A Vision for the Trust Managed Grid - IEEE Computer Society

A Vision for the Trust Managed Grid MUHAMMAD HANIF DURAD1, YUANDA CAO2 1, 2 Department of Computer Science and Engineering, Beijing Institute of Technology, Beijing, P.R. China 1 [email protected], [email protected]

Abstract Envisaging that the Grid related research in the captioned area is more influenced by similar research in P2P and Internet; hence an independent course needs to be adopted. The objectives of this paper are; a review and suggest some improvements in Grid related trust issues, recommend a complete Trust Management System (TMS) as a component of Grid and analyze how a TMS can influence Grid areas such as security, resource management and information services.

1. Introduction Grid computing paradigm is aimed at (a) providing flexible, secure, coordinated resource sharing among dynamic collections of individuals, institutions and resources, and (b) enabling communities (“virtual organizations” (VOs)) to share geographically distributed resources as they pursue common goals, assuming the absence of central location, central control and trust relationship among different entities [1],[2]. Foster et al. [1] proposed user based trust relationships “In order for a user to use resources from multiple providers together, the security system must not require each of the resource providers to cooperate or interact with each other in configuring the security environment. For example, if a user has the right to use sites A and B, the user should be able to use sites A and B together without requiring that A’s and B’s security administrators interact”. But C. Dwan [3] suggested that “The Biggest Barrier to the Grid” as “Trust is the single largest issue to be overcome in a distributed or Grid computing environment. When computational resources are locally owned and operated, it is very easy to determine who is responsible for authorizing

their use. In a distributed environment, particularly in under of the more extreme visions listed above, authorizing users to certain resources and authenticating them as they come and go remains a challenge. Trust relationships must be built at a variety of levels, from collaborations between individuals who might share data, to national relationships and corporate alliances.” Foster et al. [4] recommended “Distance visualization brings together users and resource providers that may not trust each other or even have strong prior trust relationships. Mechanisms are required for establishing identity, for controlling who can use what resources when, and for protecting the integrity and confidentiality of data”. GSI roadmap [5] has analyzed a variety of security standards including Kerberos, SSL / TLS etc. exist, but none address the entire requirements for the Grid. GSI [6] has been widely adopted as the core component of Grid applications, GSI which provides a basic secure and reliable Grid computing environment. In larger and intercontinental Grids practically it becomes impossible to agree on a single reliable CA because it lacks ability to tackle the problems related to uncertainty. Security decisions are currently hard-coded in Grid applications, which add complexity to the application and the inability to adapt to changes in trust and lack of flexibility when setting up new relationships. A separation of the application’s intent and its security will offer a more scalable and flexible solution for the Grid. It is believed that the “trust management” is the only solution to the above cited problems. We think now it is time to remove Dwan’s [3] biggest barrier to the Grid. Now a days, trust decisions are based on a socially controlled user based models for resolving distance visualization problems. As service provider can be more confident about integrity and protection of his resources. Earlier trust management systems

Proceedings of the Sixth IEEE International Symposium on Cluster Computing and the Grid Workshops (CCGRIDW'06) 0-7695-2585-7/06 $20.00 © 2006 IEEE

have been merely used for authorization, but according to our opinion they may have much wider applications in Grid environment. Trust management not only enhances security but the areas such as resource management and information services can also be benefited even if Grid Service concept is implemented [7]. The rest of this paper is structured as follows: section 2 distinguishes between trust and security since there is great confusion in this regard, section 3 describes the research work in the related area, and in section 4 trust and reputation are differentiated with short discussion on characteristics and dynamicity of trust. In section 5 we suggest our network-based trust classification; section 6 distinguishes Grid and P2P trust, while section 7 gives an overview of trust evaluation, propagation and negotiation. In section 8 we propose Grid trust parameters, and trust metrics. In section 9, our proposed architecture for Grid Trust Management System is depicted; in section 10 we examine the impacts of trust management on Grid administration. Finally section 11 concludes the paper.

