Analysis of Secure Mobile Grid Systems: A systematic approach
Introduction
The growing need to construct secure systems, mainly due to the new vulnerabilities derived from the use of the Internet and that of the applications distributed in heterogeneous environments, has encouraged the scientific community to demand a clear integration of security into development processes [4], [8], [26], [34], [42], [47]. In fact, for decades, the security community has carried out detailed research into specific areas of security, while largely ignoring the design process. A recurrent idea in the scientific community is that security aspects should not be blindly inserted into an IT-system, but that the overall system development should take security aspects into account. However, in reality most developers usually ignore security requirements and they are often retrofitted late in the design process or purposed separately from functional design [1], which typically leads to their applications having many security weaknesses [37]. It is intuitive that a better way to achieve secure software is to incorporate security into the software from the beginning of the development process [1], [47]. The identification of security aspects in the first stages ensures a more robust development and permits the security requirements to be perfectly coupled with the design and the rest of the system’s requirements. Requirements such as data confidentiality, encryption algorithms, communication protocols, encrypted messages, and delegation of credentials, are therefore specified in the analysis activity, and although some of them (such as communication protocols) are not completely detailed until the construction activity, they should be taken into account when designing the different models that make up the final product.
However, generic software development methodologies are not appropriate for the development of every kind of software system. For instance, generic development processes are sometimes used to develop Grid specific systems without taking into consideration either the subjacent technological environment or the special features and particularities of these specific systems. In fact, the majority of existing Grid applications have been built without a systematic development process and are based on ad hoc developments [11], [38]. Moreover, systems which are based on Grid Computing have clear differentiating features [38], which suggests the need for adapted development methodologies. These features are the following: (i) computing grids are hardware and software infrastructures that support secure sharing and concurrent access to distributed services by a large number of competing users from different Virtual Organizations, (ii) in the grid, the computing resources are autonomously managed at different locations in a distributed manner, (iii) the Grid is a large scale resource sharing a distributed computing environment that couples thousands of computers, storage systems, networks, scientific instruments and other devices distributed over heterogeneous wide area networks [16], [18], and (iv) security is a crucial aspect of Grid based systems. The lack of adequate development methods for this kind of systems has encouraged us to build a methodology with which to develop them, offering a detailed guide to analyze, design and implement them. Security is considered throughout these activities.
Mobile Computing is a generic term which describes the application of small, portable, and wireless computing and communication devices. Mobile Computing focuses on the necessity to provide access to information, communications and services everywhere, at anytime and by any available means. The technical solutions by which to achieve this are not always easy to implement [41]. Mobile Computing with networked information systems helps increase productivity and operational efficiency. This, however, comes at a price: Mobile Computing with networked information systems increases the risks to sensitive information supporting critical functions in the organization which are open to attack [60].
The Mobile Grid, which is relevant to both the Grid and Mobile Computing, is a full inheritor of the Grid with the additional feature that it supports mobile users and resources in a seamless, transparent, secure and efficient manner [24], [32], [41]. Grids and mobile Grids may be the ideal solution for many large scale applications since they are of a dynamic nature and necessitate transparency for users. The Grid will increase not only the job throughput and performance of the applications involved but also the utilization rate of resources by applying efficient resource management mechanisms to the vast amount of its resources [41].
Security has been a central issue in Grid Computing from the outset, and has been regarded as the most significant challenge for Grid Computing [27]. The characteristics of computational grids lead to security problems which are not completely addressed by existing security technologies for distributed systems [17], [63]. These security challenges are for example, among others, the need to establish security relationships between hundreds of processes that collectively span many administrative domains (rather than establishing security relationships between a client and a server) when parallel computations acquire multiple computational resources; the fact that an individual user will be associated with different local name spaces, credentials, or accounts, at different sites, for the purposes of accounting and access control; or that multiple security domains must be able to interoperate and communicate with different policies, mechanisms and protocols defined and used in each local domain that governs the resources that belongs to the Grid. However, the growing size and profile of the Grid now require comprehensive security solutions since these are critical to the success of the endeavour [39]. Security remains one of the fundamental barriers to the adoption of Grid Computing in a wider commercial context. Grid security is a prime concern and necessity of all stakeholders, including Resource Providers, Virtual Organizations and the End-users (participants), since the resources in a Grid are expensive and the tasks accomplished and information exchanged is confidential and sensitive. Grid security is hard to achieve as the resources are dynamic, heterogeneous, geographically located and under the control of multiple administrative domains [5]. Furthermore, security in the mobile platform is even more critical due to the open nature of wireless networks. In addition, security is more difficult to implement in a mobile platform due to the limitations of resources in these devices [6]. A Grid infrastructure that supports the participation of mobile nodes will thus play a significant role in the development of Grid Computing. We therefore focus our research on the systematic development of secure systems which are based on Mobile Grid Computing.
