Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kai Hwang University of Southern California

Published byDominique Marcil Modified over 6 years ago

Similar presentations

Presentation on theme: "Kai Hwang University of Southern California"— Presentation transcript:

1 Trusted P2P and Grid Computing: Security Binding, Worm Control, and Reputation Aggregation
Kai Hwang University of Southern California Technical Presentation at : Tsinghua University, Beijing, China, Dec. 5, 2005, November 27, 2018 Kai Hwang at USC

2 Evolution of HPC, Clusters, Distributed P2P/Grid Computing, and Web Services
Distributed Computing High –Perf. Computing Disparate Systems Sharing Homogeneous Results in High Performance P2P Clusters Mainly for file sharing Geographically Sparse Resource Sharing Close to each other Web Services GRID Heterogeneous Application Interaction Within a Framework No existing framework November 27, 2018 Kai Hwang at USC

3 Integration of Grid and Web Services
OGSI GT2 GT1 HTTP WSDL, WS-* WSDL 2, WSDM Have been converging Started far apart in apps & tech ? Web However, despite enthusiasm for OGSI, adoption within Web community turned out to be problematic November 27, 2018 Kai Hwang at USC

4 P2P Systems, Computational Grids, and P2P Grids
Features P2P Systems Grids P2P Grids Architecture, Connectivity Flexible topology, highly scalable, autonomous users Static configuration with limited scalability P2P flexibility with Grid resource sharing initiatives Control and Resource Discovery Distributed control, client-oriented, free in and out, and self-organizing peers Centralized control, server or supercomputer-oriented with registered participants Policy-based control, operating with both P2P and Grid resource management Security, Privacy, Reliability Distrusted peers, insecure P2P interactions, and anonymity Guaranteed trust, more secure with federated users and accountability Peer-layer reputation system and Grid-layer security infrastructure Applications and Job Management General, content delivery, file sharing, download services Scientific computing, global problem solving, and hierarchical job management Support desktop, distributed Grid computing, and community services Represen-tative Systems Gnutella, Chord (DHT), CAN, Tapestry, etc. TeraGrid , GriPhyN Grid, LHC Grid , e-Science in UK , Vaga Grid in China Entropia, P2P Grid, PC Grid , P Grid, Linger Longer November 27, 2018 Kai Hwang at USC

5 GridSec: A Grid Security Research Project supported National Science Foundation at USC
Steps for automated self-defense at resource site : Step 1: Intrusion detected by host-based firewall /IDS Step 2: All VPN gateways are alerted with the intrusions Step 3: Gateways broadcast response commands to all hosts VPN Gateway 3 Site S1 Host 1 2 Internet Site S2 Site S3 From Computer Magazine November 27, 2018 Kai Hwang at USC

6 Five Related Publications to This Seminar : ( http://GridSec.usc.edu )
K. Hwang, et al, “DHT-based Security Infrastructure for Trusted Internet and Grid Computing” Int’l Journal of Critical Infrastructure, Vol.2, No.4, 2005 S. Song, K. Hwang, and Y.K. Kwok, “ Trusted Grid Computing with Security Binding and Trust Integration”, Journal of Grid Computing, Sept. 2005 M. Cai, K. Hwang, et al, “Fast Internet Worm Containment”, IEEE Security and Privacy, May/June, R. Zhou and K. Hwang, “Trust-Preserving Overlays for Fast Reputation Aggregation in Scalable P2P Grid Systems “, IEEE Trans. Parallel and Distributed Computing (TPDS), submitted Nov Y. K. Kwok, S. Song, and K. Hwang, “Selfish Grid Computing: Game Theoretic Modeling and NAS Performance Results”, ACM/IEEE Int’l Conf. on Cluster Computing and The Grids (CCGrid 2005), Cardiff, U.K., May 9-12, 2005 November 27, 2018 Kai Hwang at USC

7 The NetShield Architecture with Distributed Security Enforcement over a DHT Overlay [1]
Serious hackers November 27, 2018 Kai Hwang at USC