2. Trust and Security Trust and security are not the same areas in the domain of e-Commerce and Grid. Unfortunately trust is sometimes confused with PKI (Public key Infrastructure). Trust models in PKI or ACL in access control systems are called objective trust models, where the objects specify strict trust relationship between entities. But they occupy much system resource and are not flexible as expected. If such system collapses, damage can’t be controlled. For these unconquerable problems of objective trust models, subjective trust as a new area and research field has gained momentum. Distributed network, ubiquitous, mobile computing, and rating systems for online communities, where maintenance of explicit certification authorities is not feasible anymore, have raised the research interest in subjective trust models. Subjective trust model describes the trust relationship between two entities as similar as the relationship in social network and defines trust relationship in a much proper way. Subjective trust model only bring light load and can adapt to flexible network environment. Most of the existing systems follow the approach of binary trust (Yes/No) values, which restricts the expression of trust to a certain degree (trusted or nontrusted). No previous interaction histories are evaluated. In terms of calculation, this is a non-

calculative trust. The binary trust model fails to reflect well the real situation in security. Trust assessment may not be static. It may depend on environmental context, amount of referral from other trusted parties and the task being performed. From the above discussion reader can conclude that the security and trust are two distinct concepts. Security can be used to support trust by providing a secure trusted environment, network and communication so that the trusted computation can take place. However, building trust in Grid environments also helps to reduce aspects of Security Risks.

3. Related Work The problems of managing trust in Grid environments are discussed by Azzedin and Maheswaran [8]-[10]. They define the notion of trust as consisting of identity trust and behavior trust. They separate the “Grid domain” into a “Client domain” and a “resource domain”, and the way they calculate trust is limited in terms of computational scalability, because they try to consider all domains in the network; as the number of domains grows, the computational overhead grows as well. Hwang et al. [11] and Sobolewski [12] try to build trust and security models for Grid environments, using trust metrics based on e-business criteria. Alunkal et al. [13] propose to build an infrastructure called “Grid Eigentrust” using a hierarchical model in which entities are connected to institutions which then form a VO. They conclude with the realization of a “Reputation Service”, however, without providing mechanisms that automatically can update trust values. Papalilo and Freisleben [14] has proposed a Bayesian based Trust model for Grid but the suggested metrics cover only limited trust aspects in practical Grid. TieYan et al. [15] consider trust only to improve the Grid Security Infrastructure (GSI) to achieve additional authentication means between Grid users and Grid services. Ching et al. [16] use the concepts of the subjective logic in the context of Grid computing using trust relationships to enhance the Grid security.

4. Trust and Reputation Terminology 4.1. Definition of Trust and Reputation Trust is a complex subject relating to belief in the honesty, truthfulness, competence, reliability, etc. of


the trusted entity or service. In literature there is no consensus upon the definition but a more realistic definition of trust according to [8] is as follows: “Trust is the firm belief in the competence of an entity to act as expected such that this firm belief is not a fixed value associated with the entity but rather it is subject to the entity’s behavior and applies only within a specific context at a given time.” When making trust-based decisions, entities can rely on others for information pertaining to a specific entity. So reputation is means of finding trustworthy entity. According to [8] reputation can be defined as follows: “The reputation of an entity is an expectation of its behavior based on other entities’ observations or information about the entity’s past behavior within a specific context at a given time.” Reputation plays a pivotal role in the process of establishing trust between communicating entities. If the two entities have previously interacted with each other, then they know the trustworthiness of each other. So it is the backbone of any trust based network. It is worth mentioning that the reputation and trust may be synonymous in this paper

4.2. Trust Characteristics Fortunately there is consensus on the general characteristics of trust [17], we think equally valid for Grid networks. We just state these for the sake of completeness. May be one-to-one, one-to-many, many-to-many, and many-to-one Trust relationships are not transitive. However they may be conditionally transitive Trust is dynamic with reference to time (space, spot and slot) [18]

5. Network-Based Trust Classification We divide trust networks into two categories as:

5.1. Open Trust Network The network which allows users to communicate without any prior arrangements such as contractual agreement or organization membership. P2P, Ad-hoc networks and Internet are examples of such networks.

5.2. Close Trust Network

The networks which only allow users to communicate where prior arrangements such as contractual agreement or organization membership are required. Grids, Clusters etc. are examples of such networks.

