Docstoc

Grid security

Document Sample
Grid security Powered By Docstoc
					Grid Computing Security
        Presented by :
      Rasha Hassan Sakr

       Under supervision
     Prof.\ FATMA A. OMARA
     DR.\ OMIMA M. NOMIR
                   outline
   Definition of distributed systems
   Definition of grid computing
   The main characteristics of grid computing
    and their components
   The challenges of grid computing
   Grid computing security
   The security algorithms for grid
    computing
   Improving the proposed algorithm
          Distributed systems
   Distributed systems are constructed from
    single systems, tied together by some kind
    of hardware and software connection to
    distribute the work over various
    computers
.

    Machine A          Machine B                  Machine C


             Distributed applications


                 Middleware services

         Local                                        Local
          OS                     Local                 OS
                                  OS

                                                 Network
                  Figure: Middleware in a distributed system
Grid computing and applications
   A Grid as a collection of computing resources available
    over a local or WAN that appears to an end user or
    application as one large virtual computing system VO.

   Grid computing requires the use of specialized
    middleware to mitigate the complexity of integrating of
    distributed resources within an Enterprise .

 Engineering, particle physics, astronomy, chemistry
and materials, environmental science, bioscience and
genomics, education, digital libraries
 Healthcare: medical imaging, brain atlas, molecular
  informatics, telemedicine
                  Grid computing environment


               Grid Information Service                                      Grid Resource Broker




                                                                                               Application


                                      R2                          database
                                                             R3                  R4

                               R5                       RN
Grid Resource Broker
                                           R6
                                                                                  R1
                                                                                           Resource Broker




                                          Grid Information Service
    The main Grid characteristics
   Heterogeneity
   Scalability
   Dynamicity
   or Adaptability
              Grid components
   Grid portal
    Security (grid security infrastructure) provides
    secure and authorized access to the grid
    resources
    Broker (along with directory)
   Scheduler
   Data management
   Job and resource management
    Resources (grid fabric)
    The challenges of grid computing
   Resource management
   Grid security
      Grid resource management
   process of identifying requirements,
   matching resources to applications,
    allocating those resources,
   and scheduling and monitoring Grid resources over time
    in order to run Grid applications as efficiently as
    possible.
   Resource management in Computational and Data Grid
    environments offers many security challenges.
   Some of these challenges exist in many computing
    environments, but others are unique to Grid systems.
   Many of the unique problems in Grid security arise
    because of the distributed nature of Grid systems.
         Grid Computing security
   a key requirement for grid computing is security. In a
    grid environment,
   a secure environment is one that is able to
   protect communication between jobs on the system from
    third party observers,
    protect jobs from adverse effect caused by other jobs’
    actions,
   and protect jobs from resource starvation (prevent DoS
    attacks, or illegal resource utilization by other users).

    there is a need for mechanisms to provide
     authentication, authorization, data confidentiality,
     data integrity, and availability, accountability.
           Grid security …how?
               Cryptography
  An encryption algorithm takes some data
   and transforms it so that the original data
   cannot be discovered by anyone looking at
   the encrypted data.
 Any encryption algorithm must use some
   type of key so that only the intended
  recipient can decrypt the data. There are
   two main types of encryption keys:
 symmetric and asymmetric.
           Symmetric encryption
   a single key is used to both encrypt and decrypt the
    data.
   Symmetric encryption algorithms take as input a key and
    an arbitrary length bit stream and produce an arbitrary
    length bit stream as output.
    A good encryption algorithm should produce output that
    makes it very hard to calculate what the original input
    was
   One obvious problem with symmetric key encryption is
    that both parties must have the same keying material.
    This presents the problem of how both parties securely
    acquire this keying material.
          Asymmetric cryptography
   offers one solution to this problem.
   In asymmetric cryptography a pair of keys are used
   One key is called the public key and can be publicly
    available
   the other is the private key and must be kept secret by
    its owner.
   This key pair has the important property that information
    encrypted with one key can only be decrypted with the
    other key.
   Thus, the sender of a message can find the public key
    for the person they wish to communicate with from a
    public source like a web server or directory server.
   The sender then uses the recipient’s public key to
    encrypt a message that only the recipient can decrypt
    using the corresponding private key
      Virtual organization VO
 is a community of resource providers and
  users from multiple administrative
  domains, collaborating in order to achieve
  common objectives
 Each institution in the project has a local
  security policy that governs access to its
 local resources.
 Although these institutions are partners in
  the VO, not all their users are members of
  the VO (denoted Grid users)
   In addition, not all resources are shared
    with the VO (denoted Grid resources)
   Some resources are restricted to the VO
    and only accessible by local users
   Each institution has a local intranet
    security solution such as Kerberos or
    Public Key Infrastructure (PKI)
A typical Virtual Organization and Grid Infrastructure
      Security issues on the Grid

