1 / 12

Grid Computing Security

Fletcher Liverance, 5 May 2009. Grid Computing Security. A Taxonomy. IEEE Security & Privacy, 2007 Anirban Chakrabarti Anish Damodaran Shubhashis Sengupta. Overview. What is Grid Computing? Pie in the sky Host-level issues and solutions Architecture-level issues and solutions

wright
Download Presentation

Grid Computing Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Fletcher Liverance, 5 May 2009 Grid Computing Security A Taxonomy IEEE Security & Privacy, 2007 Anirban Chakrabarti Anish Damodaran Shubhashis Sengupta

  2. Overview • What is Grid Computing? • Pie in the sky • Host-level issues and solutions • Architecture-level issues and solutions • Credential-level issues

  3. What is Grid Computing? “geographically distributed heterogeneous resources are virtualized as a unified whole.” • Web 2.0 • Scalable Link Interface (SLI) • Virtualization • Software as a service • Folding@home • Peer to peer • Cluster computing • Cloud computing • Distributed computing

  4. Computing Comparison

  5. Pie in the sky • IBM Roadrunner • 6,480 AMD dual core • 12,960 IBM PowerXCell • Hewlett-Packard • 300,000 employees • 600,000 processors • 600 TB of RAM • 120,000 TB of Storage • World wide • One billion PCs • 95 million consoles • Two billion cell phones

  6. Host-level issues and solutions • Data Protection • Application-level sandboxing • Proof-carrying code • Rules guaranteeing safe execution • Code producer responsible for safety • Does not scale • Virtualization • VMware GSX/ESX/Workstation • Paravirtualization • Xen • IA-32 architecture is non-virtualizable

  7. Host-level issues and solutions • Data Protection • User-space sandboxing • TRON – Process-level discretionary access control system • Simple, but requires system call reimplementation • Call chaining issues • Incomplete context • Flexible kernels (Kernel-level sandboxing) • Exokernel OS, MIT • Zones, Sun Solaris 10 • Application containers

  8. Host-level issues and solutions • Job starvation • Advanced reservation techniques • Request resources from grid scheduler • Non-transparent • Requires advanced scheduling techniques • Priority-reduction techniques • Local priority reduction • Sun Grid engine • Ad hoc mechanism • Unpredictable behaviour, lower QoS performance • Example: Peer to peer

  9. Architecture-level issues and solutions • Information security • Grid Security Infrastructure (GSI) • Secure communication • Transport level security - SSL/TLS • Message level security – Web Services Security (WSS) via SOAP • Authentication • CA Certificates • User/password over SOAP with WSS • GSI-to-Kerberos gateway • Single sign-on and delegation • Timed proxy

  10. Architecture-level issues and solutions • Policy-mapping issues • Resource level • Akenti – Distributed access control mechanism • Use-condition certificates • Attribute certificates • Virtual Organization level • Community Authorization Service (CAS) • Role based access control • DoS • Preventative solutions • Application filtering • Snort - Intrusion Detection System • Reactive solutions • Link testing • Logging

  11. Credential-level issues • Credential repositories • Take responsibility for credential storage • MyProxy Online • Credential federation systems • “Manage credentials across multiple systems, domains, and realms.” • KX.509 • Circle of trust • Shibboleth

  12. Conclusions “Grid security’s ultimate goal is to make the grid infrastructure seamless and protect it against both known and unknown security attacks.” • Identify vulnerabilities • Develop threat models • Develop countermeasures to threat models • Evaluate counter measures • (repeat ad nauseam)

More Related