grid security by youssefadham


More Info
									                     Grid Security Services Simulator (G3S) – A Simulation Tool for the Design and
                                          Analysis of Grid Security Solutions *

                                                                       Syed Naqvi, Michel Riguidel
                                                  Computer Sciences and Networks Department
                                    Ecole Nationale Supérieur des Télécommunications (ENST), Paris, France
                                                                          {naqvi, riguidel}

                                                                                           implementing them on a real grid. The range of available
                    Security services are one of the most desirable                        grid simulation tools [1], such as Bricks [2], SimGrid [3],
                 characteristics of the computational grids. Nowadays the                  GridSim [4], GangSim [5], OptorSim [6] etc., does not
                 swelling number of applications and consequent increase                   provide any support for the simulations of grid security
                 in the amount of critical data over the grids have                        functions. The deployment of a grid infrastructure without
                 considerably raised the stakes for an efficient security                  proper simulations of its various defense capabilities will
                 architecture. Establishing security solutions for                         certainly be an invitation to disaster. One can not remove
                 computational grid remains in its initial stages, as there                all the vulnerabilities from a design, no matter how
                 are a number of impediments in the way of successful                      analytically good it is, unless the design has undergone a
                 implementation of these security designs on a real grid.                  series of ‘real-application-specific’ tests. In the absence of
                 Absence of suitable mechanism to simulate the various                     a proper validation mechanism, security designers risk
                 functionalities of grid security models is a major concern                wasting time and effort implementing safeguards that do
                 for security designers. A reliable simulator for the grid                 not address any realistic threat to the grid. Or, just as
                 security services is indispensable so that the grid security              dangerously, they run the risk of concentrating their
                 solutions can be adequately tested before their                           security measures on one threat while leaving the grid
                 implementation on a real grid. The available range of                     architecture dangerously exposed to others. We have faced
                 grid simulators does not provide any support for the                      the same problem while working on the virtualization of
                 security functions. This vacuity has overwhelmingly                       security services for the grid. This situation obliged us to
                 motivated us to develop the Grid Security Services                        develop a tool to perform grid security simulations before
                 Simulator (G3S).                                                          advancing the current state of our proposed Virtualized and
                                                                                           Pluggable Security Services Model (VIPSEC) [7]. Initially,
                 1. Introduction                                                           we developed modules to simulate various functionalities
                                                                                           of VIPSEC – the results are published in [8]. Now we have
                    In the evolution of computational grids, security threats              grouped together these modules as a tool – Grid Security
                 were overlooked in the desire to implement a high                         Services Simulator (G3S). The simulation results are
                 performance distributed computational system. But now                     validated through formal implementation on a grid proto-
                 the growing size and profile of the grid require                          type.
                 comprehensive security solutions as they are critical to the                 This paper is organized in the following manner: an
                 success of the endeavor. A comprehensive security system,                 overview of the available grid simulators is presented in
                 capable of responding to any attack on grid resources, is                 section 2. G3S is elaborated in section 3. Finally, some
                 indispensable to guarantee its anticipated adoption by the                conclusions are drawn in section 4 along with an account
                 grid community. Security teams are now working on                         of the perspectives of G3S.
                 establishing security solutions. However, their proposed
                 solutions require rigorous evaluation mechanisms before                   2. Available Grid Simulators

                                                                                           2.1. Bricks [2]
                  This research is supported by the European Commission funded project
                 SEINIT (Security Expert Initiative) under reference number IST-2002-         Bricks was the first proposed grid simulator designed to
                 001929-SEINIT. The overall objective of the SEINIT project is to ensure
                 a trusted security framework for ubiquitous environments, working         investigate scheduling issues.
                 across multiple devices and heterogeneous networks, in a way that is      Motivations Bricks was proposed and designed for studies
                 organization independent (inter-operable) and centered around an end-     and comparisons of scheduling algorithms and
                 user. Project webpage is located at

