A Security Framework

There is an assumption in the design and implementation of many distributed batch computing systems that once a task enters the system, the system can be fully trusted by all participants, even when the system spans administrative boundaries. As a result, execution hosts and other intermediaries have no way of independently confirming the origin of tasks, attackers have an incentive to attack the intermediaries who handle the tasks, and when results are returned to users, they have no way of determining where and how those results were computed. Users need to be able to specify policies that limit the actions their tasks can perform and the uses to which their delegated credentials can be put, and ways to link these policies to their jobs and credentials. In this thesis, I address these shortcomings by introducing and analyzing a framework of mechanisms that can be used to reduce the trustworthiness requirements of components in the system. The framework protects execution hosts by making the association between a particular task and a particular user explicit rather than implicit. It protects end users by permitting them to specify a policy regarding task confidentiality and integrity to accompany their tasks. Finally, it protects intermediaries by making them less attractive to attackers. With relaxed trustworthiness requirements on intermediaries, the benefits of sharing tasks and resources between different administrative domains may be realized without relaxing security policies.

[1]  Miron Livny,et al.  Condor-a hunter of idle workstations , 1988, [1988] Proceedings. The 8th International Conference on Distributed.

[2]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[3]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.

[4]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[5]  Of references. , 1966, JAMA.

[6]  Jerome H. Saltzer,et al.  End-to-end arguments in system design , 1984, TOCS.

[7]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8]  Loren M. Kohnfelder,et al.  Towards a practical public-key cryptosystem. , 1978 .

[9]  Morrie Gasser,et al.  An architecture for practical delegation in a distributed system , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  B. Gladman,et al.  Security Engineering: a Guide to Building Dependable Distributed Systems Physical Tamper Resistance 14.1 Introduction , 2022 .