Grid Computing Security

Document Sample
Grid Computing Security Powered By Docstoc
					Fletcher Liverance, 5 May 2009

Grid Computing Security
A Taxonomy
IEEE Security & Privacy, 2007
Anirban Chakrabarti Anish Damodaran Shubhashis Sengupta

Overview
What is Grid Computing? Pie in the sky Host-level issues and solutions Architecture-level issues and solutions Credential-level issues

What is Grid Computing?
“geographically distributed heterogeneous resources are virtualized as a unified whole.”
• Web 2.0 • Scalable Link Interface (SLI) • Virtualization • Software as a service • Folding@home • Peer to peer • Cluster computing • Cloud computing • Distributed computing

Computing Comparison

Pie in the sky
IBM Roadrunner




6,480 AMD dual core 12,960 IBM PowerXCell 300,000 employees 600,000 processors 600 TB of RAM 120,000 TB of Storage One billion PCs 95 million consoles Two billion cell phones

Hewlett-Packard






World wide





Host-level issues and solutions
Data Protection


Application-level sandboxing
Proof-carrying code





Rules guaranteeing safe execution Code producer responsible for safety Does not scale



Virtualization
VMware GSX/ESX/Workstation Paravirtualization




Xen IA-32 architecture is non-virtualizable

Host-level issues and solutions
Data Protection


User-space sandboxing
TRON – Process-level discretionary access control system Simple, but requires system call reimplementation Call chaining issues Incomplete context



Flexible kernels (Kernel-level sandboxing)
Exokernel OS, MIT Zones, Sun Solaris 10 Application containers

Host-level issues and solutions
Job starvation


Advanced reservation techniques
Request resources from grid scheduler Non-transparent Requires advanced scheduling techniques



Priority-reduction techniques
Local priority reduction Sun Grid engine Ad hoc mechanism Unpredictable behaviour, lower QoS performance Example: Peer to peer

Architecture-level issues and solutions
Information security
 

Grid Security Infrastructure (GSI) Secure communication
Transport level security - SSL/TLS Message level security – Web Services Security (WSS) via SOAP



Authentication
CA Certificates User/password over SOAP with WSS GSI-to-Kerberos gateway



Single sign-on and delegation
Timed proxy

Architecture-level issues and solutions
Policy-mapping issues


Resource level
Akenti – Distributed access control mechanism
 

Use-condition certificates Attribute certificates



Virtual Organization level
Community Authorization Service (CAS) Role based access control

DoS


Preventative solutions
Application filtering Snort - Intrusion Detection System



Reactive solutions
Link testing Logging

Credential-level issues
Credential repositories
 

Take responsibility for credential storage MyProxy Online
“Manage credentials across multiple systems, domains, and realms.” KX.509 Circle of trust Shibboleth

Credential federation systems


  

Conclusions
“Grid security’s ultimate goal is to make the grid infrastructure seamless and protect it against both known and unknown security attacks.”
1. 2. 3. 4. 5. Identify vulnerabilities Develop threat models Develop countermeasures to threat models Evaluate counter measures (repeat ad nauseam)


				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:166
posted:8/11/2009
language:English
pages:12
Shah Muhammad  Butt Shah Muhammad Butt IT professional
About IM IT PROFESSIONAL