PoliGrid

The arising of grid platforms introduced inexpensive and highly available computing, storage and networking resources. Therefore, in a worldwide trend, institutions aggregate on virtual organizations, registering their resources to the grid and, in return, accessing a virtually limitless warehouse. This abundance allowed the emergence of innovative application and business models, delivering the solution to several large-scale problems, as is the case of data processing, storage and sharing in CERN´s Large Hadron Collider Project. Further innovations are expected in the near future, such as the availability of the economy grid in which resources are provided against some retribution. For example, a grid network-service provider may want to limit user network consumption to a certain amount per week (e.g., each user can use 10GB each week); additionally, the provider may want to reserve 10% of the capacity for its premium users. Another example would be the following: a user pays for a QoS (Quality of Service) agreement in a grid node; then, the node is obliged to provide 5 hours of CPU-time in the next 24 hours. The first example illustrates the need for resource usage history-based policies that allow the specification of rules based in events that occurred in the past. Other examples are: i) the chinese-wall security policy (which analyzes previous actions in order to authorize or not the current operation), and separation-of-duty related rules.

Several policy engines already support history-based semantics. However, they either provide limited expressiveness in policy rules or they neglect critical scalability issues: individual policy definitions are disregarded in storage and lookup implementations, thus ignoring the potential for important performance optimizations; furthermore, current engines neglect the periodic purging of irrelevant events from the history repository, inducing its uncontrolled growth and making policy evaluation unmanageable. The second example illustrates the need for obligation policies. Although it is sometimes possible to transform an obligation policy into a history based policy (i.e., based solely on past events), in many cases such approach is not possible: when the obliged action is causally dependent on the trigger action, this implies that the actions cannot be reversed in order to transform the obligation policy into a history-based one. Obligation-based policies enhance history-based rules with the possibility of enforcing that certain actions will be executed in the future. This is a necessary evolution because some semantics are either easier to express as obligations or cannot be specified using traditional authorization mechanisms. Currently, the absence of enforcement mechanisms for obligation-based policies also imposes the implementation of ad-hoc functional constraints.

Thus, there is a strong need for a flexible and efficient solution for the specification and enforcement of resource usage history-based policies. However, current grid platforms provide only simple primitives in their authorization modules. By restricting access control mechanisms to access control lists (ACLs) and role-based models (RBAC), they disregard powerful usage semantics, such as those which are history-based. The need to cope with several new usage models and the increased complexity in resource usage management is drawing system administrators into applying ad-hoc security and resource usage policy engines, introducing vulnerabilities in the security architecture. Higher-level policy languages allow administrators to demarcate themselves from implementation details, thus focusing in business rules definition. Moreover, we believe that the use of advanced policies, and more specifically history-based and obligation policies, provides a natural method for expressing and enforcing several grid usage patterns, such as fair resource consumption. As an example, we expect our system to support the following scenarios:

• A Scheduler wants to impose a tit-for-tat model in resource provisioning. Grid users start with some amount of pre-defined resource credits, but must share their resources in order to obtain further credits.
• A CPU-service provider wants to enforce usage limits to jobs submitted by users. Not only must the policy engine deny new submissions when the user has exceeded his quota, but also jobs must be cancelled if they exceed those limits while executing.

In this project proposal we will design and implement a distributed history-enabled policy engine for grid environments. It allows the definition, deployment and enforcement of several advanced policy patterns in a scalable, distributed and efficient manner. We will focus on two particular types of resource usage policies: history-based and obligation. They allow the inclusion of past and future events in the policy rules, enabling a natural definition of practical Grid resource usage models, and their subsequent enforcement.

The main objective of this project is to design a platform that supports the definition, deployment and enforcement of distributed history-based policies in a scalable and effective manner. In addition, we will provide a prototype implementation that proves the feasibility of the concept and evaluate its performance based on the simulation of selected grid usage scenarios. To achieve the above mentioned goal there are several challenges that must be addressed. As a matter of fact, in spite of being used for a number of applications, grid platforms still present a number of limitations in what concerns the enforcement of advanced usage models (see section on State of the Art). In this project we will address the following challenges: large number of users and distributed resources, resource heterogeneity, autonomous administrative domains, high volatility and support for multi-level usage policies.

Sponsoring bodies: FCT

Coordinator: Paulo Ferreira

Partners: INESC-ID

Homepage: N/A