8 Grid Security Issues and Known Solutions
Level Issues Solutions Comments Host Level Data Protection Application Sandboxing (+) Strong security (-) Application modification User Space Sandboxing (+) Easy to implement (-) Security limitations Kernel Sandboxing (+) Very strong security (-) Huge complexity Policy Level Solutions (+) Easy to implement (-) Static policies Job Starvation Advance Reservations (+) Flexible Mechanism (-) Prior information Priority Reduction (+) Simple mechanisms (-) QoS violation Infra-struc-ture Level Resource Hacking Auditing based Solution (+) Guidelines for a good accounting system (-) Requirements need to be clarified Policy Mapping (+) Flexible policies/rights at VO level. (-) Plug-ins at resource end for authorization Resource Level (+) Authorization needed (-) Not for a VO Denial-of-Service Preventive (+) Simple implementation (-) Static and cannot detect new attacks Reactive (+) Can detect attackers (-) Can be used as a DoS attack tool Informa-tion Security Secure Communication (+) Digital signatures and SSL/TLS used. Authentication (+) Uses PKI services (-) No provisions for enhancement. Single Sign On (+) No need for repetitive authentication (-) CA’s known to all hosts. Domain Level Policy Policy Management Still in research Security Credential Management November 27, 2018 Kai Hwang at USC

9 Trusted Grid Job Scheduling [2]
Secure mapping of user jobs onto the Grid sites — the job security demand (SD) and the site trust index (TI) are attributed to many security measures and trust parameters A practical Grid job scheduler should be risk-resilient by considering SD and TI when mapping jobs to sites Trust Index of resource sites: Site reputation, prior job success rate, firewalls, intrusion detection, attack history, false alarms, system vulnerability, crypto library, security update frequency, etc. Security Demand of user jobs: Job sensitivity, peer authentication, encrypted messaging, access control, data integrity, user requirements, job application environment, etc. User jobs demanding security assurance Grid resource sites with trust levels assessed by peers Job Scheduler This slides shows that user jobs can demand various kinds of security assurances. For example, they may need encrypted massage …. Similarly, the trust index of Grid sites are also determined by many parameters. Our fuzzy inference approach can aggregate these many parameters to a single scalar quantity that can be used by the job scheduler. In the next, I will show you that the a practical job scheduler should be risk resilient by considering the job security demand and site trust indices. November 27, 2018 Kai Hwang at USC

10 Security Binding in Grids [2]
Evaluating site trust index using a fuzzy-logic based trust model Fuzzy trust aggregation at the intra-site and inter-site levels Feedback loop for dynamic security upgrading Matching with Job Security demand and Optimized Job Mapping Site Trust Index Intersite aggregation Defense Capability Site Reputation Intrasite aggregation IDS related Capabilities Anti-Virus Capabilities Firewall Secure Job Execution Prior Job Execution Success Rate Cumulative Site Utilization Job Turnaround Time Job Slowdown Ratio November 27, 2018 Kai Hwang at USC

11 Trust Integration over a DHT Overlay
Cooperating gateways working together to establish VPN tunnels for trust integration Physical backbone DHT Overlay Ring Trust Vector Trust vector propagation User application and SeGO server negotiation V SeGO Server Hosts VPN Gateway Site S3 Site S2 Site S1 Site S4 From Computer Magazine November 27, 2018 Kai Hwang at USC

12 Risk-Resilient Scheduling Algorithms
Policy Heuristic Algorithms Genetic Algorithms Risky Risky-Heuristic: Jobs are scheduled based on a heuristic algorithm without considering any risk factors. Risky-STGA: Jobs are scheduled based on space-time genetic algorithm without considering any risk factors. Preemptive P-Heuristic: The job is scheduled to a site that can be preempted due to insecure conditions. Resubmit the failed jobs to other available sites. P-STGA: Job is scheduled based on STGA that allows preemption under insecure conditions. Resubmit the failed jobs to other available sites. Replication R-Heuristic: Replicated jobs may be dispatched to multiple sites to prevent from possible job failures. R-STGA: STGA that allows replicated jobs may be dispatched to multiple sites to prevent from possible job failures. Delay-tolerant DT-Heuristic: When a failure is observed, the scheduler allows job to be delayed for a preset period of time before rescheduling the job. DT-STGA: STGA that allows job be delayed for a preset period of time before rescheduling the job. November 27, 2018 Kai Hwang at USC

