Authorizing Remote Job Execution Based on Job Properties

E-Science often requires access to remote Grid computing platforms. Current authorization systems on these remote systems have largely based decisions solely on the identity of the submitter -- the job is permitted to execute on the local resource if the job originates from an authenticated and authorized end-user. The problem with this approach is that there is no consideration to what the job will/should do when executed, so an errorful or malicious job -- even from what purports to be a trusted user -- can create significant damage before an operator notices and can kill or suspend the job. This paper presents a novel end-to-end job execution framework in which the properties (behavior) of the job are taken into account for the authorization decision. Experimental results show the duration to perform the authorization and to establish a subsequent restrictive execution context is sufficiently low -- our observed overhead of 253.1 ms on commodity hardware is an acceptable cost for most Grid applications to pay to achieve this more secure execution environment.