1. Grid technology Security issues Andrey Nifatov sparcsolaris@mail333.com A hacker

2. Terms Globus is a US government-funded project that provides software tools that allow you to build grids and grid-based applications. Grid is a distributed computational tool that allows you to use geographically distributed resources for single computational project. * “Grid computing : A practical guide to technology and applications”

3. Virtual Organization The wide spectrum of problems, are associated with resource sharing for virtual organization VOs “share geographically distributed recourses, assuming the absence of global controller, and an existing trust relationship”

4. Virtual Organization VO can be large or small, static or dynamic They may be only created to solve specific problem

5. Virtual Organization

6. Differences between Grids and the older distributed tools Grid supports varied systems Grid could involve almost unlimited number of computational resources (the Internet) Security was considered a primary focus

7. Grid architecture Includes protocols and interfaces that provide access to the resources Includes core protocols from the Internet model. IP,DNS,BGP,IGRP Defines protocols that are necessary to control sharing of local resources Includes protocols that provide system oriented capabilities Includes protocols that are targeted toward a specific application

8. Globus uses Certificate Authority All grid resources need to be signed by a CA. Registrant Authority works together with CA. The RA approves or rejects request for certificate and forwards information to CA.

9. Certificate Authority Before CA can sign certificates for others, it must sign and issue certificates for itself. CA randomly generates its own key pair CA protects its private key CA creates its own certificate its info CA signs its certificate with its private key

10. Certificate Authority Thus, its private key is sensitive to attacks from hackers. The most famous way to protect involves special hardware which doesn’t have network connection. The private key is stored inside the hardware and never leaves it. The hardware could support a smart card processor, if this is not very expensive tool. If this is not the case, dedicated hardware CA may be involved. A hacker

11. Grid certificate Provides identity Contains your information Contains your public key Will be used to decrypt the SSL session ID Has unique Distinguished Name (DN) Also called X.509

12. Remote delegation: Grid proxy Acts as yourself: Submits a request to the foreign host on your behalf. Also called remote delegation Store proxy’s private key on the remote machine

13. Conclusion Supercomputers are expensive and specializedSupercomputers are expensive and specialized Grid computers solve problems by using multiple computes instead of a single computer.Grid computers solve problems by using multiple computes instead of a single computer. This shift produces a dramatic increase in the speed and decrease in the cost.This shift produces a dramatic increase in the speed and decrease in the cost. However, it is also a shift from an environment that is secure by definition to one that is public and secured like the Internet. Thus, security issues were considered a primary focus on the way to developing this tool.However, it is also a shift from an environment that is secure by definition to one that is public and secured like the Internet. Thus, security issues were considered a primary focus on the way to developing this tool. A hacker