SRPC is designed to provide secure communication of remote procedure calls using transport layer security protocols (SSL/TLS). Although secure RPC can be realized at the RPC-layer itself (e.g., RPCSEC_GSS), several factors have motivated the use of SSL: it has very mature and efficient implementations, which have been successfully employed by many important applications; it supports a wide range of algorithms, which can be leveraged to support flexible security configurations; SGFS sessions are established on per-user/application basis, and thus can use SSL to provide full-featured security without using any RPC-layer mechanisms.

A SSL-enabled secure RPC library has been developed for SGFS based on two key packages, TI-RPC and OpenSSL. TI-RPC (Transport Independent RPC) is the replacement for the original transport-specific RPC. It allows distributed applications to transparently support RPC over connectionless and connection-oriented transports for both IPv4 and v6. OpenSSL is an excellent implementation of SSL, and has recently included the support for datagram protocols (DTLS). Therefore, these tools can be effectively utilized to build a secure RPC library that supports both TCP and UDP.

In this library secure RPC APIs are provided in a way that closely resembles the regular RPC APIs. For example, clnt_tli_ssl_create and svc_tli_ssl_create are two expert-level APIs for creating a RPC client and server, respectively, using a secure transport for communications. These APIs take the same parameters as their regular counterparts with an additional one for the security configuration structure. The use of authentication, encryption and MAC as well as their specific algorithms can be specified through this structure and passed on to the library to create secure transports for RPC with the desired security mechanisms.

This secure RPC library is generic to support all RPC-based applications. The fact that both TI-RPC and OpenSSL are standalone packages helps its use by ordinary users without the need to change any system-level configurations. The current implementation is based on Linux; support for other platforms is also conceivable.

SRPC is employed to provide strong security with flexible configurations to GVFS, a user-level grid-wide virtual file system. The resulting Secure GVFS enables strong authentication, privacy, and integrity for cross-domain data access, supports user and application-tailored security customization per SGFS session, and leverages secure data management services to control and configure the sessions. The entire system conforms to the Grid Security Infrastructure and allows for seamless integration with other grid middleware.

Performance of Secure GVFS