Bridging organizational network boundaries on the grid

The grid offers significant opportunities for performing wide area distributed computing, allowing multiple organizations to collaborate and build dynamic and flexible virtual organisations. However, existing security firewalls often diminish the level of collaboration that is possible, and current grid middleware often assumes that there are no restrictions on the type of communication that is allowed. Accordingly, a number of collaborations have failed because the member sites have different and conflicting security policies. In this paper we present an architecture that facilitates inter-organization communication using existing grid middleware, without compromising the security policies in place at each of the participating sites. Our solutions are built on a number of standard secure communication protocols such as SSH and SOCKS. We call this architecture Remus, and will demonstrate its effectiveness using the Nimrod/G tools.

[1]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[2]  Juan M. Estévez-Tapiador,et al.  Concepts and Attitudes for Internet Security (A review of Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin). , 2003 .

[3]  Ian T. Foster,et al.  Globus: a Metacomputing Infrastructure Toolkit , 1997, Int. J. High Perform. Comput. Appl..

[4]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[5]  Bernard Aboba,et al.  Proxy Chaining and Policy Implementation in Roaming , 1999, RFC.

[6]  Lars Lundberg,et al.  Performance of SOAP in Web Service environment compared to CORBA , 2002, Ninth Asia-Pacific Software Engineering Conference, 2002..

[7]  David Abramson,et al.  Grid Resource Management, Scheduling and Computational Economy , 2000 .

[8]  Mitsuhisa Sato,et al.  Performance evaluation of a firewall-compliant Globus-based wide-area cluster system , 2000, Proceedings the Ninth International Symposium on High-Performance Distributed Computing.

[9]  Sven Graupner,et al.  Globus Grid and Firewalls: Issues and Solutions in a Utility Data Center Environment , 2002 .

[10]  David M. Booth,et al.  Web Services Architecture , 2004 .

[11]  Virgil D. Gligor,et al.  A guide to understanding covert channel analysis of trusted systems , 1993 .

[12]  Rajkumar Buyya,et al.  Architectural Models for Resource Management in the Grid , 2000, GRID.

[13]  B. Nitzberg,et al.  NWU-CS-005 2000 Grids : The top ten questions , 2002 .

[14]  David Abramson,et al.  Nimrod: a tool for performing parametrised simulations using distributed workstations , 1995, Proceedings of the Fourth IEEE International Symposium on High Performance Distributed Computing.

[15]  P. V. McMahon GSS-API Authentication Method for SOCKS Version 5 , 1996, RFC.

[16]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[17]  David Abramson,et al.  Job Management in Grids of MOSIX Clusters , 2003, ISCA PDCS.