In this research we deal with a wide context which we would like to limit. Firstly, security is defined as a sub-factor of software quality [28] which represents the capability of a software product to protect the information and data so that unauthorized persons or systems cannot read or modify them and authorized persons or systems are not denied access to them. The provision of security to information systems can therefore be tackled through the definition of technical solutions (e.g. by defining communication protocols to ensure confidentiality and integrity, defining an access control technique, etc.), but also by defining new techniques, methods, processes and tools which will integrate security and software engineering solutions, to enable software developers to analyze, design, implement, test, and deploy secure software systems [47]. In this research, we deal with the second approach, that is to say, the integration of security with software engineering, rather than defining new technical solutions, at least in the analysis activity whose main goal is the definition of requirement models.
Our idea is to define a complete development methodology (including new models, activities, tasks, services security architecture, transformation rules between models, etc., if necessary) to improve the quality and security of Mobile Grid Computing based systems. A preliminary publication of the methodology has been presented in [55] in which we describe our general approach. [54] provides an informal presentation of the first steps of our methodology which consists of analyzing the security requirements of mobile grid systems directed by misuse cases and security use cases, and which is applied in an actual case study in [52] from which we obtain the security requirements for a specific application by following the steps described in our methodology. We have the gone onto elicit some common requirements of these kind of systems, and these have been specified to be reused through a UML-extension of use cases [53], [56].
In this paper, we advance in our methodology by defining the complete analysis activity (using SPEM 2.0 [48], one of the software process modelling standards), we define all tasks, integrate the new defined artifacts (focused on security and reuse), and allocate some of the most representative ideas of the security requirements engineering discipline [43], [44]. In the development of this methodology, we apply the action–research method [13] in order to incrementally improve and refine our approach, and we are currently applying this activity to an actual case study (which is being developed in a European project). Some of the most representative models are presented at the end of this paper.
The remainder of the paper is organized as follows: Section 2 presents related work. In Section 3 we propose the analysis activity and briefly summarize the proposed methodology, showing all the components of this activity. In Section 4, we apply the analysis activity to a real case. Finally, in Section 5, we put forward our conclusions and some research lines for our future work.
Section snippets
Related work
Any discussion of software development necessitates the mention of the Rational Unified Process (RUP). RUP [40] describes how to effectively deploy commercially proven approaches to software development for software development teams, although it does not specifically address security. One extension of the Unified Process is defined in [59], in which the authors present a methodology for the integration of security into software systems which it is called the Secure Unified Process (SUP). SUP
Analysis of Secure Mobile Grid Systems
Analysis focuses on ensuring that the system’s security and functional requirements are elicited, specified and modelled. In our approach, this activity is driven by use cases and supported by the reusable repository. This obtains, builds, defines and refines the use cases of the Secure Mobile Grid Systems which represent the functional and non-functional requirements of this kind of systems. A wide set of elements which are common to these systems are stored in the repository, as are secure
Case study
The GREDIA project [23] aims to develop a Grid application platform, providing high level support to the implementation of Grid business applications through a flexible graphical user interface. This platform will be generic in order to combine both existing and arising Grid middleware, and facilitate the provision of business services, which mainly demand access to and the sharing of large quantities of distributed annotated numerical and multimedia content. Furthermore, GREDIA will make it
Conclusions
The idea of developing software through systematic development processes to improve software quality is not new. Nevertheless, there are still many information systems such as those of Grid Computing which are not developed through methodologies adapted to their most differentiating features. That is to say, generic development processes are used to develop specific systems without taking into consideration either the subjacent technological environment or the special features and
Acknowledgments
This research is part of the following projects: QUASIMODO (PAC08-0157-0668) financed by the “Viceconsejería de Ciencia y Tecnología de la Junta de Comunidades de Castilla-La Mancha” (Spain), and ESFINGE (TIN2006-15175-C05-05) Granted by the “Dirección General de Investigación del Ministerio de Educación y Ciencia” (Spain). Special acknowledgment to GREDIA (FP6 34363 – Grid enabled access to rich media content) funded by European Commission.
References (65)
- et al.
Model-driven development for secure information systems
Information and Software Technology
(2009) - et al.
Designing secure databases
Information and Software Technology
(2005) - et al.
An aspect-oriented methodology for designing secure applications
Information and Software Technology
(2009) - et al.
A common criteria based security requirements engineering process for the development of secure information systems
Computer Standards & Interfaces
(2007) - et al.
An engineering process for developing secure data warehouses
Information and Software Technology
(2009) - C. Artelsmair, R. Wagner, Towards a security engineering process, in: The 7th World Multiconference on Systemics,...
- D. Basin, J. Doser, SecureUML: a UML-based modeling language for model-driven security, in: 5th International...
- et al.
Model driven security for process-oriented systems
- et al.
Security and survivability reasoning frameworks and architectural design tactics
SEI
(2004) - S. Bhanwar, S. Bawa, Securing a Grid, in World Academy of Science, Engineering and Technology,...