skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Flexible session management in a distributed environment

Abstract

Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure communication library used by the Condor High Throughput Computing software, and present the advantages to a distributed computing system resulting from CEDAR's separation of these layers. Regardless of the authentication method used, CEDAR establishes a secure session key, which has the flexibility to be used for multiple capabilities. We demonstrate how a layered approach to security sessions can avoid round-trips and latency inherent in network authentication. The creation of a distinct session management layer allows for optimizations to improve scalability by way of delegating sessions to other components in the system. This session delegation creates a chain of trust that reduces the overhead of establishing secure connections and enables centralized enforcement of system-wide security policies. Additionally, secure channels based upon UDP datagrams are often overlooked by existing libraries; we show how CEDAR's structure accommodates this as well. As an example of the utility of this work, we show how the use of delegated security sessions and other techniques inherent in CEDAR's architecture enables US CMSmore » to meet their scalability requirements in deploying Condor over large-scale, wide-area grid systems.« less

Authors:
; ; ;
Publication Date:
Research Org.:
Fermi National Accelerator Lab. (FNAL), Batavia, IL (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
983372
Report Number(s):
FERMILAB-CONF-10-228-CD
TRN: US1004458
DOE Contract Number:  
AC02-07CH11359
Resource Type:
Conference
Journal Name:
J.Phys.Conf.Ser.219:042017,2010
Additional Journal Information:
Conference: Prepared for 17th International Conference on Computing in High Energy and Nuclear Physics (CHEP 09), Prague, Czech Republic, 21-27 Mar 2009
Country of Publication:
United States
Language:
English
Subject:
99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE; ARCHITECTURE; CHAINS; COMMUNICATIONS; ENFORCEMENT; FLEXIBILITY; MANAGEMENT; NUCLEAR PHYSICS; SECURITY; Computing

Citation Formats

Miller, Zach, /Wisconsin U., Madison, Bradley, Dan, /Wisconsin U., Madison, Tannenbaum, Todd, /Wisconsin U., Madison, Sfiligoi, Igor, and /Fermilab. Flexible session management in a distributed environment. United States: N. p., 2010. Web. doi:10.1088/1742-6596/219/4/042017.
Miller, Zach, /Wisconsin U., Madison, Bradley, Dan, /Wisconsin U., Madison, Tannenbaum, Todd, /Wisconsin U., Madison, Sfiligoi, Igor, & /Fermilab. Flexible session management in a distributed environment. United States. https://doi.org/10.1088/1742-6596/219/4/042017
Miller, Zach, /Wisconsin U., Madison, Bradley, Dan, /Wisconsin U., Madison, Tannenbaum, Todd, /Wisconsin U., Madison, Sfiligoi, Igor, and /Fermilab. 2010. "Flexible session management in a distributed environment". United States. https://doi.org/10.1088/1742-6596/219/4/042017. https://www.osti.gov/servlets/purl/983372.
@article{osti_983372,
title = {Flexible session management in a distributed environment},
author = {Miller, Zach and /Wisconsin U., Madison and Bradley, Dan and /Wisconsin U., Madison and Tannenbaum, Todd and /Wisconsin U., Madison and Sfiligoi, Igor and /Fermilab},
abstractNote = {Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure communication library used by the Condor High Throughput Computing software, and present the advantages to a distributed computing system resulting from CEDAR's separation of these layers. Regardless of the authentication method used, CEDAR establishes a secure session key, which has the flexibility to be used for multiple capabilities. We demonstrate how a layered approach to security sessions can avoid round-trips and latency inherent in network authentication. The creation of a distinct session management layer allows for optimizations to improve scalability by way of delegating sessions to other components in the system. This session delegation creates a chain of trust that reduces the overhead of establishing secure connections and enables centralized enforcement of system-wide security policies. Additionally, secure channels based upon UDP datagrams are often overlooked by existing libraries; we show how CEDAR's structure accommodates this as well. As an example of the utility of this work, we show how the use of delegated security sessions and other techniques inherent in CEDAR's architecture enables US CMS to meet their scalability requirements in deploying Condor over large-scale, wide-area grid systems.},
doi = {10.1088/1742-6596/219/4/042017},
url = {https://www.osti.gov/biblio/983372}, journal = {J.Phys.Conf.Ser.219:042017,2010},
number = ,
volume = ,
place = {United States},
year = {Fri Jan 01 00:00:00 EST 2010},
month = {Fri Jan 01 00:00:00 EST 2010}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: