skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Flexible session management in a distributed environment

Abstract

Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure communication library used by the Condor High Throughput Computing software, and present the advantages to a distributed computing system resulting from CEDAR's separation of these layers. Regardless of the authentication method used, CEDAR establishes a secure session key, which has the flexibility to be used for multiple capabilities. We demonstrate how a layered approach to security sessions can avoid round-trips and latency inherent in network authentication. The creation of a distinct session management layer allows for optimizations to improve scalability by way of delegating sessions to other components in the system. This session delegation creates a chain of trust that reduces the overhead of establishing secure connections and enables centralized enforcement of system-wide security policies. Additionally, secure channels based upon UDP datagrams are often overlooked by existing libraries; we show how CEDAR's structure accommodates this as well. As an example of the utility of this work, we show how the use of delegated security sessions and other techniques inherent in CEDAR's architecture enables US CMSmore » to meet their scalability requirements in deploying Condor over large-scale, wide-area grid systems.« less

Authors:
; ; ; ; ; ; ;
Publication Date:
Research Org.:
Fermi National Accelerator Lab. (FNAL), Batavia, IL (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
983372
Report Number(s):
FERMILAB-CONF-10-228-CD
TRN: US1004458
DOE Contract Number:
AC02-07CH11359
Resource Type:
Conference
Resource Relation:
Journal Name: J.Phys.Conf.Ser.219:042017,2010; Conference: Prepared for 17th International Conference on Computing in High Energy and Nuclear Physics (CHEP 09), Prague, Czech Republic, 21-27 Mar 2009
Country of Publication:
United States
Language:
English
Subject:
99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE; ARCHITECTURE; CHAINS; COMMUNICATIONS; ENFORCEMENT; FLEXIBILITY; MANAGEMENT; NUCLEAR PHYSICS; SECURITY; Computing

