EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  <19951996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  <19951996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>

Subject: Security Toolkit
From: Ian Foster <[email protected]>
Date: Tue, 28 Feb 1995 19:10:25 -0600
Hi,

A number of us in the Mathematics and Computer Science Division at
Argonne are putting together a project to build secure versions of
popular parallel programming tools, including the standard Message
Passing Interface (MPI) library and the parallel languages Fortran M
and CC++.  These tools would incorporate both authentication on
process startup or connection, and the ability to ensure both the
integrity and confidentiality of data passed in messages.  The goal is
to make it relatively painless to use security mechanisms in high
performance distributed applications.

It seems to us that EPICS users and developers may both have a strong
need for security mechanisms, and a lot to teach us about security
requirements in large-scale distributed applications.  Hence, I would
be very interested to hear your thoughts on how you might use a secure
communications toolkit.  Ensuring integrity of control messages and
encrypting proprietary data seem obvious requirements.  However, you
doubtless have other perspectives.

Any thoughts would be greatly appreciated.  I would be happy to meet
with some of you if this seems useful, or to talk on the phone.

I enclose a brief summary of the project.

Thanks, Ian Foster.

---------------------------------------------------------------------

ZIPPER: A Secure Communications Toolkit for High Performance
NII Applications

Future DOE information infrastructure applications such as distributed
simulation, remote control of experiments and instruments, and
distributed collaborative work, all require and depend on the
availability of security mechanisms.  Indeed, without convenient
access to these mechanisms, many of the benefits expected to flow from
NII deployment will remain just dreams.  In particular, it will be
impossible to perform experiments or simulations involving proprietary
data, to put instruments safely online, or to use collaborative
environments for confidential discussions.

Unfortunately, while there has been considerable progress in the
development of security mechanisms for low-performance Internet
transactions, such as electronic mail and commerce, there has been
little work on applications that stress network performance, demanding
low latencies and/or high communication rates.  Nor has there been much
work on application programming interfaces to make it easy for users
writing distributed applications to incorporate security into their
codes.  In particular, there are no security-enhanced versions of
popular communication libraries and languages such as MPI and HPF.

These deficiencies will be addressed in the Zipper project. The
execution of a secure, high performance NII application can be viewed
as a four-stage process: resource discovery, authentication, protocol
selection, and communication.  The Zipper project will focus on the
problems of protocol selection and communication.  Resource discovery
and authentication will be addressed by providing interfaces to
mechanisms under development by various groups, in particular the
DOE's Distributed Computing Coordinating Committee (DCCC).  Protocol
selection and communication will be addressed by integrating existing
security technologies and communication libraries to provide a toolkit
for programmers developing secure, high-performance NII applications.

The Zipper toolkit will be based on the public-domain MPI and Nexus
libraries developed at Argonne.  Both libraries are used extensively
both directly and as compiler targets for languages like HPF.  Hence,
secure versions of these libraries will be familiar to programmers.
The toolkit will have a modular architecture, allowing different
security and privacy mechanism to be substituted without changes to
user-level interfaces.  Specialized protocols will be incorporated
designed for low-latency, high bandwidth communication.  In addition,
the toolkit will permit fine-grained control of security requirements,
for example allowing different security levels for control and data
streams, or over trusted and untrusted parts of a network.  As much as
possible, the programmer will be able to specify security policies,
letting the choice of mechanisms be made by the toolkit.

The toolkit will be deployed and evaluated in several testbed
environments.  At ANL and NERSC, it will be deployed on various
parallel computer systems and used to conduct experiments in secure
wide area computing.  And at ANL, it will be used in the Labspace
project, which is developing technologies for distributed
collaborative work.




Navigate by Date:
Prev: Re: How to use CVS to backup soft links ? Alan K Biocca
Next: [none given] Bill McDowell
Index: 1994  <19951996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: Re: How to use CVS to backup soft links ? Alan K Biocca
Next: R3.12 Environment Parameter system Andrew Johnson
Index: 1994  <19951996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 10 Aug 2010 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·