6. Grid Trust Differentiation Keeping in view above classification even if the OGSA service concept is implemented [7], we believe there are environmental differences between open and closed trust networks as: The communicating entities in Grid will have more acquaintance then in open networks. So the deception detection is not critical issue in Grid. The usage of Grid networks is more inclined towards computation where as open networks are used for E-commerce and file sharing (except data virtualization). Unfair ratings and reputation filtering are serious problem only in open networks. Risk management in open networks is more difficult than Grids because there are few participants in Grid. Keeping anonymity or pseudonym implemented through third party in open systems is preferable for supporting privacy; it may not be required in Grid. From above observations it is clear that the Grid trust is simple to handle than open networks. It is also shows that there must be difference between Grid and open network trust implications. This dictates the Grid trust parameters are also different form open networks.

7. Areas of Trust Research Systems for trust management constitute essential parts of actual access and resource control systems. Typical instances are described here few without reference: Many trust models in the literature are based upon Domain Theory, Subjective Logic, Dempster-Shafer’s (D-S) Theory, Eigen Value Theory [13], Cloud Theory, Neural Networks, Fuzzy Logic and many more have been presented. Probabilistic models has been used for reputation calculation using Bayesian Theory, Markov Chains, Partially Observable Markov Decision Process and many other techniques has been implemented.


Many practical systems such as Amazon, BizRate, e-Bay, OnSale Exchange, Epinions and many are working successfully. Hence existing trust management infrastructure in P2P and Internet is well established to solve the major problems related to Grid trust. Now we turn to three major areas of trust; evaluation, propagation and negotiation, then discuss the Grid related trust issues.

7.1. Trust Evaluation The trust evaluation can aid in making the security decision in the face of uncertainty in an open Grid operation. Trust evaluation has always been a challenge for online communities. Most of the research focuses on P2P and Internet. Many statistical and mathematical techniques have been used for trust evaluation in Open networks may be also be applied to Grids. Though there are other uncertainties involved especially related to computational trust (refer section 8.1). Some individual components of trust may be evaluated heuristically, mathematically or statistically depending upon formulation. We can write the total trust ( T .T ) as.

T .T

¦ D iTi

where

D i is weight factor for each type of trust Ti are the individual trust parameters (again refer section 8.1) Here selection and interpretation of value D i is a system and environment dependent, while calculating total trust the local and global trust values must be taken into account.

7.2. Trust Propagation Propagation and dissemination of trust is the key component for the success of any reputation based system. Most of the current trust models for P2P focus on quantification of trust. While the propagation and combination of trust attracts less investigation. Current trust models adopt various uncertainty inference disciplines to solve the problems in trust propagation. The main methods are weighting scheme and Dempster-Shafer (D-S) theory. Guha et al. [19]proposed an algorithm of trust propagation based on weighted average method. They assumed trust values in propagation had specific weights. Bin Yu et al. [20]proposed a trust propagation model based on D-S theory.

Audun et al. [21] has discussed problems such as biased positive rating, unfair ratings, quality variations over time and discriminations in practical and academic reputation systems; we consider these problems not too relevant to Grids. Even some entities may be reluctant to disclose realistic negative reputation feedbacks in P2P; we believe such feedbacks can be used to improve QoS by service providers since there is more confidence among Grid entities. Some confusion still exists in literature regarding the propagation of trust in network the trust information should be disseminated either in network or application layer. We suggest now the researchers must agree that “trust propagation” ought to be handled at application layer using XML based technologies or through some messaging mechanism in Web Service Grid. Only Hwang et al. [11] has discussed the problem of propagation of trust in Grid computing using PKI based trust model. This model is suitable only for investigating Identity trust by GSI. So the propagation issues must be refined keeping in view Grid requirements and must be managed through TMS.

