Security for mobile grid systems

Grid computing technology is used as inexpensive systems to gather and utilize computational capability. This technology enhances applications services by arranging machines and distributed resources in a single huge computational entity. A Grid is a system that has the ability to organize resources which are not under the subject of centralized domain, utilize protocols and interfaces, and supply high quality of service. The Grid should have the ability to enhance not only the systems performance and job throughput of the applications participated but also increase the utilization scale of resources by employing effective resource management methods to the huge amount of its resources. Grid mobility appears as a technology to facilitate the accomplishment of requirements for Grid jobs as well as Grid users. This idea depends on migrating or relocating jobs, data and application software among Grid nodes. However, making use of mobility technology leads to data confidentiality problems within the Grid. Data confidentiality is the protection of data from intruders’ attacks. The data confidentiality can be addressed by limiting the mobility to trusted parts of the Grid, but this solution leads to the notion of Virtual Organizations (VOs). Also as a result of mobility technology the need for a tool to organize and enforce policies while applying the mobility has been increased. To date, not enough attention has been paid to policies that deal with data movements within the Grid. Most existing Grid systems have support only limited types of policies (e.g. CPU resources). A few designs consider enforcing data policies in their architecture. Therefore, we propose a policy-managed Grid environment that addresses these issues (user-submitted policy, data policy, and multiple VOs). In this research, a new policy management tool has been introduced to solve the mobility limitation and data confidentiality especially in the case of mobile sharing and data movements within the Grid. We present a dynamic and heterogeneous policy management framework that can give a clear policy definition about the ability to move jobs, data and application software from nodes to nodes during jobs’ execution in the Grid environment. This framework supports a multi-organization environment with different domains, supports the external Grid user preferences along with enforces policies for data movements and the mobility feature within different domains. The results of our research have been evaluated using Jade simulator, which is a software framework fully implemented in Java language and allows agents to execute tasks defined according to the agent policy. The simulation results have verified that the research aims enhance the security and performance in the Grid environments. They also show enhanced control over data and services distribution and usage and present practical evidence in the form of scenario test-bed data as to the effectiveness of our architecture.

[1]  P. Sadayappan,et al.  Distributed job scheduling on computational Grids using multiple simultaneous requests , 2002, Proceedings 11th IEEE International Symposium on High Performance Distributed Computing.

[2]  Sungyoung Lee,et al.  Mobile-to-Grid Middleware: Bridging the Gap Between Mobile and Grid Environments , 2005, EGC.

[3]  Miron Livny,et al.  Adaptive Scheduling for Master-Worker Applications on the Computational Grid , 2000, GRID.

[4]  Jan Vitek,et al.  Secure Internet Programming , 1999 .

[5]  William E. Allcock,et al.  The Globus Striped GridFTP Framework and Server , 2005, ACM/IEEE SC 2005 Conference (SC'05).

[6]  H. Raghav Rao,et al.  Security in grid computing: A review and synthesis , 2008, Decis. Support Syst..

[7]  R. Fielding,et al.  Architectural Styles and the Design of Network-based Software Architectures (CHAPTER 5) , 2000 .

[8]  Tim Kindberg,et al.  Distributed Systems: Concepts and Design (4th Edition) (International Computer Science) , 2005 .

[9]  Marty Humphrey,et al.  Security Implications of Typical Grid Computing Usage Scenarios , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[10]  Gregor von Laszewski,et al.  Grid Computing: Enabling a Vision for Collaborative Research , 2002, PARA.

[11]  Daniel Roth,et al.  Web Services Policy Framework (WS- Policy) , 2002 .

[12]  Giovanni Vigna,et al.  Designing Distributed Applications with Mobile Code Paradigms , 1997, Proceedings of the (19th) International Conference on Software Engineering.

[13]  Keith D. Swenson,et al.  Simple Workflow Access Protocol (SWAP) , 1998 .

[14]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[15]  Geoffrey G. Xie,et al.  Network policy languages: a survey and a new approach , 2001, IEEE Netw..

[16]  Paul V. Mockapetris,et al.  Domain names: Concepts and facilities , 1983, RFC.

[17]  Muthucumaru Maheswaran,et al.  Integrating trust into grid resource management systems , 2002, Proceedings International Conference on Parallel Processing.

[18]  Uwe Schwiegelshohn,et al.  On Advantages of Grid Computing for Parallel Job Scheduling , 2002, 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID'02).

[19]  Theodora Varvarigou,et al.  MOBILE GRID COMPUTING: CHANGES AND CHALLENGES OF RESOURCE MANAGEMENT IN A ΜOBILE GRID ENVIRONMENT , 2003 .

[20]  Giovanni Vigna,et al.  Understanding Code Mobility , 1998, IEEE Trans. Software Eng..

[21]  Omar S. Aldabbas A Framework for Mobility.andTemporal Dimensions of Grid Systems , 2008 .