13 Performance Metrics for Trusted Grid Computing [2]
Serious hackers Effects of Trust Integration November 27, 2018 Kai Hwang at USC

14 Trusted Grid Job Scheduling : Simulated NAS Benchmark Results [2]
Makespan, NAS workload November 27, 2018 Kai Hwang at USC

15 Grid Utilization and Job Failure Rate
NAS workload with 16,000 jobs over 12 Grid sites [2] Job Failure rate Grid Utilization November 27, 2018 Kai Hwang at USC

16 Major Worm Outbreaks in Recent Years
Name Vulnerability Infected Hosts Protocol Aug. 2001 CodeRed MS IIS ≈ 360K TCP Jan. 2003 Slammer MS-SQL ≈ 75K, 90% of Internet scanned in 10 mins 404-byte UDP Mar. 2004 Witty ISS firewalls ≈ 12K UDP November 27, 2018 Kai Hwang at USC

17 Nimda, CodeRed, Slammer, Blaster, etc.
CodeRed affected 360, web servers in 16 hours Slammer was the fastest worm at large - it scanned % of the Internet in less than 10 minutes. November 27, 2018 Kai Hwang at USC

18 WormShield Built with a DHT-based Overlay with Six Worm Monitors [3]
Serious hackers November 27, 2018 Kai Hwang at USC

19 Effects of Global Prevalence Threshold [3]
Collaborative monitors detect signatures about 10 times faster than using independent monitors [2] November 27, 2018 Kai Hwang at USC

20 Collaborative Worm Detection Results [3]
About 27 times reduction of infected hosts as 1% of vulnerable edge networks monitored November 27, 2018 Kai Hwang at USC

21 Further Research on Worm and Epidemic Control :
Combine both network-based and host-based signature generation Benchmark the performance of different signature generation systems using the same metrics and worm spreading experiments Distributed signature generation for polymorphic worms Sequential pattern mining for generating polymorphic worm signatures November 27, 2018 Kai Hwang at USC

22 DETER Testbed for Internet Simulation
DETER Testbed built at USC/ISI and UC Berkeley, funded by the US NSF and DHS November 27, 2018 Kai Hwang at USC

23 Research Frontiers of Structured P2P Systems and P2P Grids:
Fast routing algorithms for DHT systems, support data locality, load balancing for non-uniform data distribution, and optimal scheme Scalable reputation systems for supporting P2P and Grid applications : Fuzzy trust inference and PowerTrust for global reputation aggregation P2P Grid technology becomes one of the the most promising technology to be integrated with scalable web services for Internet commerce, distance educations, distributed supercomputing, and digital government applications November 27, 2018 Kai Hwang at USC

24 PowerTrust for Scalable P2P Grid Computing [4]
Nodes represent the peers and directed edges are labeled with local trust scores. The global reputation is aggregated from scores on incoming edges. Key attribute as the feedback distribution in the TON plays a key role in P2P reputation system design. November 27, 2018 Kai Hwang at USC

25 Power-Law Distribution of Peer Feedbacks [4]
Driven by two fundamental factors: Dynamic growth: network expands with newly added nodes Preferential attachment: new node interacts selectively with existing reputable nodes Backed up by e-Bay transaction trace data and proven applicable to any dynamic P2P systems A scalable P2P reputation system: PowerTrust Leverages on the power-law properties A new lookahead random walk for system construction Distributed ranking mechanism for fast aggregation November 27, 2018 Kai Hwang at USC

26 Success Rate in Distributed P2P File Sharing
After ten rounds of global reputation aggregation [4] November 27, 2018 Kai Hwang at USC

27 PSA Benchmark Results of 4 Reputation Systems for P2P Grid Computing [4]
November 27, 2018 Kai Hwang at USC

28 Game-Theoretic Solution to the Selfish Grid Computing Problem [5]
Game theory is intended to provide a theory of strategic behavior when all parties in the game interact directly, rather than through the third party, and with the goal to maximize all the individual benefits. UCLA What is benefit if I accept jobs from UCLA? Accept jobs from UCLA or USC? USC, benefit more, then USC A Sequence of Rounds: Define how players mutate strategies across round, assuming all players try to maximize their payoffs by tending towards those strategies with highest observed return in previous rounds USC UCSD November 27, 2018 Kai Hwang at USC