7.3. Trust Negotiation Trust negotiation is an approach for establishing trust between strangers through the exchange of digital credentials and the use of access control policies that specify what combinations of credentials a stranger must disclose in order to gain access to each local service or credential. J. Basney et al. [22] have explained how the mutual authentication can be simplified while interacting through Grid Globus Resource Allocation Manager (GRAM). They explain that the user has to perform seven or more rounds of mutual authentication with resources. All except the initial round use proxy certificate that he gives to his job, with no additional effort on his part. As a Grid grows larger and jobs become more complex, seamless authorization and authentication becomes harder to provide. In Grids, one already sees disagreement about which issuers of identity certificates can be trusted at different sites, so the user ends up with multiple X.509 identity certificates issued by different authorities. Another reason why identity certificates and local accounts cannot be the basis for authorization decisions in a large-scale Grid is that a single job may access resources with many different owners with different trust requirements, and users cannot be


expected to obtain and keep track of all the associated certificates and private keys—they need software to automate the process. Nor can resource owners have a local account in place for every potential user or keep track of all the relevant changes in users’ qualifications, such as group memberships. We have already seen that new authorization certificates starting to be available on Grids (PRIMA [23], VOMS [24], CAS [25], and X.509 attribute certificates, which allow authorities to attest to properties other than identity, as mentioned above). The need for software to manage these certificates on users’ behalf has been noted, and in response software such as MyProxy [26], a certificate wallet for Grid users, has been developed. We believe that the only solution to problems discussed in previous paragraphs is to have trust management system which can handle the problems related to trust delegation and authentication. WSSecurity family of specifications addresses a range of issues relating to authentication, authorization, policy representation, and trust negotiation in a Web services context may be a solution for OGSA based Grid, but still this implementation need trust negotiation component for Grid [27]. Even SAML (Secure Access Markup Language) [28] and XACML (eXtensible Access Control Markup Language) draft specifications [29] say mechanism for trust establishment are outside the scope of their specifications. Our suggested solution will ultimately give the final right of trust negotiation to service provider.

8. Grid Trust Evaluation

The trust evaluation is the key component for successful operation of a Grid, but unfortunately the presented trust parameters in existing literature don’t cover all aspects of Grid trust. Here we list trust parameters and suggest metrics for valuation of trust in Grid.

8.1. Typology of Grid Trust Parameters Although the quantitative measurement of Grid trust cannot be adequately performed, after carefully analyzing the existing suggestions, we recommend several parameters for trust quantification: Identity Trust: It is concerned with verifying the authenticity of an entity and determining the authorizations. We deem that its verification is responsibility of Grid authentication and authorization system not TMS [8]. Computational Trust: Grid computing provides a mechanism for users to discover, select and utilize remote resources. Although most existing Grids are fairly localized, the Grid visions to allow global resource sharing, where resources charge users for executing their tasks. Resources are heterogeneous, geographically distributed and locally controlled, and have specific individual capabilities in terms of their processing power (CPU, printing etc.), processor architecture (RISC/CISC etc.), memory requirements, processing cost (reserving SMP machine could be more expensive than a uniprocessor), network characteristics (e.g. transmission speed, bandwidth etc.) are factors for evaluating computational trust. This type of trust is illustrated in figure 1.

Computational Trust

Processing Power

Processing cost

Processing Architecture

Memory

Figure 1 Showing computational trust factors


Network Characteris

Execution Trust: It is the belief that a resource provider node will faithfully execute a user code and complete the job request (This trust is required for achieving the security for the user) [16]. Code Trust: It is the belief that a resource provider node has in a user in deploying benevolent and competent user code (this trust is required for resource provider protection [16]. Group Trust: It is sort of community trust developed between entities from different organizations. Behavior Trust: It judges users trust levels by their history and present behavior, then according to these, user’s access rights are confirmed dynamically [30]. Provider’s Trust: It measures whether a service provider can provide trustworthy services. The quality of service is the main concern in this case. It is some sort of institution trust. The usage is similar to resource trust. Provider may revoke trust in timely fashion [31]. Reference Trust: It refers to the entity making recommendations or sharing the trust values. It measures whether an entity can provide reliable recommendations. It emphasizes the similarity in preferences and ways of judging issues between two entities [31]. Experience-based Trust: Naturally fits the Grid context. Users interact with resources and infer trust based on their experiences and, over time, improve their trust models [32]. User’s Trust: Measures whether a service provider is willing to offer his services to a user. He may consider for example the previous payment record for particular user. Delegation Trust: It describes trust in an entity that acts and makes decision on behalf of the relying party. It is very important to achieve independence between security and application, or as even multiple resources may be owned by different organizations in Grid