Citation Formats

Miller, Zach, /Wisconsin U., Madison, Bradley, Dan, /Wisconsin U., Madison, Tannenbaum, Todd, /Wisconsin U., Madison, Sfiligoi, Igor, and /Fermilab. Flexible session management in a distributed environment. United States: N. p., 2010. Web. doi:10.1088/1742-6596/219/4/042017.
Miller, Zach, /Wisconsin U., Madison, Bradley, Dan, /Wisconsin U., Madison, Tannenbaum, Todd, /Wisconsin U., Madison, Sfiligoi, Igor, & /Fermilab. Flexible session management in a distributed environment. United States. doi:10.1088/1742-6596/219/4/042017.
Miller, Zach, /Wisconsin U., Madison, Bradley, Dan, /Wisconsin U., Madison, Tannenbaum, Todd, /Wisconsin U., Madison, Sfiligoi, Igor, and /Fermilab. Fri . "Flexible session management in a distributed environment". United States. doi:10.1088/1742-6596/219/4/042017. https://www.osti.gov/servlets/purl/983372.
@article{osti_983372,
title = {Flexible session management in a distributed environment},
author = {Miller, Zach and /Wisconsin U., Madison and Bradley, Dan and /Wisconsin U., Madison and Tannenbaum, Todd and /Wisconsin U., Madison and Sfiligoi, Igor and /Fermilab},
abstractNote = {Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure communication library used by the Condor High Throughput Computing software, and present the advantages to a distributed computing system resulting from CEDAR's separation of these layers. Regardless of the authentication method used, CEDAR establishes a secure session key, which has the flexibility to be used for multiple capabilities. We demonstrate how a layered approach to security sessions can avoid round-trips and latency inherent in network authentication. The creation of a distinct session management layer allows for optimizations to improve scalability by way of delegating sessions to other components in the system. This session delegation creates a chain of trust that reduces the overhead of establishing secure connections and enables centralized enforcement of system-wide security policies. Additionally, secure channels based upon UDP datagrams are often overlooked by existing libraries; we show how CEDAR's structure accommodates this as well. As an example of the utility of this work, we show how the use of delegated security sessions and other techniques inherent in CEDAR's architecture enables US CMS to meet their scalability requirements in deploying Condor over large-scale, wide-area grid systems.},
doi = {10.1088/1742-6596/219/4/042017},
journal = {J.Phys.Conf.Ser.219:042017,2010},
number = ,
volume = ,
place = {United States},
year = {Fri Jan 01 00:00:00 EST 2010},
month = {Fri Jan 01 00:00:00 EST 2010}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:
  • The use of computers and communication networks has been rapidly increasing in distributed applications. Most distributed applications require highly dependable (or reliable) system operations. In order to guarantee highly dependable operations of the system in a distributed environment, system-level diagnosis and run-time error (or fault) recovery mechanisms should be provided in the system. In order to support the system-level diagnosis capability, we have proposed a mechanism, call the monitor, to detect faults in a system and to diagnose them. In this paper, we present the design and implementation of the monitor. Also, we show the effectiveness of our monitor approachmore » by applying it to an intelligent vehicle system (IVS).« less
  • Lawrence Livermore National Laboratory's (LLNL) Computer Integrated Manufacturing (CIM) project's goal is to implement a wide variety of Computer Aided Engineering (CAE) systems to support our engineering staff. As we move to routine operation, we are addressing the problems of integrated information flow. This paper describes how Computer Aided Design (CAD), Computer Aided Manufacturing (CAM), analysis, and information systems interact and provide vital information, such as drawing release status, production job information, and analytical data. LLNL's information systems must handle a wide spectrum of classified and unclassified data in both paper and electronic form. The range of systems includes terminals,more » PC's, minicomputers, networks, and mainframe supercomputers. A natural progression toward stand alone engineering workstations, PC based CAD systems, and multiple vendors is occurring. Thus, we are taking steps to ensure that we retain system compatibility. Many such information systems have been attempted. Because results have not always been positive, we are using a pragmatic bottoms up approach to assure success. By beginning with small subsystems, and progressing to full integration, we ensure smooth information flow and provide users with information necessary for decision making. The path to data integration is strewn with obstacles and hazards. We describe many of these and the steps we are taking to remove them.« less
  • Next-generation problem solving environments (PSEs) promise significant advances over those now available. They will span scientific disciplines and incorporate collaboratory capabilities. They will host feature-detection and other agents, allow data mining and pedigree tracking, and provide access from a wide range of devices. Fundamental changes in PSE architecture are required to realize these and other PSE goals. This paper focuses specifically on issues related to data management and recommends an approach based on open, metadata-driven repositories with loosely defined, dynamic schemas. Benefits of this approach are discussed and the redesign of the Extensible Computational Chemistry Environment's (Ecce) data storage architecturemore » to use such a repository is described, based on the distributed authoring and versioning (DAV) standard. The suitability of DAV for scientific data, the mapping of the Ecce scheme to DAV, and promising initial results are presented.« less
  • In this paper is discussed the design and implementation of a distributed pipelined multijoin algorithm for executing the multijoin operation of relational databases. The hash phase of the algorithm is executed on the Cray C90. The hashed data sets are transmitted over a High Performance Parallel Interface (HiPPI) to the Connection Machine (CM-2) where the join phase is performed. The performance of the algorithm depends on the size and number of relations to be joined and the performance of the HiPPI. Improvements in the time of the algorithm result from the overlapping of the hash and join phases. Limitations onmore » performance are imposed by the synchronization of the two architectures and the constraints on the data sizes transmitted.« less
  • A probabilistic approach is presented for evaluating the safety of distributed tension-legs which are arranged over the bottom surface of a flexible floating structure subjected to wind-induced waves and seaquakes at a specific site. The floating structure is idealized as an elastic circular plate with uniformly distributed tension-legs. Both wind-induced waves and seaquakes are represented in terms of long-term and short-term descriptions. The long-term description is concerned with the recurrence pattern of all possible load intensities, while the short-term description is associated with the details of load time history during each load intensity. The short-term tendon response which is conditionalmore » on each load intensity is evaluated by a stationary random vibration analysis, taking into account structural flexibility and fluid-structure interaction. Tensile stresses induced in the distributed tension-legs are compared with tendon failure criteria which are assumed in such a way that its failure occurs when the tension in the legs exceeds its tensile limit or drops to zero. Numerical examples are presented to illustrate the proposed method and to discuss the safety of mooring system against both waves and seaquakes at different sites.« less