Resumen de Development process for secure mobile grid systems

David García Rosado

• Grid computing arises as an evolution of distributed systems mainly focused on the sharing and remote access to resources in a uniform, transparent, secure, efficient and reliable way, It is a new computation paradigm, a shared model that allows not only communication and storage but also information processing throughout the world. Although it was first used in the research and academic fields, Grid computing has rapidly emerged as the method used by corporate enterprises to collaborate, share data and software, store more information than the existing nets and access huge amounts of processing capability at lower cost for them. Security is considered a very important factor for the development of this kind of applications because resources are shared between organizations; expensive resources that can be from computers and other hardware facilities to potentially valuable, sensitive, and confidential data files that must be protected.

  Other of the technologies that has evolved and developed more in the last years is the wireless technology and mobile devices that allow us to access the net services from anywhere at any time. We could think about the possibility of joining these two technologies, Grid technology and mobile technology, giving place to one of the most promising technologies and developments of the last years, enriching one another and providing new solutions that solve many of the limitations and problems found in the different technologies. Thus, on the one hand, mobile devices offer the Grid their limited resources, but millions of them in anywhere at any time and on the other hand, the Grid offers mobile users its services to complete their tasks in a simple and fast way.

  However, this union adds more difficulties at the time of achieving security in these systems mainly due to the open nature of wireless nets and the limitations of mobile devices.

  Security is a very important factor in Mobile Grid Computing and for that reason, there are different infrastructures developed to incorporate security into these systems but they are mainly centered on providing technological solutions instead of approaching security throughout the development of applications based on Mobile Grid computing. The success in obtaining a secure system starts from incorporating security from the first stages of the development process at the same level as any other functional requirement and also offering a security architecture that identifies the essential security services and mechanisms to satisfy the security requirements for these systems. The different proposals focused on security architecture that we have found are centered on security aspects for Grid computing, not paying attention to the needs and requirements of mobile devices when they are incorporated into the Grid that is a vital aspect when dealing with Mobile Grid systems.

  In the same line as the aforementioned and with the aim of solving the existing difficulties, this PhD thesis defines a development process for secure mobile Grid systems (called SecMobGrid process) that allows the integration of software engineering, to develop systems based on mobile Grid computing, with security engineering that incorporates the security aspects of this kind of systems from the first stages of development. This is an iterative and incremental process and exploits the reusability of the different artifacts that are generated during the process. This process is composed of several activities and among them, we can highlight the following: the analysis activity where all system requirements (especially security requirements) are captured and specified basing on specific use cases, which are defined using a UML profile (GridUCSec-profile); the design activity focused on the construction of a security architecture for this kind of systems from the reference security architecture developed (SMGridArch) that defines the minimum set of security services covering all possible security requirements that can be specified in mobile Grid systems; and the construction activity that is in charge of the implementation of the system using the existing tools for the development of Grid systems.

  Moreover, the prototype tool called "SMGridTool" that gives automated support for the development of the tasks of the analysis activity of the SecMobGrid process is presented.

  Finally, in order to validate and improve the SecMobGrid development process, the result of its application to a case study of a real Mobile Grid system is offered.