8.2. Grid Trust Metrics The meaning of "trust metric" is to measure the level of trust. Trust metrics can be classified simply into two categories: quantitative and qualitative. After an extensive study of trust metrics for P2P networks, we believe that seven levels of trust suggested by Hussain et al. [33] are equally applicable to Grid networks correlating above two categories. They have explained how trustworthiness can be assigned through an interaction. Furthermore

they have elaborated how to calculate the trustworthiness. Their proposal needs to be further investigated and standardized for Grid environment. They suggested the following metrics for evaluation as shown in table 1: Table 1 Suggested trust metrics for Grid Trustworthiness Level 0 1 2 3

Semantics Ignorance Completely Untrustworthy Untrustworthy Minimally Trustworthy

4 5 6

Partially Trustworthy Trustworthy Completely Trustworthy

9. Grid Trust Management System Trust management (TM) is collecting, codifying, analyzing, and evaluating evidence relating to competence, honesty, security, or dependability with the purpose of making assessments and decisions regarding trust relationships [34]. Trust management systems (TMS) must support analysis of trust and recommendation specifications to detect conflicts and inconsistencies and support trust queries related to decision making. We believe that the trust management system has a wider role in Grid environment as: It can help automate security decisions rather than replacing the existing Grid Security Infrastructure. It has broader scope for interaction and it may impact the whole Grid administration. The implementation TMS should have minimal overhead in terms of computation, infrastructure, storage, and complexity as in Grids, the data needed for the operation of TMS is already available through other services We elaborate the role of TMS using figure 2 presented in [35] with much wider context here.

9.1. Grid TMS Architecture We propose the five components for a Grid TMS as shown in figure 3. The tentative function of each component is explained below 9.1.1. Trust Collecting Component (TCC) This component is responsible for collecting reputation and trust values from different domains. They will include some local or global partners. It may use


some standard network utilities such as PINGER, NWS, PIPECHAR, IPERF, NETPERF, TRACEROUTE and NIMI etc. to probe network characteristics for computational trust calculations. It can use some cache technology to maintain trust

information for fast operations. It also provides feedback through trust propagating component to respond queries form clients and servers (to be explained in implementation note later).

Grid Resource Management Service Grid Security Service Grid Information Management Service

Grid Trust Management Service

Grid XXXXXX Service

Figure 2 Basic trust management Service

Trust Collecting Component

Trust Negotiating Component

Trust Monitoring Component

Trust Propagating Component

Trust Evaluation Component

Figure 3 Components of Grid trust management

9.1.2. Trust Evaluation Component (TEC). Since reputation evidences collected might be correlated, outdated or even forged, it is necessary to perform a thorough analysis before aggregation and classification. Trust evaluation component is just in charge of such jobs. Evaluating trust is the most difficult job. It may implements trust calculation algorithms. This component may use statistical or mathematical techniques depending upon implementation.

9.1.3. Trust Monitoring Component (TMC). Trust monitoring and trust re-evaluation is very important for implementation of TMS. Most of trust management solutions assume that trust is a static concept and therefore does not require monitoring or (periodic) re-evaluation. It involves updating or adding new information. Existing solutions Policy Maker, KeyNote, REFREE and Trust Builder don’t consider re-evaluation. As stated earlier the trust is dynamic in the real world as it changes with time. Trust monitoring ensures to reduce the risks involved.


9.1.4. Trust Negotiation Component (TNC) A trust negotiation is the most complex mechanism, where the two parties need to open the respective authentication policy to each other and exchange

their required credentials. It is valuable for initial trust establishment for two strangers. The suggested components for this system are shown in figure 4 below.

Contact Negotiator

Policy Repository

Contract Validator

Contract Repository

Figure 4 Components of trust negotiation service

9.1.4.1 Contact Negotiator This component together with policy repository is supplied for trust negotiation. It will use some XML based trust policy language 9.1.4.2 Policy Repository. It is supplied for describing the overall Grid. It also provides a credential conversion service. It specifies the policies such as urgent time, non availability of resources etc. 9.1.4.3 Contract Repository It is supplied for describing overall Grid. It specifies the policies such as urgent time, non availability of resources etc. 9.1.4.4 Contract validator This component together with other Grid services such as Grid Job Management Service, Grid Security Service and so on is responsible for validating and tracking contract fulfilment. This is also an enhancement to detect reputation deception. If a participant misses its reporting deadline Contract Validation component will look into this event and re-evaluate the two participants’ reputation. Finally it submits its report to trust propagating and other relevant components of the Grid. 9.1.5. Trust Propagation Component (TPC) The objective of this component is to exchange and disseminates trust information to keep the latest information regarding reputation