Proceedings of the First International Conference on e-Science and Grid Computing (e-Science’05)
0-7695-2448-6/05 $20.00 © 2005 IEEE
                 frameworks, under various structural and workload                       environments. Since in its general form, the scheduling
                 conditions, in the objective of providing reproducible                  problem is nondeterministic polynomial (NP) complete,
                 results. Bricks scheduling research focus on multi-client,              most of the proposed scheduling algorithms are heuristics.
                 multi-server grid scenarios.                                            Principles SimGrid is based on event driven simulation. It
                 Principles Bricks is a performance evaluation system for                provides a set of abstractions and functionalities to build a
                 scheduling algorithms and frameworks of high                            simulator corresponding to the applications and
                 performance global computing systems. Bricks allows the                 infrastructures characteristics. In SimGrid resources are
                 simulation of various behaviors such as resource                        modeled by their latency and service rate. These
                 scheduling algorithms, programming modules for                          characteristics may be set as constants or evolve according
                 scheduling, network topology of clients and servers in                  to previously collected traces. The topology is fully
                 global computing systems, and processing schemes for                    configurable. Indeed, this is the responsibility of the user
                 networks and servers. It is basically an event driven                   to define the topology and may be use collections of links
                 simulator built as a framework and a set of replaceable                 to simulate complex mechanisms like routers. All actions
                 components. Bricks considers the following interacting                  (computations or communications) are referred as tasks.
                 constituents the global computing system and the                        The user is responsible to schedule computations and
                 scheduling unit. The global computing system consists in                communications on the correct resources. SimGrid
                 clients submitting jobs, servers executing the jobs and the             considers execution time prediction errors allowing the
                 network. Servers and networks are characterized by their                user to understand the behavior of the scheduling
                 performance, workload or congestion, and their variance                 algorithms under complex situations where execution time
                 over time. Servers and networks are modeled as queuing                  cannot be accurately predicted.
                 systems. Jobs are characterized by the size of their                    Implementation In SimGrid, the user manipulates two
                 parameters/results and the number of computing operations               data structure through an API: resources and tasks.
                 their require. The scheduling unit contains a network                   Resources and tasks can be described with high level of
                 monitor measuring network bandwidth and latency, a                      details. Resource have characteristics like speed,
                 server monitor measuring performance, load, and                         availability, etc., based on constant or traces. Task have a
                 availability of servers, a resource data base module storing            cost and a state. Using the API, users can create, destruct
                 the all measurements results and serving as a scheduling-               and inspect resources and tasks. The simulation is run
                 specific database, a predictor reading the measured                     calling the SG simulate() function returning a list of tasks
                 information and predicting resource availability and a                  that have completed since the last time it was called. This
                 scheduler allocating tasks on server based on the resource              function takes a stopping argument that is a delay or an
                 data base and predictor information. Bricks can import real             event (task completion).
                 existing global computing components for their validation.              Applications SimGrid can be used to simulate compile
                 Implementation Bricks is implemented in Java. The users                 time and runtime scheduling algorithms. In the first
                 can specify network topologies, server architectures,                   category, all scheduling decisions are taken before the
                 communication models and scheduling framework                           execution. In the second category some decision are taken
                 components using the Bricks script. As discusses earlier,               during the execution.
                 many components of Bricks are replaceable. In particular,                  A new version of SimGrid, also called SimGrid2 or
                 Bricks offers and interface to replace the each component               MSG, improves several aspects of the first versions (called
                 of the scheduling unit.                                                 SG): more realistic network models, import of platform
                 Applications For the purpose of some experiments, Bricks                simulation models from monitoring tools and enhanced
                 has been associated with NWS (Network Weather                           API. Another improvement concerns the capability to
                 Service), NWS working as a component of Bricks. Bricks                  simulate distributed scheduling agents in large scale and
                 was used for the study of deadline scheduling on the                    dynamic distributed environment. Indeed, MSG run on top
                 computational grid. Bricks has also been extended for                   of SG exposing to the user a new interface with five
                 performance analysis of scheduling and replication                      fundamental concepts: agents, locations, tasks, paths and
                 algorithms in the context of data grids for High-Energy                 channels.
                 Physics (HEP).
                                                                                         2.3. GridSim [4]
                 2.2. SimGrid [3]
                                                                                            Like SimGrid, GridSim is a simulator to investigate
                    SimGrid is among the most popular simulation tools for               scheduling issues in grids.
                 grid research.                                                          Motivations GridSim was proposed and designed after
                 Motivations The main motivation behind the design and                   SimGrid. Its motivations are quite similar. One main
                 development of SimGrid was the necessity of simulation                  difference concerns its focus on grid economy, where the
                 tools to study single-client multi-servers scheduling in the            scheduling involves the notions of producers (resources
                 context of complex, distributed, dynamic, heterogeneous

Proceedings of the First International Conference on e-Science and Grid Computing (e-Science’05)
0-7695-2448-6/05 $20.00 © 2005 IEEE
                 owners), consumers (end-users) and brokers discovering                  associated storage systems. GangSim adds to the classical
                 and allocating resources to users.                                      notions of users and sites, the ones of VO users and
                 Principles Like SimGrid, GridSim is a discrete event                    planners. It models usage policies at the levels of site and
                 simulator. Compared to SimGrid however it's original                    VO. One of its unique feature is its capability to combine
                 design considers the existence of several brokers. Note that            simulated components with instances of a VO Ganglia
                 SimGrid2 provides similar abstraction through the notion                Monitoring toolkit running on real resources.
                 of Agents. Thus, GridSim manages several abstractions                   Principles     GangSim       simulates    a    policy-driven
                 (called entities): user, broker, resource, grid information             management infrastructure where the allocation of
                 service, input and output. Every user is characterized by:              individual resource is determined from the interactions
                 job type (execution time, number of parametric replication,             between allocations policies within and accross VOs.
                 etc.), scheduling optimization strategy, activity rate, time            GangSim is a discrete simulator, evaluating periodically
                 zone, absolute deadline and budget and their associated                 the state of all simulated components. The components
                 relaxation parameters. Brokers receive the tasks submitted              simulated by GangSim are: Site, VO, Schedulers (internal,
                 by users and implement their scheduling algorithm. Since                external and Data), Monitoring data point, Site policy
                 several users compete for the same set of resources (the                enforcement point and VO policy enforcement point. In
                 resources are supposed to be finite), brokers have to find              addition to its capacities (#CPUs, intra and inter site
                 tradeoffs between users requirements. These tradeoffs                   network and storage) a site is defined by a scheduling
                 should be acceptable for all users. This essentially consists           policy defining the resource allocation possibilities for
                 in meeting the deadline. Resources are described with                   every VO. A VO is a group of users submitting sets of
                 number of processors, cost of processing, performance,                  jobs. Each group is represented by a policy considered by
                 internal scheduling policy, workload, time zone. GridSim                VOs for resource allocation. Schedulers represent points
                 makes a difference between inputs and outputs, managing                 where scheduling decisions are taken. Monitoring data
                 the two in a separate way. This provides a mean to express              points are nodes collecting and distributing metrics about
                 performance differences between parameters and results                  resource consumption. Policy enforcement points use
                 communication.                                                          monitoring metrics to enforce site and VO policies when
                    In some sense, GriSim is a higher-level simulator                    policy requirements are no longer met. GangSim considers
                 compared to SimGrid. It is basically designed to                        several costs associated with the simulated components:
                 investigate interactions and interferences between                      time to enter the planner queue, time for site assignment,
                 scheduling decisions taken by distributed brokers. Until                time for site transfer (network allocation and transfer for
                 recently, GridSim did not consider any network topology.                the executable), time for node assignment and time for job
                 Implementation Compared to SimGrid, which is                            transfer (network allocation and transfer for the executable
                 implemented in C, GridSim is implemented in Java on top                 and data). A Job is admitted if one of 2 conditions exist: 1)
                 of an existing discrete event simulation engine: SimJava.               the average resource utilization for its VO is lower than a
                 SimJava runs entities in separate threads. Entities may call            limit over a long period of time (called epoch), 2)
                 a small set of primitives: sim schedule, sim hold and sim               resources are available and the average resource utilization
                 wait. The simulation is managed by a central object (sim                for the VO is less than a second limit over a short period of
                 system) controlling an event queue. Interactions between                time (called burst).
                 GridSim entities are implemented using events (internal,                Implementation As previously mentioned, GangSim
                 external, synchronous and asynchronous). GridSim                        derives from Ganglia. It replaces the reporters of Ganglia
                 provides other primitives for application task creation, task           by component models. In addition, other tools describe the
                 mapping to resources and their management.                              workload speci_cation and generate the grid environment.
                 Applications GridSim is mainly used to study cost-time                  Components are implemented using: simulator modules,
                 optimization algorithms for scheduling task farming                     task assignment policies, metric aggregators, grid
                 applications on heterogeneous grids, considering economy                components, environment state keeper and interface. As a
                 based distributed resource management, dealing with                     discrete simulator, GangSim periodically evaluates the
                 deadline and budget constraints.                                        state of all the simulated components. The period is
                                                                                         typically in the range of 10s to 30s. This determines the
                 2.4. GangSim [5]                                                        timing precision of the simulation witch is considered
                                                                                         acceptable for jobs running for 100s seconds.
                    GangSim is another scheduling simulator for the grid. It             Applications GangSim can be used to simulate
                 mainly derives from a previous work on an enhancement                   synchronous and asynchronous workloads. In the former
                 of the Ganglia Monitoring Toolkit for Virtual Organiza-                 case, all VOs submit their jobs almost at the same time. In
                 tions (VO).                                                             the second situation, VOs submit their bust workloads at
                 Motivations GangSim considers a context where hundreds                  different moment in time.
                 of institutions and thousands of individuals collectively
                 control tens or hundreds thousands of computers and                     2.5. OptorSim [6]