29 Game-Theoretical Modeling of Grids
Inter-domain Game — combine reputation based and game theoretical approaches Internet and Grid Computing Lab. USC ISD Grids Grid Computing Lab HPC CS SDSC ISI Intra-domain Game Resource Registry Tr. 1 Tr. 2 Tr. M USC UCLA UCSD Utility = f (trust) November 27, 2018 Kai Hwang at USC

30 Final Remarks : The NetShield built with DHT-based security overlay networks support distributed intrusion and anomaly detection, alert correlation, collaborative worm and DDoS defense Extensive benchmark experiments on the DETER testbed will prove the effectiveness, still a long way to achieve assurance. Fuzzy trust model is effective to support distributed security enforcement in both computational Grids and P2P systems. Game-theoretic approach provides a viable solution to the selfish and non-cooperative problems in real-life Grids November 27, 2018 Kai Hwang at USC

Download ppt "Kai Hwang University of Southern California"

Similar presentations

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies Scalability.

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies Scalability.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
1 Kai Hwang, USC, May 2007 Trust Management in P2P and Grid Computing Kai Hwang, University of Southern California Presentation Outline:  Evolution of.

1 Kai Hwang, USC, May 2007 Trust Management in P2P and Grid Computing Kai Hwang, University of Southern California Presentation Outline:  Evolution of.
Security-Driven Heuristics and A Fast Genetic Algorithm for Trusted Grid Job Scheduling Shanshan Song, Ricky Kwok, and Kai Hwang University of Southern.

Security-Driven Heuristics and A Fast Genetic Algorithm for Trusted Grid Job Scheduling Shanshan Song, Ricky Kwok, and Kai Hwang University of Southern.
1 Introduction to Load Balancing: l Definition of Distributed systems. Collection of independent loosely coupled computing resources. l Load Balancing.

1 Introduction to Load Balancing: l Definition of Distributed systems. Collection of independent loosely coupled computing resources. l Load Balancing.
1 Defending Distributed Systems Against Malicious Intrusions and Network Anomalies Kai Hwang Internet and Grid Computing Laboratory University of Southern.

1 Defending Distributed Systems Against Malicious Intrusions and Network Anomalies Kai Hwang Internet and Grid Computing Laboratory University of Southern.
GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.

GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.
Presenter: Dipesh Gautam.  Introduction  Why Data Grid?  High Level View  Design Considerations  Data Grid Services  Topology  Grids and Cloud.

Presenter: Dipesh Gautam.  Introduction  Why Data Grid?  High Level View  Design Considerations  Data Grid Services  Topology  Grids and Cloud.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
N. GSU Slide 1 Chapter 02 Cloud Computing Systems N. Xiong Georgia State University.

N. GSU Slide 1 Chapter 02 Cloud Computing Systems N. Xiong Georgia State University.
DISTRIBUTED COMPUTING

DISTRIBUTED COMPUTING
GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
The Grid System Design Liu Xiangrui Beijing Institute of Technology.

The Grid System Design Liu Xiangrui Beijing Institute of Technology.
1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.

1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.
A Grid-enabled Multi-server Network Game Architecture Tianqi Wang, Cho-Li Wang, Francis C.M.Lau Department of Computer Science and Information Systems.

A Grid-enabled Multi-server Network Game Architecture Tianqi Wang, Cho-Li Wang, Francis C.M.Lau Department of Computer Science and Information Systems.
7. Grid Computing Systems and Resource Management

7. Grid Computing Systems and Resource Management
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
IS3220 Information Technology Infrastructure Security

IS3220 Information Technology Infrastructure Security
Grid Services for Digital Archive Tao-Sheng Chen Academia Sinica Computing Centre

Grid Services for Digital Archive Tao-Sheng Chen Academia Sinica Computing Centre

Similar presentations

Ads by Google