Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques

In this paper, an analysis of security threats within service-oriented on-demand Grid computing environments is presented. The analysis is based on identifying three levels of trust relationships and three types of Grid applications in on-demand computing; the trust relationships involve interactions among resource providers, middleware producers, solution producers, and users. The paper presents solutions for addressing the threats inherent to these three increasingly demanding levels. The solutions involve applying sandbox-based approaches using virtual machine technology and jailing mechanisms to ensure trust for the first two levels of on-demand Grid computing, as well as Trusted Computing Platform Alliance (TCPA) technology for the third level of on-demand Grid computing. A brief taxonomy of the presented solutions is introduced.

[1]  Thomas Friese,et al.  Towards a service-oriented ad hoc grid , 2004, Third International Symposium on Parallel and Distributed Computing/Third International Workshop on Algorithms, Models and Tools for Parallel Computing on Heterogeneous Networks.

[2]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[3]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[4]  David W. Chadwick,et al.  Role-Based Access Control With X.509 Attribute Certificates , 2003, IEEE Internet Comput..

[5]  Andrea C. Arpaci-Dusseau,et al.  Deploying Virtual Machines as Sandboxes for the Grid , 2005, WORLDS.

[6]  Steven Tuecke,et al.  The Physiology of the Grid An Open Grid Services Architecture for Distributed Systems Integration , 2002 .

[7]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[8]  Thomas Friese,et al.  Hot service deployment in an ad hoc grid environment , 2004, ICSOC '04.

[9]  Ian T. Foster,et al.  From sandbox to playground: dynamic virtual environments in the grid , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[10]  Chao Liu,et al.  2005 Ieee International Symposium on Cluster Computing and the Grid a First Step toward Detecting Ssh Identity Theft in Hpc Cluster Environments: Discriminating Masqueraders Based on Command Behavior* , 2022 .

[11]  Steven Tuecke,et al.  The Open Grid Services Architecture , 2004, The Grid 2, 2nd Edition.

[12]  Gregory A. Koenig,et al.  Clusters and security: distributed security for distributed systems , 2005, CCGrid 2005. IEEE International Symposium on Cluster Computing and the Grid, 2005..

[13]  Ákos Frohner,et al.  VOMS, an Authorization System for Virtual Organizations , 2003, European Across Grids Conference.

[14]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[15]  Eli M. Dow,et al.  Xen and the Art of Repeated Research , 2004, USENIX Annual Technical Conference, FREENIX Track.

[16]  Gregory A. Koenig,et al.  Security issues in on-demand grid and cluster computing , 2006 .

[17]  Thomas Friese,et al.  Intra-engine service security for grids based on WSRF , 2005, CCGrid 2005. IEEE International Symposium on Cluster Computing and the Grid, 2005..