The unprecedented scale, heterogeneity, and varied usage patterns of grids pose significant technical challenges to any underlying file system that will support them. While grids present a host of new concerns for file access, we focus on two issues: performance and usability. We discuss the Legion I/O model and interface to address the latter area. We compare Legion and Globus I/O against a baseline to validate the efficiency of existent grid-based file access solutions. 1. Introduction The advent of high-speed networks coupled with a desire to harness more processing power and access immense data stores has lead to the possibility and necessity of federating such resources into computational grids [6, 7, 5]. The unprecedented scale, heterogeneity, and varied usage patterns of such grids pose significant technical challenges to any underlying file system that will support them. Many well-known distributed file system problems, such as security, scalability, performance, and usability...

Abstract. Computational Grids potentially offer cheap large-scale high-performance systems, but are a very challenging architecture, being heterogeneous, shared and hierarchical. Rather than requiring a programmer to explicitly manage this complex environment, we recommend using a high-level parallel functional language, like GpH, with largely automatic management of parallel coordination. We present GRID-GUM, an initial port of the distributed virtual shared-memory implementation of GpH for computational Grids. We show that, GRID-GUM delivers acceptable speedups on relatively low latency homogeneous and heterogeneous computational Grids. Moreover, we find that for heterogeneous computational Grids, load management limits performance. We present the initial design of GRID-GUM2, that incorporates new load management mechanisms that cheaply and effectively combine static and dynamic information to adapt to heterogeneous Grids. The mechanisms are evaluated by measuring four non-trivial programs with different parallel properties. The measurements show that the new mechanisms improve load distribution over the original implementation, reducing runtime by factors ranging from 17 % to 57%, and the greatest improvement is obtained for the most dynamic program.

Abstract not found

OF THE DISSERTATION ENGINEERING ACCESS CONTROL FOR DISTRIBUTED ENTERPRISE APPLICATIONS by Konstantin Beznosov Florida International University, 2000 Miami, Florida Professor Yi Deng, Major Professor Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains has to be fine-grain, support the use of application-specific factors in authorization decisions, as well as consistently and reliably enforce organization-wide authorization policies across enterprise applications. Because the existing middleware technologies do not provide a complete solution, application developers resort to embedding AC functionality in application systems. This coupling of AC functionality with application logic causes significant problems including tremendously difficult, costly and error prone development, integration, and overall ownership of application softwa...

This copy of the thesis has been supplied on the condition that anyone who consults it is understood to recognise that the copyright rests with its author and that no quotation from the thesis and no information derived from it may be published without the prior written consent of the author or the university (as may be appropriate). I hereby declare that the work presented in this the-sis was carried out by myself at Heriot-Watt University, Edinburgh, except where due acknowledgement is made, and has not been submitted for any other degree.

This paper discusses issues of engineering access control solutions in distributed applications for enterprise computing environments. It reviews application-level access control available in existing middleware technologies, discusses open problems in these technologies, and surveys research efforts to address the problems. Keywords: Software security, access control, authorization, distributed systems, software engineering, middleware. 3 1.

To date, grids (a form of distributed system) have been used to aggregate resources for performance-starved applications typically resulting from scientific enquiry. Grids should not just be facilitating advances in science and engineering; rather they should also be making an impact on our daily lives by enabling sophisticated applications such as new consumer services and support for homeland defense. For example, grids providing financial services should be seamlessly interconnected with grids that support telecommunications, and grids providing health care services should be seamlessly interconnected with both financial services and telecommunications. This is not possible today because the poor grid dependability---which is tolerated by scientific users---would be unacceptable in critical infrastructure applications. This project aims at correcting this problem by developing technology that will allow grids to be used to provide services upon which society can depend. Grids must be engineered both to achieve high dependability and to permit assurance that high dependability has been achieved.

: The domain of file system usage spans a wide range of geographic environments, usage scenarios, and security requirements. Existing file systems generally have been designed for a particular set of scenarios; however, no one system works well across all environments simultaneously. LegionFS is a file system infrastructure that allows multiple policies and implementations to co-exist in order to meet these diverse requirements. Key features of LegionFS include an extensible object model, strong and configurable security at its core, a peer-to-peer design in both its directory service and its file service, and a rich set of metadata to facilitate adaptive behavior. LegionFS can be accessed directly or through lnfsd, a user-level daemon designed to exploit UNIX file system calls and provide an interface between NFS and LegionFS. Scalability tests show that LegionFS and lnfsd experience a linear increase in aggregate throughput in accordance with the linear growth of the network, yieldin...

Abstract. Computational Grids potentially offer cheap large-scale high-performance systems, but are a very challenging architecture, being heterogeneous, shared and hierarchical. Rather than requiring a programmer to explicitly manage this complex environment, we recommend using a high-level parallel functional language, like GpH, with largely automatic management of parallel coordination. We present GRID-GUM, an initial port of the distributed virtual shared-memory implementation of GpH for computational Grids. We show that,GRID-GUM delivers acceptable speedups on relatively low latency homogeneous and heterogeneous computational Grids. Moreover, we find that for heterogeneous computational Grids, load management limits performance. We present the initial design ofGRID-GUM2, that incorporates new load management mechanisms that cheaply and effectively combine static and dynamic information to adapt to heterogeneous Grids. The mechanisms are evaluated by measuring four nontrivial programs with different parallel properties. The measurements show that the new mechanisms improve load distribution over the original implementation, reducing runtime by factors ranging from 17 % to 57%, and the greatest improvement is obtained for the most dynamic program. Key words. Parallel Computing, Programming Languages 1. Introduction. Hardware

Resource Access Decision (RAD) Service allows separation of authorization from application functionality in distributed application systems by providing a logically centralized authorization control mechanism. RAD has attractive features such as decoupling of authorization logic from application logic, simplicity, generality, flexibility, support for complex application level access control, and ease of policy administration in heterogeneous, distributed systems. However, there is a concern of performance penalty for obtaining authorization decisions from a possibly remote server on each application request. We describe our work in measuring run-time performance of a CORBA-based Application Authorization Service (CAAS), which is compliant with the OMG specification of Resource Access Decision Facility, and draw conclusions about performance considerations in implementation of RAD compliant authorization services. We identify factors, which affect overall run-time performance of the approach and suggest possible solutions.