Presentation is loading. Please wait.

Presentation is loading. Please wait.

CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.

Published byAllison Riley Modified over 10 years ago

Similar presentations

Presentation on theme: "CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies."— Presentation transcript:

1 CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies Providing security to the Desktop Data Grid FORTH ICS (Greece) Jesus Luna, Michail Flouris, Manolis Marazakis and Angelos Bilas April-2008

2 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 2 Outline Introduction Desktop Data Grids Methodology: –Security Analysis –Data Security Protocol –Analytical Results Conclusions Future Work

3 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 3 Introduction Desktop Grids, and in particular Volunteer Computing, are well-known for their computational power: –BOINC has approximately 316,000 volunteers, 558,000 nodes and 1,024 TeraFLOPS (24-hr average). (March-08)

4 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 4 Desktop Data Grids Nowadays the storage potential of Desktop Grids is also being considered: 7.74 PetaBytes @ 5.27 TeraBytes/sec. Interesting initiatives are appearing, i.e. Storage@Home [IPDPS07] and RevStor. However, from a data-centric point of view which are the security requirements of these novel Desktop Data Grids (DDG)?

5 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 5 Methodology Extrapolating our current security research (Data Grids) to the DDG: 1.Applied a data-centric security analysis framework. 2.Adapted the contributed data security protocol. 3.Obtained some analytical results about the stored datas assurance.

6 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 6 Data Security Analysis Desktop Data Grids architecture: Submits a Job Data I/O AuthN/AuthZ Data Staged for VSC Requests Data All Data I/O is initiated by the VSC

7 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 7 Data Security Analysis Security issues found with the analysis: Trusted Services Secure Channels High Volatility Stored Data may be Leaked, Changed or Destroyed Heterogeneous SW, HW, Admin Static propagation of Revocation Data

8 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 8 Data Security Protocol Based on three mechanisms to protect data stored at VSCs: 1.Symmetric cryptosystem: Provides confidentiality and integrity (hash and nonce) to the data at-rest. 2.Data fragmentation: Contrary to replication, provides data availability and confidentiality using a m out-of n IDA. 3.Quality of Security: Improves the IDA by distributing fragments to secure VSCs.

9 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 9 Quality of Security (QoSec) VSCs are heterogeneous in every way: may join or leave anytime, may be compromised, etc. Therefore they provide different levels of assurance to stored fragments. If this QoSec can be quantified to characterize each VSC, then a Client may request a minimum value to be fulfilled for storing his data. Analogous to QoS (communication) and LoA (Grid AuthN). Requirements: –A security policy with provisions relevant to data assurance (i.e. availability). –An evaluation methodology.

10 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 10 Evaluation Methodology: REM in-a-box Step 0 – Policy Definition: Set of rules modeling the VSCs behavior. Step 1- Policy Formalization Px=RAID Level Px={No RAID, RAID-0, RAID-1, RAID-5} Card(Px)=4 Step 2a – Security Matrix per-VSC P(vsc)=PC with RAID-1 P(vsc)=(1,1,1,0) - vector per-provision P(RAID-0) < P(RAID-1) < P(RAID-5) - Ordered relationship M(vsc) is a matrix built from a set of P(vsc) - Security Policy Step 2b - Evaluation technique: uses a metric criteria (i.e. Euclidean Distance) to compute a numeric QoSec relative to a reference Matrix (i.e. a Zero-matrix)

11 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 11 QoSec: Analytical Results As a proof of concept, we analyzed the relationship among QoSec and Data Assurance: –A first approach for the VSCs security policy considered a subset of rules from a Certificate Policy (CP). –CPs from HellasGrid, CERN and IRISGrid were evaluated with REM. –Analyzed the distribution assurance for a dispersal algorithm μ [Mei03], but considering the introduced QoSec :

12 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 12 QoSec: Analytical Results QoSec(HellasGrid) = 4.47 QoSec(CERN) = 6.00 QoSec(IRISGrid) = 5.48 QoSec(EUGridPMA) = 4.24 N=100 n=15 High QoSec= Better Data Assurance with smaller number of fragments Low QoSec= requires more fragments to achieve higher Data Assurance

13 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 13 Conclusions Desktop Grids offer an interesting option for storing data, however security implications of using untrusted clients need to be studied (among other factors!). Based on our current work for the Data Grid, we analyzed the security of DDGs and proposed a protocol that if implemented at the Project Server, then may minimize key compromise while avoiding extra processing at the VSCs. An analytical model has shown the relationship QoSec -> data assurance.