   Grid applications are characterized by the
    coordinated use of resources from different
    administrative domains.
   Each site in the VO is independently
    administered and has its own local security
    solutions such as Kerberos and PKI.
   These solutions are built on top of different
    platforms such as UNIX ,Windows and OS2 .
Reconcile local policies with Global policy
           Security problems
   Interoperability
   Policy level
   Authentication
   Authorization
   Scalability
   Confidentially and integrity issues
   Trust
   Usability
   Firewall
    The security algorithms for grid
             computing
   The range of available grid simulation tools, such as
    Bricks , SimGrid , GridSim, GangSim, OptorSim etc., does
    not provide any support for the simulations of grid
    security functions
   Grid security services simulator G3S is simulation
    tool for the grid security services as none of the existing
    grid simulators provides any support for the security
    functionalities.
   Principles G3S models security functionalities of a grid.
    The grid nodes may be static or mobile.
   G3S has a graphics window for user interaction.
Graphics User Interface (GUI) of G3S
                    G3S
   In the G3S (GUI), new users (individuals
    or groups) can be dynamically introduced
   Similarly, new computing resources can be
    dynamically added
   New VOs can be created anytime by
    choosing the participating nodes (users
    and resources)
   and the security policy for each VO is
    configured.
    Simulations of Attacks Patterns
   G3S can also simulate various attack situations such as
    denial-of-service DOS, man-in-the middle, relay, and
    wormhole .It can also simulate the survivability feature of
    a security design.
   As an example of attack simulations, we consider a
    bunch of heterogeneous nodes containing some
    malicious nodes.
    These nodes are mutually trusted nodes until an attack
    is detected. A malicious node regularly tries to attack the
    other nodes. Each attack has a probability p of success.
    This probability depends on the target node type.
   A successful attack turns the victim node into a new
    attacking node for the others.
    However, in the contrary case the attacker is blocked in
    its firewall and an alert concerning this node is
    transmitted in the system.
   If the attacker fails in its first attempt, it will be
    difficult for it to take control of the other nodes.

    Here node 0 escapes an attack from node 1 and
    blocks its transmissions. The other nodes are
    promptly informed of the threat so that they do
    not remain confident in node 0;and hence the
    overall system is protected.

   But if the node 0 fell prey to the attack of node
    1 and then manages to take control of node 3 all
    the other nodes will soon be affected resulting in
    the successful endeavor of the attacker.
Improving the proposed algorithm

   Improving one of the grid security
    simulators (G3S) which can't measure the
    performance of grid security service by
    building an analytical model to measure
    the performance or quality of service(QoS)
   Comparing the proposed grid security
    simulator tool with others in current use.
                Some References:
[1] I. Foster, C. Kesselman, and S. Tueske, “The Anatomy of the Grid”,
   International Journal of Supercomputer Applications, 15(3), 2001.
[2] A Networking Approach to Grid Computing. By Daniel Minoli, ISBN
   0-471- 68756-1 © 2005, John Wiley & Sons, Inc.
[3] Naqvi S., Riguidel M., VIPSEC: Virtualized and Pluggable Security
   Services Infrastructure for Adaptive Grid Computing, Proceedings of
   the IEEE International Symposium on Network Computing and
   Applications (IEEE NCA04), Cambridge, Massachusetts - USA,
   August 30– September 01, 2004. [ISBN 0769522424]
[4] Naqvi S., Riguidel M., Performance Measurements of the VIPSEC
   Model, High Performance Computing Symposium (HPC 2005), San
   Diego, California - USA, April 3-7, 2005. pp 182-187 (ISBN
   1565552938)
[5] Naqvi S., Riguidel M., Grid Security Services Simulator (G3S) – A
   Simulation Tool for the Design and Analysis of Grid Security
   Solutions , Proceedings of the First International Conference on e-
   Science and Grid Computing (e-Science’05)
   0-7695-2448-6/05 © 2005 IEEE

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:214
posted:2/19/2010
language:English
pages:28
Description: grid computing