Proceedings of the First International Conference on e-Science and Grid Computing (e-Science’05)
0-7695-2448-6/05 $20.00 © 2005 IEEE
                     OptorSim belongs to the category of grid simulators of              Principles G3S models security functionalities of a grid.
                 data replication strategies.                                            The grid nodes may be static or mobile. For the mobile
                 Motivations The main motivation behind OptorSim was                     nodes, it also considers the mobility-related security issues
                 the creation of a generic simulation environment for data               such as security gaps [9]. It is designed to support multiple
                 grids applications processing in a distributed way with                 authentication mechanisms such as X.509 certificates and
                 very large data sets. One of the key concept in data grids is           Kerberos tickets. Role-Based Access Control (RBAC) is
                 the data replication, involving the creation and                        used for the authorization purposes – work is underway to
                 management of data replicas in different geographical                   support the Community Access System (CAS) [10]. G3S
                 locations, in order to optimize the data access cost. The               supports Bell-LaPadula Model for the assurance of grid
                 objective of OptorSim is to investigate the stability and               data confidentiality and the Watermarking technique is
                 transient behavior of replication optimization methods.                 used to assure the integrity of the data flowing across the
                 Principles OptorSim models the interactions of the                      grid resources. G3S is designed in user-friendly way, so
                 individual grid components of a DataGrid. Its design                    that even a user with a shallow knowledge of security
                 directly derives from the DataGrid project architecture.                services may equally use it. For example, a user may
                 OptorSim considers the following concepts: 1) sites                     intend to simulate confidentiality features without knowing
                 typically providing computational and/or data-storage                   that confidentiality requires access control mechanism.
                 resources, 2) resource broker scheduling jobs to computing              G3S automatically invokes the prerequisite security
                 resources and 3) routers without computing or storage                   services so that a true scenario can be simulated even if its
                 resource. Jobs run on computing resources use the data                  user does not know all of its parameters.
                 stored on storage resources. OptorSim allows describing                     Simulations of different attack patterns is provided so
                 the network topology by enumerating the links between                   that the designers can see if their design can deter the
                 sites and their available bandwidth. Optor also considers               security threats and can survive after the attack. G3S has a
                 file access patterns (order in which files are accessed by              mechanism for threats dissemination. If a node attempts to
                 jobs): sequential (ordered list), flat random selection from            cross its defined privileges then an alert signal about the
                 the list, unitary random walk on the list (one step in any              presence of a malicious node is sent to all the relevant
                 direction), Gaussian random walk (gaussian distribution                 nodes.
                 around the previous file).                                              Implementation G3S is written in Java. It is lightweight
                 Implementation OptorSim follows a modular architecture,                 and can be installed and executed from a single PC. An
                 allowing the plug-in of different access pattern generators             easy-to-use graphics user interface (GUI) is provided.
                 for workload simulation and different optimization                      Detailed log of the various operations is maintained to
                 algorithms. Every computing resource is implemented by a                facilitate the auditability. This log file can be accessed by
                 thread. The resource broker scheduling the jobs into                    any querying program for swift access to some particular
                 computing resource is handled by another concurrent                     event as it is very difficult to find the trace of certain
                 thread. OptorSim considers a single job per resource at the             activity by general observation of a huge audit trail. Nodes
                 same time. The simulation is based on the architecture of               have different geometrical shapes (such as circular, square,
                 the EU DataGrid project.                                                triangular, etc.) to graphically exhibit their heterogeneous
                 Applications With Optor, several replication strategies                 nature. These shapes correspond to the nature of the
                 have been compared: no replication, unconditional                       participating nodes (e.g. their communication mechanisms,
                 replication deleting the oldest files if space is required,             their static or mobile nature, etc.) These nodes can be
                 unconditional replication LRU (Least Recently Used) and                 grouped together to form virtual organizations (VOs) at
                 a more sophisticated algorithm based on an economic                     any instant. A number of VOs may be created
                 approach.                                                               simultaneously and their transactions are consequently
                                                                                         simulated. A different color is allocated for each VO.
                 3. Grid Security Services Simulator (G3S)                               Applications G3S can be used to simulate the working and
                                                                                         efficiency of a grid security model. The alpha version of
                 Motivations The prime motivations behind the design and                 G3S can simulate the security services of a grid of
                 development of G3S was to lay the foundation of a                       maximum 100 nodes; however, the next release will be
                 simulations tool for the grid security services as none of              able to handle 1000 nodes. These nodes are not necessarily
                 the existing grid simulators provides any support for the               the fixed resources – mobile grid nodes can also be
                 security functionalities. It was felt imperative to provide a           simulated with their corresponding mobility features and
                 Graphics User Interface (GUI) so that even non-computer                 constraints.
                 professionals (such as health grid users) can benefit from
                 this tool by interactively simulating various grid security             3.1. G3S Structure
                 features (such as secure exchange of documents, attack
                 patterns, etc).