9.2. Implementation Note

Our trust management system (TMS) software will be divided into two parts as: 9.2.1. Trust Management Client It is the software which only utilizes the trust information to achieve the trust management objectives. Implemented by end user and has the final authority to share resources. 9.2.2. Trust Management Server It is the software which implements complete functionality of TMS. It may also implement some brokering mechanism between two clients. We point out again that our TMS implementation will not create system overheads as the information needed for the operation of this service is generally available in various operating systems (e.g. log files). Reputation information can be shared between client and server through some “push” and “pull” mechanism.

10. Trust Impacts Administration

on

Grid

As stated earlier trust can influence the overall Grid and its effects may be much wider than listed

10.1. Grid Security As explained previously the security and trust are two distinct concepts. In literature trust has been sometimes termed as “soft security” and can implement sophisticated security decisions. So the TMS will not replace GSI, it only assist it to provide more refined and rational choices for Grid security. A TCC can get data through some post-mortem analysis


performed by IDS (intrusion detection system). For example a user has gone to places out of allocated boundary in Grid, so depending on the level of violation his trust level may be decreased and even it can result in severe action such as Certificate Cancellation Notices (CCN) in SPKI [36].We conclude that Trust can provide improved flexibility and scalability for security operations. In other words trust can offer QoP (Quality of protection) for Grid security.

10.2. Resource Management Azzedin and Maheswaran [8]-[10] first time introduced the concept of Trust Aware Resource Management; they implemented trust to some heuristic based scheduling algorithms for improved performance. Though it may be difficult to realize in practical Grid but it paved the way for future research in this direction. The mutual trust between the service user and service provider can indirectly result in better resource management. For example consider a user. Consumed more resource then requested Left the data behind and did not perform “garbage collection” Instantiated the tasks, he was not supposed to. Such violation can be detected by auditing data (like system accounting in Solaris). So determining the degree of violation the user trust may be lowered, which will result in superior resource management and scheduling. Trust aware resource management can result in efficient scheduling, in other words trust can offer QoS (Quality of Service) at application layer in Grid like Differentiated and Integrated Service at no cost provided some realistic trust evaluations are made.

10.3. Grid Information Service The Grid Information Service (GIS) maintains information about people, software, service and hardware that participate in a Grid and more generally in virtual organization (VO). This wide correlated set of static information is available upon request. In a typical Grid scenario users are interested in identifying possible candidate resources through meta information that is obtained from directories, databases, or registries. However, the current generation of Grid information services provides only the most elementary information to guide a more sophisticated quality of service based resource

selection process. The Globus Monitoring & Directory Service (MDS) provides a limited set of information about Grid resources including static and possibly dynamic properties [37]. In many cases the information returned by this service is costly to obtain, inaccurate or outdated, and does not integrate a resource selection service. Additionally, we often lack information in regards to a metric that provides information about the quality of the provided entities similar to an Internet shopping site, which classifies included items while augmenting them with information in regards to functionality, appearance, availability, and price, but also appreciations by its shoppers. Furthermore, the sporadic nature of the Grid and its measured values and the possibility to integrate ad hoc services in a Grid environment of which no historical data is available poses a severe limitation on prediction services. Information producers may wish to restrict who has access to specific pieces of information based on the requestor’s identify, affiliation, type of information requested, or other factors. Thus we must have robust authentication and authorization mechanisms that information owners will trust [38]. We believe that trust is the only solution for improving the GIS as An automated resource discovery based on reputation for information about resource availability at any time. Dynamic information gathering through a TMS framework while including information about resource availability, global reputation, and the ranking based on reputation. Usage policy frameworks for service users and providers as well as users to enable fine-grained quality of service Hence in this way trust can be an alternative reliable GIS service.