[22]  Rajesh Raman,et al.  Matchmaking: distributed resource management for high throughput computing , 1998, Proceedings. The Seventh International Symposium on High Performance Distributed Computing (Cat. No.98TB100244).

[23]  Muthucumaru Maheswaran,et al.  Towards a micro-economic model for resource allocation in Grid computing systems , 2002, IEEE CCECE2002. Canadian Conference on Electrical and Computer Engineering. Conference Proceedings (Cat. No.02CH37373).

[24]  Kun Yang,et al.  Policy-based active Grid management architecture , 2002, Proceedings 10th IEEE International Conference on Networks (ICON 2002). Towards Network Superiority (Cat. No.02EX588).

[25]  Yolanda Gil,et al.  A survey of trust in computer science and the Semantic Web , 2007, J. Web Semant..

[26]  Jon Postel,et al.  User Datagram Protocol , 1980, RFC.

[27]  Jan Vitek,et al.  Secure Internet Programming: Security Issues for Mobile and Distributed Objects , 1999 .

[28]  Ian T. Foster,et al.  Grid information services for distributed resource sharing , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[29]  Kam-Wing Ng,et al.  Dynamic Policy Management Framework for Partial Policy Information , 2005, EGC.

[30]  Francine Berman,et al.  A study of deadline scheduling for client-server systems on the Computational Grid , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[31]  Andrew S. Grimshaw,et al.  A philosophical and technical comparison of Legion and Globus , 2004, IBM J. Res. Dev..

[32]  R. F. Freund,et al.  Dynamic matching and scheduling of a class of independent tasks onto heterogeneous computing systems , 1999, Proceedings. Eighth Heterogeneous Computing Workshop (HCW'99).

[33]  Ibm Redbooks Enabling Applications for Grid Computing With Globus , 2003 .

[34]  Jadwiga Indulska,et al.  Methods for conflict resolution in policy-based management systems , 2003, Seventh IEEE International Enterprise Distributed Object Computing Conference, 2003. Proceedings..

[35]  Arutyun Avetisyan,et al.  Comparison of scheduling heuristics for grid resource broker , 2004, Proceedings of the Fifth Mexican International Conference in Computer Science, 2004. ENC 2004..

[36]  Helge Janicke,et al.  New Framework for Dynamic Policy Management in Grid Environments , 2011 .

[37]  Hagit Attiya,et al.  Distributed Computing: Fundamentals, Simulations and Advanced Topics , 1998 .

[38]  Kristina Lerman,et al.  Resource allocation in the grid using reinforcement learning , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[39]  George Coulouris,et al.  Distributed systems - concepts and design , 1988 .

[40]  Laurent Lefèvre,et al.  Active Network Approach to Grid Management , 2003, International Conference on Computational Science.

[41]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[42]  Dennis G. Kafura,et al.  Authorization and account management in the Open Science Grid , 2005, GRID.

[43]  Bernhard Plattner,et al.  A Flexible IP Active Networks Architecture , 2000, IWAN.

[44]  J. Nakai,et al.  Pricing the Computing Resources: Reading Between the Lines and Beyond , 2001 .

[45]  Rajkumar Buyya,et al.  Compute Power Market: towards a market-oriented grid , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[46]  Kam-Wing Ng,et al.  A Heterogeneous Authorization Policy Management Mechanism for Grid Environments , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[47]  Yuval Shavitt,et al.  The active process interaction with its environment , 2001, Comput. Networks.

[48]  George V. Tsoulos,et al.  An agent-based framework for integrating mobility into grid services , 2008, MOBILWARE.

[49]  Kam-Wing Ng,et al.  DPMF: A policy management framework for heterogeneous authorization systems in grid environments , 2009, Multiagent Grid Syst..

[50]  Brian E. Carpenter,et al.  Abstract interdomain security assertions: A basis for extra-grid virtual organizations , 2004, IBM Syst. J..

[51]  Jie Pan,et al.  Introduction to Grid Computing , 2009 .

[52]  Srilekha Mudumbai,et al.  Certificate-based authorization policy in a PKI environment , 2003, TSEC.

[53]  Shashi Mogalla,et al.  Grid based Approach for Data Confidentiality , 2011 .

[54]  Li Chunlin,et al.  An agent-based approach for grid computing , 2003, Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies.

[55]  David De Roure,et al.  A Grid Service Infrastructure for Mobile Devices , 2005, 2005 First International Conference on Semantics, Knowledge and Grid.

[56]  Marvin A. Sirbu,et al.  Distributed authentication in Kerberos using public key cryptography , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[57]  Steven Tuecke,et al.  The Open Grid Services Architecture , 2004, The Grid 2, 2nd Edition.

[58]  Marty Humphrey,et al.  Security for Grids , 2005, Proceedings of the IEEE.

[59]  Helge Janicke,et al.  New framework for policy support for Mobile Grid Services , 2011, 2011 6th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[60]  Ibm Redbooks Introduction to Grid Computing With Globus , 2003 .