14 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 14 Future work Definition of a comprehensive Security Policy, mostly focused on the VSCs availability. Client executing code directly on the data stored at the VSC. Begin contact with EDGeS (Enabling Desktop Grids for eScience) http://www.edges-grid.eu/

15 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 15 Thank you for your attention! Questions? Jesus Luna jluna@ics.forth.gr jluna@cs.ucy.ac.cy

16 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 16 A few words on Data Fragmentation DDD D Replication

17 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 17 A few words on Data Fragmentation DD2D2 D1D1 D3D3 Fragmentation 2 out of 3 Back

18 European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 18 Highly heterogeneous VSCs (λ 0) imply a highly available DDG (QoSec ), thus: Distribution Assurance Number of VSCs clients Data split into n- fragments. Requires m to rebuild it λN VSCs share the same configuration

Download ppt "CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies."

Similar presentations

EU Presidency Conference Effective policies for the development of competencies of youth in Europe Warsaw, 16-18 November 2011 Improving basic skills in.

EU Presidency Conference Effective policies for the development of competencies of youth in Europe Warsaw, November 2011 Improving basic skills in.
A Lightweight Platform for Integration of Mobile Devices into Pervasive Grids Stavros Isaiadis, Vladimir Getov University of Westminster, London {s.isaiadis,

A Lightweight Platform for Integration of Mobile Devices into Pervasive Grids Stavros Isaiadis, Vladimir Getov University of Westminster, London {s.isaiadis,
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.

1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.
© Copyright 2006 FPT Software 1 © FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 How to work in Fsoft project Authors: KienNT.

© Copyright 2006 FPT Software 1 © FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 How to work in Fsoft project Authors: KienNT.
Java Autonomic Agent Framework with Self-Testing Andrew Diniz da Costa Camila Nunes

Java Autonomic Agent Framework with Self-Testing Andrew Diniz da Costa Camila Nunes
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.

Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.
Institute for Cyber Security

Institute for Cyber Security
Pricing for Utility-driven Resource Management and Allocation in Clusters Chee Shin Yeo and Rajkumar Buyya Grid Computing and Distributed Systems (GRIDS)

Pricing for Utility-driven Resource Management and Allocation in Clusters Chee Shin Yeo and Rajkumar Buyya Grid Computing and Distributed Systems (GRIDS)
Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.

Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.
Report on the Workshop on GENI and Security or, What Happens When the GENI Leaves the Bottle? Matt Bishop Department of Computer Science University of.

Report on the Workshop on GENI and Security or, What Happens When the GENI Leaves the Bottle? Matt Bishop Department of Computer Science University of.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Network Resource Broker for IPTV in Cloud Computing Lei Liang, Dan He University of Surrey, UK OGF 27, G2C Workshop 15 Oct 2009 Banff,

Network Resource Broker for IPTV in Cloud Computing Lei Liang, Dan He University of Surrey, UK OGF 27, G2C Workshop 15 Oct 2009 Banff,
All rights reserved © 2006, Alcatel Grid Standardization & ETSI (May 2006) B. Berde, Alcatel R & I.

All rights reserved © 2006, Alcatel Grid Standardization & ETSI (May 2006) B. Berde, Alcatel R & I.
15.082 and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem 1 24 35 10, $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $7 25 0 0 0-25.

and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem , $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $
Wireless Networks Should Spread Spectrum On Demand Ramki Gummadi (MIT) Joint work with Hari Balakrishnan.

Wireless Networks Should Spread Spectrum On Demand Ramki Gummadi (MIT) Joint work with Hari Balakrishnan.
An Alliance based Peering Scheme for P2P Live Media Streaming Darshan Purandare Ratan Guha University of Central Florida August 31, P2P-TV, Kyoto.

An Alliance based Peering Scheme for P2P Live Media Streaming Darshan Purandare Ratan Guha University of Central Florida August 31, P2P-TV, Kyoto.
DG Energy and Transport, European Commission Fabrizio Barbaso 17/04/2008 EU RENEWABLE ENERGY PROPOSALS ARF Energy Security Seminar EUROPEAN COMMISSION.

DG Energy and Transport, European Commission Fabrizio Barbaso 17/04/2008 EU RENEWABLE ENERGY PROPOSALS ARF Energy Security Seminar EUROPEAN COMMISSION.
CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.

CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.
CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.

CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.

Similar presentations

Ads by Google