Model checking grid security

Grid computing is one of the leading forms of high performance computing. Security in the grid environment is a challenging issue that can be characterized as a complex system involving many subtleties that may lead designers into error. This is similar to what happens with security protocols where automatic verification techniques (specially model checking) have been proved to be very useful at design time. This paper proposes a formal verification methodology based on model checking that can be applied to host security verification for grid systems. The proposed methodology must take into account that a grid system can be described as a parameterized model, and security requirements can be described as hyperproperties. Unfortunately, both parameterized model checking and hyperproperty verification are, in general, undecidable. However, it has been proved that this problem becomes decidable when jobs have some regularities in their organization. Therefore, this paper presents a verification methodology that reduces a given grid system model to a model to which it is possible to apply a ''cutoff'' theorem (i.e., a requirement is satisfied by a system with an arbitrary number of jobs if and only if it is satisfied by a system with a finite number of jobs up to a cutoff size). This methodology is supported by a set of theorems, whose proofs are presented in this paper. The methodology is explained by means of a case study: the Condor system.

[1]  Helmut Veith,et al.  Proving Ptolemy Right: The Environment Abstraction Framework for Model Checking Concurrent Systems , 2008, TACAS.

[2]  Amir Pnueli,et al.  Model checking and abstraction to the aid of parameterized systems (a survey) , 2004, Comput. Lang. Syst. Struct..

[3]  Krzysztof R. Apt,et al.  Limits for Automatic Verification of Finite-State Concurrent Systems , 1986, Inf. Process. Lett..

[4]  Vineet Kahlon,et al.  Reducing Model Checking of the Many to the Few , 2000, CADE.

[5]  E. A. Emerson,et al.  On Reasoning About Rings , 2003, Int. J. Found. Comput. Sci..

[6]  Edmund M. Clarke,et al.  Reasoning about Networks with Many Identical Finite State Processes , 1989, Inf. Comput..

[7]  Patrick Maier Intuitionistic LTL and a New Characterization of Safety and Liveness , 2004, CSL.

[8]  Sabine Glesner,et al.  Towards the Semi-Automatic Verification of Parameterized Real-Time Systems Using Network Invariants , 2010, 2010 8th IEEE International Conference on Software Engineering and Formal Methods.

[9]  Somesh Jha,et al.  Verifying parameterized networks , 1997, TOPL.

[10]  Robert P. Kurshan,et al.  A structural induction theorem for processes , 1989, PODC.

[11]  Radu Prodan,et al.  Specification-correct and Scalable Coordination of Scientific Applications in Grid Environments , 2007, Seventh IEEE International Symposium on Cluster Computing and the Grid (CCGrid '07).

[12]  Cheng Wu,et al.  Performance Optimization of Temporal Reasoning for Grid Workflows Using Relaxed Region Analysis , 2008, 22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008).

[13]  Catherine A. Meadows,et al.  Formal methods for cryptographic protocol analysis: emerging issues and trends , 2003, IEEE J. Sel. Areas Commun..

[14]  Jing Zhou,et al.  A mechanism for grid service composition behavior specification and verification , 2009, Future Gener. Comput. Syst..

[15]  R. BurchJ.,et al.  Symbolic model checking , 1992 .

[16]  Luca Spalazzi,et al.  CLASSIFICATION OF ATTACKS ON CRYPTOGRAPHIC PROTOCOLS , 2010 .

[17]  A. Prasad Sistla,et al.  Reasoning about systems with many processes , 1992, JACM.

[18]  Changjun Jiang,et al.  Towards a Formal Model for Grid Architecture via Petri Nets , 2006 .

[19]  Miron Livny,et al.  Condor and the Grid , 2003 .

[20]  Ian T. Foster,et al.  Globus: a Metacomputing Infrastructure Toolkit , 1997, Int. J. High Perform. Comput. Appl..

[21]  Ian T. Foster,et al.  Condor-G: A Computation Management Agent for Multi-Institutional Grids , 2004, Cluster Computing.

[22]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[23]  Ahmed Bouajjani,et al.  Verification of parametric concurrent systems with prioritised FIFO resource management , 2008, Formal Methods Syst. Des..

[24]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[25]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[26]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[27]  Geoff W. Hamilton,et al.  Verifying a delegation protocol for grid systems , 2011, Future Gener. Comput. Syst..

[28]  Helmut Veith,et al.  Verification by Network Decomposition , 2004, CONCUR.

[29]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[30]  A. W. Roscoe CSP and determinism in security modelling , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[31]  Pierre Wolper,et al.  Verifying Properties of Large Sets of Processes with Network Invariants , 1990, Automatic Verification Methods for Finite State Systems.

[32]  Nikola Trcka,et al.  A reference model for grid architectures and its validation , 2010, Grid 2010.

[33]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[34]  Cheng Wu,et al.  Formal verification technique for grid service chain model and its application , 2007, Science in China Series F: Information Sciences.

[35]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[36]  Anirban Chakrabarti Grid computing security , 2007 .

[37]  Kedar S. Namjoshi,et al.  Automatic Verification of Parameterized Synchronous Systems (Extended Abstract) , 1996, CAV.

[38]  Elisa Bertino,et al.  Vulnerabilities leading to denial of services attacks in grid computing systems: a survey , 2010, CSIIRW '10.

[39]  Peter Merz,et al.  Formal Verification of a Grid Resource Allocation Protocol , 2008, 2008 Eighth IEEE International Symposium on Cluster Computing and the Grid (CCGRID).

[40]  Miron Livny,et al.  Condor: a distributed job scheduler , 2001 .

[41]  F. Schneider Blueprint for a Science of Cybersecurity , 2011 .

[42]  Alexander Bolotov,et al.  Deontic Extension of Deductive Verification of Component Model: Combining Computation Tree Logic and Deontic Logic in Natural Deduction Style Calculus , 2009, IICAI.

[43]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[44]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[45]  Samik Basu,et al.  Automating Cut-off for Multi-parameterized Systems , 2010, ICFEM.

[46]  Wil M. P. van der Aalst,et al.  A reference model for grid architectures and its validation , 2010, Concurr. Comput. Pract. Exp..

[47]  Robbert van Renesse,et al.  APSS: proactive secret sharing in asynchronous systems , 2005, TSEC.

[48]  Anirban Chakrabarti,et al.  Grid Computing Security: A Taxonomy , 2008, IEEE Security & Privacy.

[49]  Arun Kumar Misra,et al.  Hybrid reliable load balancing with MOSIX as middleware and its formal verification using process algebra , 2011, Future Gener. Comput. Syst..

[50]  Mingshu Li,et al.  A cut-off approach for bounded verification of parameterized systems , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[51]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.