Cluster Security as a Unique Problem with Emergent Properties: Issues and Techniques

Large-scale commodity cluster systems are finding increasing deployment in academic, research, and commercial settings. Coupled with this increasing popularity are concerns regarding the security of these clusters. While an individual commodity machine may have prescribed best practices for security, a cluster of commodity machines has emergent security properties that are unique from the sum of its parts. This concept has not yet been addressed in either cluster administration techniques or the research literature. We highlight the emergent properties of cluster security that distinguish it as a unique problem space and then outline a unified framework for protection techniques. We conclude with a description of preliminary progress on a monitoring project focused specifically on cluster security that we have started at the National Center for Supercomputing Applications.

[1]  César A. F. De Rose,et al.  RVision: An Open and High Configurable Tool for Cluster Monitoring , 2002, 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID'02).

[2]  Michel Dagenais,et al.  A new architecture for secure carrier-class clusters , 2002, Proceedings. IEEE International Conference on Cluster Computing.

[3]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[4]  Andrew A. Chien,et al.  Breaking the barriers: high performance security for high performance computing , 2002, NSPW '02.

[5]  E. Stewart Lee,et al.  Composing secure systems that have emergent properties , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[6]  Heiko Mantel,et al.  On the composition of secure systems , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[7]  T. Roney Cluster monitoring at NCSA , 2001 .

[8]  David A. Fisher,et al.  Emergent algorithms-a new method for enhancing survivability in unbounded systems , 1999, Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences. 1999. HICSS-32. Abstracts and CD-ROM of Full Papers.

[9]  Heather M. Hinton Under-specification, composition and emergent properties , 1998, NSPW '97.

[10]  Ronald Minnich,et al.  Supermon: a high-speed cluster monitoring system , 2002, Proceedings. IEEE International Conference on Cluster Computing.

[11]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[12]  Michel Dagenais,et al.  A Distributed Security Infrastructure for Carrier Class Linux Clusters , 2002 .