iSGTW - International Science Grid This Week
iSGTW - International Science Grid This Week

Home > iSGTW 10 December 2008 > iSGTW Opinion - A matter of trust

Opinion - A matter of trust: enabling grid security through bilateral negotiation

Diagram of a fraud: Here, Alice is a malicious
agent who collected as much information as possible on Bob who disclosed his SEC certificate on step 4. Alice did not commit to the end of the interaction to
disclose her credential in step 5. If Alice is a clever hacker, she could then impersonate Bob and start fraudulent activities. Image courtesy of Winslett, 2006

(Our latest opinion piece comes from a team at the University of Westminster.)

One of the key challenges posed in Virtual Organizations (VO)—which are the core components of the grid—is establishing trust relationships between a grid service provider and a consumer.

A key aspect of a VO is the ability to provide access to computers, software, data and other resources. This sharing is highly controlled, with resource providers and consumers explicitly outlining what is shared, who is allowed to share, and the conditions under which sharing takes place. However, introducing intelligent access control decisions for large-scale open systems is a very complex task, due to a potentially limitless number of users and resources that exist in an environment with few guarantees regarding pre-existing trust relationships.

In current grid systems, the authorization policies for building trust have the problems of scalability and flexibility, due to interdependent institutions and their corresponding policies. In addition, VO authorizations lack the ability to securely negotiate suitable trust and privacy requirements.

Current grid security systems require information—such as previous transactions—in
order to acquire trust. For example, service provider A will not trust a complete
stranger such as service consumer B in the case of A disclosing its certificates to
B. Service consumer B could be a malicious agent intent on getting private
information on A and then impersonating A to other service consumers to get other
consumers’ payment details. In current grid systems, provider A will only trust
consumer B if there is a history of interactions or recommendations from other
agents. Thus, when a party enters an environment for the first time without any
history of previous interactions, deciding who to trust becomes problematic. Our
proposed negotiation mechanisms could address this problem and help establish trust between
complete strangers since our approach requires no prior knowledge between

In addition, in the current grid there is the risk of malicious users attempting to collect as much
information as possible about other users without intending to reach the end of the
interaction and send their final credentials. This can happen when participants
are disclosing their credentials *during* the interaction without any guarantee of a
successful negotiation and a binding agreement. In contrast, our approach allows
participants to negotiate on what credentials they wish to disclose/exchange *once*
participants have acquired enough mutual trust between themselves.

How WSTN would work. Image courtesy of Dilal Miah

Enter Web Service Trust Negotiation

Given the limitations of current VO authorization systems when faced with malicious parties, Shamima Paroubally (primary researcher), Dilah Miah and Zahid Khan at the University of Westminster, UK proposed a bilateral negotiation framework called Web Service Trust Negotiation (WSTN) to incrementally build trust between web services.

The idea is to develop  both both simple and complex, dynamic, environmentally adaptive negotiation algorithms that negotiate a list of credentials to be exchanged between web services for secure and trustworthy service provision. 

For example, when two participants negotiate over a grid service by examining the credentials of an X.509 certificate, negotiations can vary along a number of quantitative and qualitative credentials such as certificate issuer, serial number, role, the nature of the contract and type of reporting policy. In contrast, the WSTN uses algorithms that adapt to various negotiation time deadlines, taking into account the participants’ first choices, reserved offers and counter-offers. It also takes the number of negotiation iterations into consideration, and determines how many concessions should be generated in a participant’s counter-offer, depending on the time left. Thus, WSTN can better approach real-world human negotiation by utilizing initial offers, counter offers, acceptances and rejections instead of the outright accept/reject which is currently the norm within VOs.

Trust is a complex and subjective issue, that sometimes requires a more complex mechanism
than a simple yes/no authorization system. For example, even when a consumer logs in
a provider’s site, the provider does not trust the consumer to give the latter his payment details.

Authorization indeed can be a simple yes or no decision based system. However, when
you have potentially many parties entering a VO, all whom have their own
authorization policy, thus managing this can be a big challenge. In our approach, we provide that flexibility of allowing interested parties to negotiate over the credentials of an X509 certificate as means of obtaining security and trust and thus promote a more flexible negotiation mechanism.

The system is not closed, as in identity-based systems, where the interacting participants need to have a prior relationship. Instead, it establishes trust in stages, through negotiation about which credentials need to be exchanged for building a mutual relationship between the parties. Thus, our negotiation mechanisms can help in the formation of VOs involving a number of cooperating organizations. In our case, we do not assume any prior trust or knowledge between participants, and the SLA for sharing resources can be achieved after agreeing on a list of credentials that would bring about sufficient trustworthiness for the participants.

Resource providers could accept this model because trust is iteratively built, and involves the exchange of certificates at the end. Agreement can be found, where before parties would not trust each other. It also brings in better security and prevents malicious behavior.

Related work and Further Reading:

Dilal Miah, University of Westminster


 iSGTW 22 December 2010

Feature – Army of Women allies with CaBIG for online longitudinal studies

Special Announcement - iSGTW on Holiday

Video of the Week - Learn about LiDAR


NeHC launches social media

PRACE announces third Tier-0 machine

iRODS 2011 User Group Meeting

Jobs in distributed computing


Enter your email address to subscribe to iSGTW.


 iSGTW Blog Watch

Keep up with the grid’s blogosphere

 Mark your calendar

December 2010

13-18, AGU Fall Meeting

14-16, UCC 2010

17, ICETI 2011 and ICSIT 2011

24, Abstract Submission deadline, EGI User Forum


January 2011

11, HPCS 2011 Submission Deadline

11, SPCloud 2011

22, ALENEX11

30 Jan – 3 Feb, ESCC/Internet2


February 2011

1 - 4, GlobusWorld '11

2, Lift 11

15 - 16, Cloudscape III

More calendar items . . .


FooterINFSOMEuropean CommissionDepartment of EnergyNational¬†Science¬†Foundation RSSHeadlines | Site Map