Proceedings of the First International Conference on e-Science and Grid Computing (e-Science’05)
0-7695-2448-6/05 $20.00 © 2005 IEEE
                    G3S is composed of five main components (as shown in                   R2.3: A document exchange takes place according to
                 figure 1): Core, DocumentExchange, SecurityPolicy,                              the rules set forth in the security policy
                 TrustManger and Attack.                                                   R2.4: A document exchange needs to check the current
                                                                                                 trust value of the sending and receiving nodes
                                                                                           R4.1: Trust Management deals with the trust level of
                                                                                                 each node
                                                                                           R5.1: An attack may result in several victim nodes
                                                                                           R5.3: Success or failure of an attack depends on the
                                                                                                 strength of the VO security policy
                                                                                           R5.4: If an attack is detected, the trust levels of the
                                                                                                 attacker and the attacked nodes are changed

                                                                                              These relationships of the various components are not
                                                                                           rigid. The existing functions can be easily extended.
                                                                                           Likewise, more security functions can also be easily added.

                                  Fig. 1 : G3S main components                             3.2. Graphics User Interface (GUI) of G3S

                                                                                              G3S has a graphics window for user interaction. As
                    Interdependencies of various G3S components are                        shown in figure 2, buttons for various simulation features
                 summarized in the table 1. The Core uses Security Policy;                 (such as adding new users, resources, creation of VOs,
                 the Document Exchange uses Core, Security Policy, and                     security policy configuration, documents exchange, attack
                 Trust Management; the Security Policy is totally                          pattern, etc.) are provided on the left side of the window
                 independent of other components; the Trust Management                     beside in the pull-down menus. The central zone is the area
                 uses Core; and the Attack uses Core, Security Policy, and                 where the results of simulations are graphically displayed.
                 Trust Management.                                                         A list of different symbols used by the G3S is given on the
                                                                                           right side.