[61]  Jun Feng,et al.  Policy-directed data movement in grids , 2006, 12th International Conference on Parallel and Distributed Systems - (ICPADS'06).

[62]  Viktor K. Prasanna,et al.  A unified resource scheduling framework for heterogeneous computing environments , 1999, Proceedings. Eighth Heterogeneous Computing Workshop (HCW'99).

[63]  Dinesh C. Verma,et al.  A Policy Service for GRID Computing , 2002, GRID.

[64]  Helge Janicke,et al.  DYNAMIC POLICY MANAGEMENT IN MOBILE GRID ENVIRONMENTS , 2012 .

[65]  Elisa Bertino,et al.  Access-control language for multidomain environments , 2004, IEEE Internet Computing.

[66]  Tim Wright,et al.  Transport Layer Security (TLS) Extensions , 2003, RFC.

[67]  Javier Jaén Martínez,et al.  Models for replica synchronisation and consistency in a data grid , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[68]  Eduardo Fernández-Medina,et al.  Security services architecture for Secure Mobile Grid Systems , 2011, J. Syst. Archit..

[69]  Ramin Yahyapour,et al.  Economic Scheduling in Grid Computing , 2002, JSSPP.

[70]  R. F. Freund,et al.  Scheduling resources in multi-user, heterogeneous, computing environments with SmartNet , 1998, Proceedings Seventh Heterogeneous Computing Workshop (HCW'98).

[71]  David Abramson,et al.  A Computational Economy for Grid Computing and its Implementation in the Nimrod-G Resource Brok , 2001, Future Gener. Comput. Syst..

[72]  Hong Ong,et al.  Policy-Based Access Control Framework for Grid Computing , 2006, Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06).

[73]  Eduardo Fernández-Medina,et al.  Reusable security use cases for mobile grid environments , 2009, 2009 ICSE Workshop on Software Engineering for Secure Systems.

[74]  Toru Ishida The Language Grid - Service-Oriented Collective Intelligence for Language Resource Interoperability , 2011, The Language Grid.

[75]  Zsolt Németh,et al.  A Formal Framework for Defining Grid Systems , 2002, 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID'02).

[76]  Jon Postel,et al.  Internet Control Message Protocol , 1981, RFC.

[77]  Rajkumar Buyya,et al.  A taxonomy and survey of grid resource management systems for distributed computing , 2002, Softw. Pract. Exp..

[78]  Kam-Wing Ng,et al.  Performance Evaluation of Mobile Grid Services , 2008, KES-AMSTA.

[79]  J. Plank,et al.  Grid Resource Allocation and Control Using Computational Economies , 2003 .

[80]  Ian Foster,et al.  On Fully Decentralized Resource Discovery in Grid Environments , 2001, GRID.

[81]  Mario Piattini,et al.  Developing a Secure Mobile Grid System through a UML Extension , 2010, J. Univers. Comput. Sci..

[82]  Marcelo Campo,et al.  m-JGRIM: a novel middleware for Gridifying Java applications into mobile Grid services , 2010 .

[83]  Anirban Chakrabarti,et al.  Grid Computing Security: A Taxonomy , 2008, IEEE Security & Privacy.

[84]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[85]  Muthucumaru Maheswaran,et al.  A Parameter-Based Approach to Resource Discovery in Grid Computing System , 2000, GRID.

[86]  Akinori Yonezawa,et al.  Virtual private grid: a command shell for utilizing hundreds of machines efficiently , 2003, Future Gener. Comput. Syst..

[87]  Dennis G. Kafura,et al.  The PRIMA system for privilege management, authorization and enforcement in grid environments , 2003, Proceedings. First Latin American Web Congress.

[88]  Philip W. L. Fong Viewer's Discretion: Host Security in Mobile Code Systems , 1998 .

[89]  Andrew S. Grimshaw,et al.  Legion: An Operating System for Wide-Area Computing , 1999 .

[90]  David Abramson,et al.  A case for economy grid architecture for service oriented grid computing , 2001, Proceedings 15th International Parallel and Distributed Processing Symposium. IPDPS 2001.

[91]  Muthucumaru Maheswaran,et al.  Evolving and managing trust in grid computing systems , 2002, IEEE CCECE2002. Canadian Conference on Electrical and Computer Engineering. Conference Proceedings (Cat. No.02CH37373).

[92]  Mario Piattini,et al.  Analysis of Secure Mobile Grid Systems: A systematic approach , 2010, Inf. Softw. Technol..

[93]  Eduardo Fernández-Medina,et al.  Applying a UML Extension to Build Use Cases Diagrams in a Secure Mobile Grid Application , 2009, ER Workshops.

[94]  Jong Hyuk Park USF-PAS : Study on Core Security Technologies for Ubiquitous Security Framework , 2009, J. Univers. Comput. Sci..

[95]  Steven Tuecke,et al.  GridFTP: Protocol Extensions to FTP for the Grid , 2001 .