Security issues in on-demand grid and cluster computing

In this paper, security issues in on-demand grid and cluster computing are analyzed, a corresponding threat model is presented and the challenges with respect to authentication, authorization, delegation and single sign-on, secure communication, auditing, safety, and confidentiality are discussed. Three different levels of on-demand computing are identified, based on the number of resource providers, solution producers and users, and the trust relationships between them. It is argued that the threats associated with the first two levels can be handled by employing operating system virtualization technologies based on Xen, whereas the threats of the third level require the use of hardware security modules proposed in the context of the Trusted Computing Platform Alliance (TCPA). The presented security mechanisms increase the resilience of the service hosting environment against both malicious attacks and erroneous code. Thus, our proposal paves the way for large scale hosting of grid or Web services in commercial scenarios.

[1]  Gregory A. Koenig,et al.  Design of an Economics-Based Software Infrastructure for Secure Utility Computing on Supercomputing Clusters , 2004 .

[2]  Ian Foster,et al.  The Grid 2 - Blueprint for a New Computing Infrastructure, Second Edition , 1998, The Grid 2, 2nd Edition.

[3]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[4]  Ákos Frohner,et al.  VOMS, an Authorization System for Virtual Organizations , 2003, European Across Grids Conference.

[5]  William Yurcik,et al.  Trade-offs in protecting storage: a meta-data comparison of cryptographic, backup/versioning, immutable/tamper-proof, and redundant storage solutions , 2005, 22nd IEEE / 13th NASA Goddard Conference on Mass Storage Systems and Technologies (MSST'05).

[6]  Bowen Alpern,et al.  PDS: a virtual execution environment for software deployment , 2005, VEE '05.

[7]  Andrea C. Arpaci-Dusseau,et al.  Deploying Virtual Machines as Sandboxes for the Grid , 2005, WORLDS.

[8]  Eli M. Dow,et al.  Xen and the Art of Repeated Research , 2004, USENIX Annual Technical Conference, FREENIX Track.

[9]  Jeff Dike,et al.  User-mode Linux , 2006, Annual Linux Showcase & Conference.

[10]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[11]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[12]  Renato J. O. Figueiredo,et al.  VMPlants: Providing and Managing Virtual Machine Execution Environments for Grid Computing , 2004, Proceedings of the ACM/IEEE SC2004 Conference.

[13]  Ju Wang,et al.  The entropia virtual machine for desktop grids , 2005, VEE '05.

[14]  R. Power CSI/FBI computer crime and security survey , 2001 .

[15]  Thomas Friese,et al.  Intra-engine service security for grids based on WSRF , 2005, CCGrid 2005. IEEE International Symposium on Cluster Computing and the Grid, 2005..

[16]  Gregory A. Koenig,et al.  Detection of Privilege Escalation for Linux Cluster Security , 2005 .

[17]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[18]  Thomas Friese,et al.  Towards a service-oriented ad hoc grid , 2004, Third International Symposium on Parallel and Distributed Computing/Third International Workshop on Algorithms, Models and Tools for Parallel Computing on Heterogeneous Networks.

[19]  B. Cohen,et al.  Incentives Build Robustness in Bit-Torrent , 2003 .

[20]  Ian T. Foster,et al.  From sandbox to playground: dynamic virtual environments in the grid , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[21]  Chao Liu,et al.  2005 Ieee International Symposium on Cluster Computing and the Grid a First Step toward Detecting Ssh Identity Theft in Hpc Cluster Environments: Discriminating Masqueraders Based on Command Behavior* , 2022 .

[22]  Gregory A. Koenig,et al.  Clusters and security: distributed security for distributed systems , 2005, CCGrid 2005. IEEE International Symposium on Cluster Computing and the Grid, 2005..

[23]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[24]  Borja Sotomayor,et al.  The Globus Toolkit 4 , 2006 .

[25]  Steven Tuecke,et al.  The Physiology of the Grid An Open Grid Services Architecture for Distributed Systems Integration , 2002 .

[26]  David W. Chadwick,et al.  Role-Based Access Control With X.509 Attribute Certificates , 2003, IEEE Internet Comput..

[27]  Mark J. Clement,et al.  High Performance Computing for the Masses , 1999, IPPS/SPDP Workshops.