Managing security in high‐performance distributed computations

We describe a software infrastructure designed to support the development of applications that use high‐speed networks to connect geographically distributed supercomputers, databases, and scientific instruments. Such applications may need to operate over open networks and access valuable resources, and hence can require mechanisms for ensuring integrity and confidentiality of communications and for authenticating both users and resources. Yet security solutions developed for traditional client‐server applications do not provide direct support for the distinctive program structures, programming tools, and performance requirements encountered in these applications. To address these requirements, we are developing a security‐enhanced version of a communication library called Nexus, which is then used to provide secure versions of various parallel libraries and languages, including the popular Message Passing Interface. These tools support the wide range of process creation mechanisms and communication structures used in high‐performance computing. They also provide a fine degree of control over what, where, and when security mechanisms are applied. In particular, a single application can mix secure and nonsecure communication, allowing the programmer to make fine‐grained security/performance tradeoffs. We present performance results that enable us to quantify the performance of our infrastructure.

[1]  Ian T. Foster,et al.  A secure communications infrastructure for high-performance distributed computing , 1997, Proceedings. The Sixth IEEE International Symposium on High Performance Distributed Computing (Cat. No.97TB100183).

[2]  Anthony Skjellum,et al.  Using MPI - portable parallel programming with the message-parsing interface , 1994 .

[3]  Paul E. Plassmann,et al.  Remote Engineering Tools for the Design of Pollution Control Systems for Commercial Boilers , 1996 .

[4]  Roy Friedman,et al.  A framework for protocol composition in Horus , 1995, PODC '95.

[5]  Ian T. Foster,et al.  Design and Performance of a Scalable Parallel Community Climate Model , 1995, Parallel Comput..

[6]  R. Schroeppel,et al.  Towards High Performance Cryptographic Software , 1995, Third IEEE Workshop on the Architecture and Implementation of High Performance Communication Subsystems.

[7]  M. Morris,et al.  The Design , 1998 .

[8]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.

[9]  Steven Tuecke,et al.  MPI on the I-WAY: a wide-area, multimethod implementation of the Message Passing Interface , 1996, Proceedings. Second MPI Developer's Conference.

[10]  Wan-Sup Um,et al.  An Authentication System for Open Network Systems , 1998 .

[11]  Erich M. Nahum,et al.  Parallelized network security protocols , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[12]  John Shalf,et al.  Galaxies Collide On the I-Way: an Example of Heterogeneous Wide-Area Collaborative Supercomputing , 1996, Int. J. High Perform. Comput. Appl..

[13]  John Linn,et al.  Generic Security Service Application Program Interface , 1993, RFC.

[14]  M. Tobis,et al.  FOAM: Expanding the Horizons of Climate Modeling , 1997, ACM/IEEE SC 1997 Conference (SC'97).

[15]  Ian T. Foster,et al.  The Nexus Approach to Integrating Multithreading and Communication , 1996, J. Parallel Distributed Comput..

[16]  Ian T. Foster,et al.  Globus: a Metacomputing Infrastructure Toolkit , 1997, Int. J. High Perform. Comput. Appl..

[17]  L. Smarr,et al.  Metacomputing : Siggraph'92 Showcase , 1992 .

[18]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[19]  Larry L. Peterson,et al.  A dynamic network architecture , 1992, TOCS.

[20]  Warren Smith,et al.  A directory service for configuring high-performance distributed computations , 1997, Proceedings. The Sixth IEEE International Symposium on High Performance Distributed Computing (Cat. No.97TB100183).

[21]  Ian T. Foster,et al.  Managing Multiple Communication Methods in High-Performance Networked Computing Systems , 1997, J. Parallel Distributed Comput..

[22]  Rick Stevens,et al.  Sharing visualization experiences among remote virtual environments , 1995 .

[23]  Gregory T. Byrd,et al.  Design of a key agile cryptographic system for OC-12c rate ATM , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[24]  Barry Jaspan GSS-API security for ONC RPC , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[25]  Ian T. Foster,et al.  Overview of the I-Way: Wide-Area Visual Supercomputing , 1996, Int. J. High Perform. Comput. Appl..

[26]  Tracy Bradley Maples,et al.  Performance Study of a Selective Encryption Scheme for the Security of Networked, Real-Time Video , 1995, Proceedings of Fourth International Conference on Computer Communications and Networks - IC3N'95.

[27]  B. Clifford Neuman,et al.  The Prospero Resource Manager: A scalable framework for processor allocation in distributed systems , 1994, Concurr. Pract. Exp..

[29]  Guy L. Steele,et al.  The High Performance Fortran Handbook , 1993 .

[30]  권태경,et al.  SSL Protocol 기반의 서버인증 , 2003 .

[31]  KesselmanCarl,et al.  Near-Real-Time Satellite Image Processing , 1996 .

[32]  Carl Kesselman,et al.  Near-real-time satellite image processing: metacomputing in CC++ , 1996, IEEE Computer Graphics and Applications.

[33]  Iskender Agi,et al.  An empirical study of secure MPEG video transmissions , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[34]  William Gropp,et al.  Skjellum using mpi: portable parallel programming with the message-passing interface , 1994 .