¨ Different grid user categories - component developer - grid (meta) program composer/developer - end user ¨ Existing grid middleware expose command-line interfaces and proprietary APIs and use scripts to define meta programs The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech ¨ Grid portals are build for specific applications (PSEs) and use specific grid middleware

Motivation (contd. ) Need for a grid abstraction layer, that: ¨ allows grid applications to be quickly composed, customized, executed and monitored ¨ provides a unified API for grid portal and application developers, independent of the underlying grid middleware The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech ¨ provides for grid applications that run accross several grid middleware systems

The Symphony Framework ¨ A component-based framework for creating, The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech sharing, composing, and executing (elements of) grid applications ¨ Components abstract local and remotely accessible data and software resources through customizable Java. Beans (programs, data files, and data streams) ¨ Grid applications defined by linking components through data and control flow relationships ¨ Beans are instantiated and customized (equipped with knowledge on the object this bean will be a surrogate for)

The Symphony Framework ¨ Symphony beans can be customized and The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech interconnected either interactively by a user or through programmatic means ¨ Standard composition environment is Sun‘s Bean. Box. A container supporting collaborative work (shared workspace) is Sieve ¨ Symphony can currently incorporate Globus resources (using the Java COG Kit), Symphony resouces (RMI) and local resources into a single meta program

Sample Meta Program The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech

Sample Bean Customization The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech

Resource Browser The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech

The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech

Security Requirements ¨ Support for group collaboration The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech - delegation of fine grained privileges - combination of privileges from sep. sources ¨ Fine grained enforcement with support for legacy applications required ¨ Support for multiple credentials ¨ Low overhead setup mechanisms for ad-hoc collaborative groups ¨ Support for short-term temporary users (without OS user accounts)

Proposed Security Mechanisms ¨ Use proxy certificates as intended for authentication ¨ Convey fine grained rights through attribute certificates to enable user collaboration ¨ Interface grid middleware with POSIX OS extentions for portable enforcement of fine grained access policies The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech

Symphony Security Mechanism The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech

Symphony Security Summary ¨ Can employ any combination of proxy The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech certificates and attribute certificates ¨ Enables ad-hoc group collaboration through user-to-user delegation ¨ Based on widespread GSI, can incorporate CAS ¨ Supports legacy applications even for finegrained access policies

Current and Future Work ¨ Refining and evaluation of our security mechanisms and integration in existing grid security architectures. ¨ Support for additional grid middleware (Legion, Unicore) ¨ Improvement of GUI and transformation into a three tier architecture The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech

Conclusion ¨ Evaluation version available at http: //symphony. cs. vt. edu Contact ¨ Markus Lorch <mlorch@vt. edu> ¨ Dennis Kafura <kafura@vt. edu> The Symphony Framework Dennis Kafura, Markus Lorch Virginia Tech