                 Core                          X
                                                                       X          X
                 Exchange       R2.1                    R2.3        R2.4
                                  X            X                       X          X
                                               X           X                      X
                 Mgmnt          R4.1

                 Attack         R5.1
                                                        R5.3        R5.4

                    (left) uses (up)
                 X (left) doesn’t use (up)
                                                                                                   Fig. 2 : G3S Graphics User Interface (GUI)
                     Table 1 : Interdependencies of the G3S components

                                                                                              In the G3S Graphics User Interface (GUI), new users
                    Various relationships of the table 1 are described below:              (individuals or groups) can be dynamically introduced (cf.
                                                                                           figure 2) at any time instant. Apart from the fundamental
                 R1.3: A VO has one Security Policy                                        parameters, such as name, confidentiality level etc.,
                                                                                           specific authentication parameters can be provided after
                 R2.1: A document exchange requires 2 G3SNodes
                                                                                           choosing the desired authentication mechanism (Kerberos
                       (which exchange the document)
                                                                                           ticket or X.509 certificate). As soon as a certain

Proceedings of the First International Conference on e-Science and Grid Computing (e-Science’05)
0-7695-2448-6/05 $20.00 © 2005 IEEE
                 authentication mechanism is chosen, G3S GUI                                The various nodes of these VOs can collaborate and
                 automatically asks for the corresponding parameters.                    share resources according to their roles and privileges. All
                                                                                         the exchange of data is recorded and the current status of
                                                                                         each transaction is graphically displayed. Apart from the
                                                                                         collaborations among a VO’s nodes, the VOs themselves
                                                                                         can collaborate for certain jobs.

                                 Fig. 3 : Adding new resources

                    Similarly, new computing resources can be dynamically
                 added (cf. figure 3).
                    New VOs can be created anytime by choosing the
                 participating nodes (users and resources). A unique name                                    Fig. 5 : G3S entities
                 is required for each VO (cf. figure 4) and the security
                 policy for each VO is configured. A number of VOs may                      G3S can also simulates various attack situations such as
                 be created simultaneously and their transactions are                    denial-of-service, man-in-the-middle, relay, wormhole (cf.
                 consequently simulated.                                                 figure 6). It can also simulate the survivability feature of a
                                                                                         security design.

                                    Fig. 4 : Creation of a VO
                                                                                                         Fig. 6 : Attacks simulations
                     As shown in figure 5, various nodes have different
                 colors and geometrical shapes (such as circular, square,
                 triangular, etc.) to graphically exhibit their heterogeneous            3.3. Validation of G3S Results
                 nature. These shapes correspond to the nature of the
                 participating nodes (e.g. their communication mechanisms,                  Validation of simulations is the focal point of the
                 their mobility mechanism, etc.). A different color is                   applicability of G3S. We have developed a pervasive grid
                 allocated for each VO.                                                  prototype to validate the simulation results of G3S. An
                                                                                         example scenario of the system is described in this section:

Proceedings of the First International Conference on e-Science and Grid Computing (e-Science’05)
0-7695-2448-6/05 $20.00 © 2005 IEEE
                    All the teachers and students of our department are                  model students (S), teacher (T) and potential attacker
                 supposed to use their PDAs to gain access to the pedagogic              (encircled). One PC is used (to be connected from the third
                 resources. Wireless access points are provided in every                 Wi-Fi access point) to act as the CA. The overall
                 room of the department. These access points are also used               happening of the system is displayed on its screen
                 to determine the context of the users. In the library,                  including the log of the various actions taken by these
                 students can read e-books but can not read their                        PDAs and the time taken by each operation.
                 examination paper; whereas in the exam hall, from 9 am to                  We consider a bunch of heterogeneous nodes containing
                 noon, the students can read the examination paper, write                some malicious nodes. These nodes are considered
                 the answers file, but can not read books. The teachers can              mutually trusted until an attack is detected. A malicious
                 read and write the examination paper from both library and              node regularly tries to attack the other nodes. Each attack
                 from the exam hall.                                                     has a probability p of success. This probability depends on
                    A PDA is placed in the quarantine zone if its user:                  the target node type. A successful attack turns the victim
                                                                                         node into a new attacking node for the others. However, in
                 1.    tries more than three unsuccessful log-in attempts as             the contrary case the attacker is blocked in its firewall and
                       student or more than two unsuccessful log-in attempts             an alert concerning this node is transmitted in the system.
                       as teacher, as he/she may be a potential intruder;                   The results obtained from this grid setup are found to be
                 2.    is using too much bandwidth, as he/she may be trying              incompliance with the simulation results we obtained from
                       to cause the Denial of Service (DoS) attack;                      the G3S.
                 3.    is seeking unauthorized privileges.
                                                                                         3.4. Integration of G3S with GridSim
                      Placement in a quarantine zone implies that:
                                                                                            We interacted with the developers of GridSim during
                 1.    other users are informed of his/her presence, as a                the development phase of the alpha version of G3S so as to
                       troublemaker;                                                     give a broader scope to G3S. Moreover, the integration of
                 2.    he/she is asked to behave normally otherwise he/she               security services simulations into GridSim will provide a
                       will be expelled;                                                 comprehensive simulations tool for the grid community;
                 3.    after some time ? t it is evaluated whether to clear              and hence the users of GridSim can also simulate security
                       him/her out the quarantine zone or disconnect him/her             functionalities beside scheduling and resource management
                       from the system. This decision will be based on the               parameters.
                       close observation of his/her activities during the                   The users and resources defined for the G3S are the
                       quarantine period ? t.                                            GridUser and GridResource of GridSim, and the actions
                                                                                         (such as the exchange of document) are Gridlets of
                                                                                         GridSim. A Gridlet is a package that contains all the
                                                                                         information related to the job and its execution
                                                                                         management details such as job length expressed in MI
                                                                                         (Millions Instruction). For example, the exchange of
                                                                                         document is defined as a DocumentGridlet which extends
                                                                                         to gridsim.GridSim class.
                                                                                            In the G3S Core module, we have defined G3SUser,
                                                                                         G3SResource, and G3Slink classes. These classes inherit
                                                                                         (extend) following GridSim functions:

                                                                                            G3SUser extends gridsim.GridUser
                                                                                            G3SResource extends gridsim.GridResource
                                                                                            G3Slink extends

                                                                                            These classes are harnessed together by a superclass
                                                                                         called G3SNode.
                                                                                            There exist some redundancy of code between G3S and
                                                                                         GridSim, such as simJava classes. It is in fact required so
                                                                                         that G3S can be executed independently without GridSim.
                                     Fig. 7 : Prototype setup                            This standalone feature is desirable from the point of view
                                                                                         of the field testing of G3S. We will optimize the G3S code
                    As shown in figure 7, two different Wi-Fi access points              after its extensive field testing by the grid community.
                 at our department building are used to model library and
                 exam hall. PDAs with embedded Wi-Fi card are used to

Proceedings of the First International Conference on e-Science and Grid Computing (e-Science’05)
0-7695-2448-6/05 $20.00 © 2005 IEEE
                 4. Conclusions and Perspectives                                              Symposium on Cluster Computing                   and    the   Grid
                                                                                              (CCGrid'05), Cardiff, UK, may 2005.
                     This paper provides an overview of the grid security                6.   Cameron D., Carvajal-Schiaffino R., Millar P., Nicholson
                 services simulator (G3S). The absence of any formal tool                     C., Stockinger K., and Zini F., OptorSim: A Grid Simulator
                 for the simulation of the grid security features motivated us                for Replica Optimisation, UK e-Science All Hands
                 to develop a simulator for the validation of grid security                   Conference 31 August - 3 September 2004.
                 models. G3S is still in its nascent stage; however, its
                 prospects are fascinating. The basic simulator design                   7.   Naqvi S., Riguidel M., VIPSEC: Virtualized and Pluggable
                                                                                              Security Services Infrastructure for Adaptive Grid
                 (alpha version) is completed. Currently we are working to
                                                                                              Computing, Proceedings of the IEEE International
                 add more advanced features such as simulations of the                        Symposium on Network Computing and Applications (IEEE
                 pluggable security services.                                                 NCA04), Cambridge, Massachusetts - USA, August 30–
                     G3S will assist grid security designers in formally                      September 01, 2004. [ISBN 0769522424]
                 simulating and validating their propositions. It will
                 positively impact their empirical research. The GUI makes               8.   Naqvi S., Riguidel M., Performance Measurements of the
                 it easy to use. G3S will enable the grid security developers                 VIPSEC Model, High Performance Computing Symposium
                 to compute Quality of Protection (QoP) [11] and                              (HPC 2005), San Diego, California - USA, April 3-7, 2005.
                                                                                              pp 182-187 (ISBN 1565552938)
                 consequently its Quality of Security Service (QoSS) [12].
                 Evaluation of grid’s quality of security requires a dynamic             9.   Ashley P., Hinton H., Vandenwauver M., Wired versus
                 mechanism like QoSS to properly assess its adaptive                          Wireless Security: The Internet, WAP and iMode for E -
                 security nature.                                                             Commerce, 17 th Annual Computer Security Applications
                                                                                              Conference (ACSAC 2001), December 10-14, 2001, pp 296-
                 Acknowledgement                                                              306

