Skip to content
Site map |
Annotation and Assessment
    Contents and Rights
      Discovery and Access
        Data Collection, Monitoring and Quality Assurance
          Storage and Interoperability
          		  

          SI4: Secure transfer of data from sensors/instruments to repositories

          SI4 Report [PDF 1,236Kb]

          SI-4
          Source: This figure is a modified version of the original available at Globus Security

          Objectives

          The Grid data storage network will have a secure data access and transfer setup in place to meet the basic security requirements for the entire Grid network. The Grid network will have a secure data transfer mechanism in place for the following data transfer services:
          • Sensors/instruments to Grid
          • Intra-grid data communication e.g. primary to secondary storage
          • Users to grid communication and vice versa
          • Inter-grid data communication such as data delivery to collaborative partners outside the Grid network
          All Grid communication between the various distributed data storage units will follow a set of universally defined policies for the Grid infrastructure, which must not be violated by the Grid users at any given time. The data transfer service between the sensors/instruments and the Grid infrastructure will be secured for protection against eavesdropping and data tampering. An authenticated access channel will be setup for access of Grid data by authorized end users alone. The transfer of Grid data between the distributed storage units of the Grid will be authenticated and be held in confidence. The Globus Security Infrastructure (GSI) will be configured to meet the requirements of the DART Grid. As and where applicable, Public Key Certificates will be issued to verify the identities of Grid resources, and for ensuring confidentiality of all Grid data transactions. In addition, inter-realm single sign-on as a user convenience scheme will be facilitated using the Shibboleth framework. Further, the existing GSI setup will be integrated with Shibboleth to enable a cross boundary single sign-on facility provisioned to have a robust security framework in place for the Grid infrastructure. All Grid transactions will be monitored and logged for auditing purposes and/or event response handling purposes. Anomalous behaviour of legitimate users and intrusion attempts by adversaries from the external network will be monitored scrupulously as part of the Grid security framework.

          authentication
          Source: The Security Architecture for OpenGrid Services Available: OGSA Security Working Group