11. Discussion, Research Issues and Future Work We believe that the trust management in Grid has not been explored properly. According to our information we did not find any literature which points out the impact of trust on Grid as whole. Firstly the suggested trust parameters were usually influenced by the research P2P and Internet or even by simulation test bed, which of course shares similarities but still having differences. We believe our list of suggested parameters provides a realistic and practical view of a Grid.


Secondly we have suggested a complete Trust Management System Architecture for Grid and discussed its implementation issues. We are sure it will have minimal overhead in terms of computation, infrastructure, storage, and complexity Thirdly we discuss impact of trust on Grid administration specifically on Grid Security, Resource management and Grid Information Service (GIS). There exists no literature embarking such a clear view as we purposed. In future our intention is to implement the suggested Trust Management System Architecture along with the application of trust evaluation parameters to prove the effectiveness of our proposed model.

12. References [1] Foster, I., Kesselman C., Tuecke, S., “The Anatomy of the Grid: Enabling Scalable Virtual organizations,” International J. Supercomputer Applications 2001. [2] Foster, I., Kesselman. C., Nick, J.M., Tuecke, S., “The Physiology of the Grid: An Open Grid Services Architecture for Distributed Systems Integration”, Open Grid Service Infrastructure WG, Global Grid Forum 2002. [3] Christopher Dwan, “Perspectives on Grid Computing” November 2003 available online http://chris.dwan.org/machine/Grid.pdf. [4] Foster I., Insley J., Von Laszewski G., Carl Kesselman, and Thiebaux M., “Distance Visualization: Data Exploration on the Grid”, IEEE Computer Society Press, December 1999, pp. 36-43.

[9] Azzedin, F., Maheswaran, M., “Towards Trust-Aware Resource Management in Grid Computing Systems”, Second IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID), Berlin, Germany. IEEE Computer Society 2002, pp 452–457. [10] Azzedin, F., Maheswaran, M., “Integrating Trust into Grid Resource Management Systems”, International Conference on Parallel Processing, Vancouver, B.C., Canada. The International Association for Computers and Communications. IEEE Computer Society Press 2002, pp 47–54. [11] Hwang, K., Tanachaiwiwat, S., “Trust Models and NetShield Architecture for Securing Grid Computing” Journal of Grid Computing 2003. [12] Goel, S., Sobolewski, M., “Trust and Security in Enterprise Grid Computing Environment” Proceedings of the IASTED International Conference on Communication, Network and Information Security, New York, USA 2003. [13] Alunkal, B., Veljkovic, I., von Laszewski, G., “Reputation-Based Grid Resource Selection”, Workshop on Adaptive Grid Middleware (AgridM), New Orleans, Louisiana, USA 2003. [14] Papalilo E. and Freisleben B., “Towards a Flexible Trust Model for Grid Environments” GSEM 2004, LNCS 3270 Springer-Verlag Berlin Heidelberg 2004, pp. 94–106. [15] Tie-Yan L., HuaFei Z., and Kwok-Yan L., “A Novel Two-Level Trust Model for Grid”, ICICS 2003, LNCS 2836 Springer-Verlag Berlin Heidelberg 2003, pp. 214–225.

[5] S. Tuecke, “Grid Security Infrastructure (GSI) Roadmap” GGF draft-gridforum-gsi-roadmap-02.doc

[16] Ching L., Vijay V. and Yan W. Vineet P., “Enhancing Grid Security with Trust Management”, Proceedings of the 2004 IEEE International Conference on Services Computing (SCC’04).

[6] Foster, C. Kesselman, G. Tsudik, S. Tuecke, “A Security Architecture for Computational Grids” Proc. 5th ACM Conference on Computer and Communications Security Conference, 1998, pp. 8392.

[17] Grandison, T., Sloman, M., “A Survey of Trust in Internet Applications”, Vol. 3, Number 4 of IEEE Communications Surveys & Tutorials 2000.

[7] “Grid Service Specification V1.0. Open Grid Service Infrastructure”, WG, Global Grid Forum, Draft 29, 5/4/2003. [8] Azzedin, F., Maheswaran, M., “Evolving and Managing Trust in Grid Computing Systems”, Conference on Electrical and Computer Engineering, Canada. IEEE Computer Society Press 2002, pp1424– 1429.

