Item Details

Accountability and Control of Process Creation in the Legion Metasystem

Humphrey, Marty; Knabe, Frederick; Ferrari, Adam; Grimshaw, Andrew
Humphrey, Marty
Knabe, Frederick
Ferrari, Adam
Grimshaw, Andrew
A metacomputing environment, or metasystem, is a collection of geographically separated resources (people, computers, devices, databases) connected by one or more high-speed networks. The distinguishing feature of a metasystem is middleware that facilitates viewing the collection of resources as a single virtual machine. The traditional requirements of security mechanisms and policies in a single physical host are exacerbated in a metasystem, as the physical resources of the metasystem exist in multiple administrative domains, each with different local security requirements. This paper illustrates how the Legion metasystem both accommodates and augments local security policies specifically with regard to process creation. For example, Legion configurations for local sites with different access control mechanisms such as standard UNIX mechanisms and Kerberos are compared. Through analysis of these configurations, the inherent security trade-offs in each design are derived. These results have practical importance to sites considering any future inclusion of local resources in a global virtual computer.
University of Virginia, Department of Computer Science, 1999
Published Date
Libra Open Repository
Logo for In CopyrightIn Copyright


Access Online