                                                                                         10. Pearlman L., Welch V., Foster I., Kesselman C., and Tuecke
                    The authors would like to express their gratitude to a                   S., A Community Authorization Service for Group
                 number of people who have contributed with valuable                         Collaboration, IEEE Workshop on Policies for Distributed
                 assistance; especially Hairong Zhou, a highly skilled                       Systems and Networks, 2002
                 graphics programmer; Rajkumar Buyya and Anthony
                 Sulistio, who provided considerable assistance in the                   11. Linn J., Generic Security Service Application Program
                 integration of G3S with GridSim.                                            Interface, IETF Request for Comments: 1508, September

                 References                                                              12. Irvine C., Levin T., Quality of Security Service, In the
                                                                                             Proceedings of the New Security Paradigms Workshop 2000
                 1.   Quetier B. and Cappello F., A Survey of Grid Research                  (NSPW2000), Ballycotton, County Cork, Ireland, September
                      Tools: Simulators, Emulators and Real Life Platforms,                  19-21, 2000
                      Proceedings of the 17th IMACS World Congress (IMACS
                      2005), Paris, France, 2005                                                             Michel Riguidel is the Chair Department of Computer
                                                                                                             Science and Networks, at ENST (Graduate School of
                                                                                                             Telecommunications) Paris, where he lectures in
                 2.   Takefusa A., Matsuoka S., Aida K., Nakada H., and                                      security and advanced networks. His research is
                      Nagashima U., Overview of a performance evaluation                                     oriented towards security of Information Systems and
                      system for global computing scheduling algorithms        ,                             Networks, Architecture of Communication Systems
                      Proceedings of the Eighth IEEE International Symposium on                              (Grids, Next Generation Internet, Configurable Netwo-
                      High Performance Distributed Computing (HPDC'99),                  rks, etc.). He is the Head of the Multidisciplinary Thematic Network in
                      Washington, DC, USA, 3-6 August 1999, pp 97-104                    security at CNRS (National Scientific Research Commission). He belongs
                                                                                         to the Executive Board of RNRT (National Network in
                 3.   Legrand A., Marchal L., Casanova H., Scheduling                    Telecommunication Research). In the IST Integrated Project of FP6, he is
                      Distributed Applications: The SimGrid Simulation                   Scientific Director of the SEINIT (Security Expert Initiative) integrated
                      Framework, Proceedings of the 3rd IEEE/ACM                         project and Key Researcher of the SECOQC Integrated Project
                                                                                         (Development of a Global Network for Secure Communication based on
                      International Symposium on Cluster Computing and the
                                                                                         Quantum Cryptography), responsible of the Network Architecture. He has
                      Grid 2003 (CCGrid2003), May 12-15, 2003, pp 138-145                several patents in security (firewall, watermarking and protecting CD
                 4.   Buyya R. and Murshed M., GridSim: A Toolkit for the
                      Modeling and Simulation of Distributed Resource
                                                                                                           Syed Naqvi received the B.S. degree in Industrial
                      Management and Scheduling for Grid Computing, The
                                                                                                           Electronics from N.E.D. University of Engineering and
                      Journal of Concurrency and Computation: Practice and                                 Technology, Karachi and the M.S. degree in Computer
                      Experience, Wiley Press, May 2002. pp 1-32                                           Sciences and Telecommunications with specialization
                                                                                                           in Information System Technologies from the
                 5.   Dumitrescu C. and Foster I., Gangsim: A Simulator for Grid                           Technological University of Grenoble, France. He is
                      Scheduling Studies, Proceedings of the IEEE International          currently working towards his PhD in Grid Security at ENST Paris.

Proceedings of the First International Conference on e-Science and Grid Computing (e-Science’05)
0-7695-2448-6/05 $20.00 © 2005 IEEE

To top