[18] S. Staab, T. Dillon, V. Kashyap, W. Nejdl, M. Sloman, M. Winslett, “The pudding of trust”, IEEE Intelligent Systems, Trends & Controversies, 19(5), Sep/Oct 2004 [19] R. Guha, R. Kumar, P. Raghavan, “Propagation of trust and distrust”, WWW2004. May 17-22, 2004. [20] B. Yu, P. Munindar. “An evidential model of distributed reputation management”, AAMAS02. July 15-19, 2002.


[21] A. Jøsang, R. Ismail, and C. Boyd, “A Survey of Trust and Reputation Systems for Online Service Provision (to appear)”, Decision Support Systems, 2005 [22] J. Basney, W. Nejdl, D. Olmedilla , V. Welch , and M. Winslett, “Negotiating Trust on the Grid”, Proc. 2nd Workshop Semantics in Peerto-Peer and Grid Computing, 2004. [23] M. Lorch, D. Adams, D. Kafura, M. Koneni, A. Rathi, and S. Shah, “The PRIMA system for privilege management, authorization and enforcement in Grid environments”, 4th Int. Workshop on Grid Computing - Grid, Phoenix, AZ, USA, Nov. 2003. [24] R. Alfieri, R. Cecchini, V. Ciaschini, L. dell’Agnello, A. Frohner, A. Gianoli, K. L˝orentey, and F. Spataro, “VOMS: An authorization system for virtual organizations”, Proceedings of the 1st European across Grids Conference, Santiago de Compostela, Feb. 2003. [25] L. Pearlman, C. Kesselman, V.Welch, I. Foster, and S. Tuecke, “The community authorization service: Status and future”, Proceedings of the Conference for Computing in High Energy and Nuclear Physics, La Jolla, California, USA, Mar. 2003. [26] B Jim, H. Marty, and W. Von, “An online credential repository for the Grid: MyProxy”, Software-Practice and Experience John Wiley and Sons, Ltd 2005.

[33] F. K. Hussain, E. Chang, T. S. Dillon, "Trustworthiness and CCCI metrics in P2P communication", International Journal of Computer System Science and Engineering, Volume-19(2), 2004. [34] T. Grandison and M. Sloman, “rust Management Tools for Internet Applications”, 1st Int’l Conf. Trust Management. LNCS 2692, Springer-Verlag, 2003, pp. 91–107. [35] X Qu, N Xiao, G Xiang, XJ Yang, “Reputation-Aware Contract-Supervised Grid Computing”, GCC 2004 Workshops, LNCS 3252, Springer-Verlag Berlin Heidelberg, pp. 44–51, 2004. [36] “Simple public key infrastructure [SPKI]”, Internet Engineering Task Force. [37] G. von Laszewski, S. Fitzgerald, I. Foster, C. Kesselman, W. Smith, and S. Tuecke, “A Directory Service for Configuring High-Performance Distributed Computations”, 6th IEEE Symposium on High-Performance Distributed Computing, 5-8 Aug. 1997, pp. 365–375. [38] K. Czajkowski, S. Fitzgerald, I. Foster, C. Kesselman, “Grid Information Services for Distributed Resource Sharing”, 10th IEEE Symp. On High Performance Distributed Computing, 2001.

[27] J. Rosenberg, D.Remy, Securing Web Services with WS-Security, SAMS, 2004. [28] “Open Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0” OASIS, 2004. [29] “eXtensible Access Control Markup Language (XACML) Committee Specification 1.0 (Revision 1)”, OASIS, 12 December 2002. [30] G. Xiaolin, X.Bing, L.Yinan, Q.Depei, “A Grid Security Infrastructure Based on Behaviors and Trusts” GCC 2004 Workshops, LNCS 3252 pp. 482– 489, Springer-Verlag Berlin Heidelberg, 2004. [31] Wang, Y., Vassileva, J., “Bayesian Network-Based Trust Model”, Web Intelligence, Halifax Canada, 2003, pp 372-378. [32] G. Nathan, C. Kuo-Ming, “Experience-Based Trust: Enabling Effective Resource Selection in a Grid Environment”, iTrust 2005, LNCS 3477, SpringerVerlag Berlin Heidelberg 2005, pp. 240–255.
