Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.

Published byPaul Shields Modified over 9 years ago

Similar presentations

Presentation on theme: "Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab."— Presentation transcript:

1 Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab Ismail A. Taha Presented By: Ahmad M. Al Shishtawy Security of Grid Computing Environments

2 Agenda Introduction. The Proposed Grid Intrusion Detection Architecture (GIDA). GIDA Implementation. Testing and Results. Conclusions and Future Work. Published Work.

3 Historical Background Metacomputing. Grid computing coined in the late 1990s. Analogy to the electrical power grid. Ultimate goal: Make access to computational power as easy as access to electrical power Still under research and development.

4 The Evolution of the Grid PCThe InternetWANLAN PCThe Grid Distributed Computing Cluster The Internet (Sharing of Information): The Grid (Sharing of Computational Power):

5 Characteristics Heterogeneity. Scalability. Dynamicity or adaptability. Multiple administrative domains and autonomy.

6 Requirements A Grid system should: Coordinate resources that are not subject to centralized control. Use standard, open, general-purpose protocols and interfaces. Deliver nontrivial Qualities of Service.

7 Grid Computing – Current Efforts (Sample) Globus:www.globus.orgwww.globus.org GridBus:www.gridbus.orgwww.gridbus.org Legion:legion.virginia.edulegion.virginia.edu UNICORE:www.unicore.orgwww.unicore.org

8 The Grid Project Description Joint project between: Ain Shams University in Egypt George Washington University in USA Test Project (Signature Verification). Goals: Understand Grid environments. Hands on practice. Master security related issues.

9 The Grid Scenario

10

11

12

13

14

15 Basic Grid Services Resource Management Information Services Data Management Security

16 Security Problems The need to establish security relationship among hundreds of processes.(not simple client/server). The dynamic nature of the grid. Interdomain security solutions must interoperate with the diverse intradomain access control technologies

17 Security Problems Based on Public Key Infrastructure Private Keys can be stolen. Temporary Credentials poorly protected No protection from insiders. Software Bugs and Security Holes

18 Different Security Levels Firewall Password Authentication Authorization... Intrusion Detection Attacks First Level Second Level Protected Computer System

19 Intrusion Detection System Second line of defense Normal differ from malicious use. Data Gathering: Host-based. Network-based. Analysis and Detection: Anomaly detection. Misuse detection. Centralized vs. Distributed detection.

20 Centralized Intrusion Detection LAN Data gathering module Analysis and Detection module

21 Distributed Intrusion Detection LAN Analysis and Detection module Data gathering module

22 Hierarchical Distributed Intrusion Detection LAN Data Analysis Module Data Gathering Module Intrusion Detection Servers...

23 Agenda Introduction. The Proposed Grid Intrusion Detection Architecture (GIDA). GIDA Implementation. Testing and Results. Conclusions and Future Work. Published Work.

24 Goal Protect Grid resources from attacks that results from installing and using the Grid Infrastructure. Normal Internet attacks (that are not related to the Grid) are the responsibility of the local intrusion detection system at each domain.

25 Grid Intrusion Detection Architecture Intrusion Detection Agent (IDA) Data Gathering Module Intrusion Detection Server (IDS) Analysis and Detection Module Cooperation Module

26 Proposed Grid Intrusion Detection Architecture (GIDA)

27 Data Gathering Module IDA A A A Local IDS User Interface

28 Proposed Grid Intrusion Detection Architecture (GIDA) GIS or DB GIS or DB IDS

29 Proposed Grid Intrusion Detection Architecture (GIDA) GIS or DB GIS or DB IDS Heterogeneity Scalability Dynamicity or adaptability Autonomy No centralized control Standard protocols Nontrivial QoS

30 Agenda Introduction. The Proposed Grid Intrusion Detection Architecture (GIDA). GIDA Implementation. Testing and Results. Conclusions and Future Work. Published Work.

31 GIDA Implementation Simulated Grid environment. Simulated IDA. Host-based anomaly detection technique. Homogeneous IDSs with LVQ Neural Network. Simple cooperation with sharing results.

32 Why Simulation? No real Grid for testing (Expensive). Best for testing and evaluation new architectures. Control experiments in dynamic environment.

33 Grid Simulators Many Grid simulation tools (GridSim, SimGrid, MicroGrid, … ). Unfortunately they concentrate on resource management problems. Develop our own simulator for security and intrusion detection based on GridSim.

34 The Simulated Grid IDS Log UsersIntruders Intrusion Detection Servers Generated Log Files... Resources... Requests

35 GIDA Implementation IDS Peer-to-peer Network or GIS Lo g

36 Why LVQ? Similar to SOM and used for classification. Does not require anomalous records in training data. Classes and their labels (User Name) are known.

37 IDS Analyzing Module Preprocessing Trained LVQ Decision Module Cooperation Module Log Response Analyzing and detection module

38 Agenda Introduction. The Proposed Grid Intrusion Detection Architecture (GIDA). GIDA Implementation. Testing and Results. Conclusions and Future Work. Published Work.

39 Measured Parameters False Positive Percentage. False Negative Percentage. Recognition Rate. Training Time. Detection Duration

40 Tested Issues Controllable (Internal) Data Preprocessing Number of IDSs Uncontrollable (External) Number of Users Number of Resources Number of Intruders

41 Different Types of Windows (Preprocessing)

42 Fixed Window Size 1 IDS 4 IDSs Legend

43 Time Period Window 1 IDS 4 IDSs Legend

44 Hybrid Window at size 10 1 IDS 4 IDSs Legend

45 Hybrid Window at size 20 1 IDS 4 IDSs Legend

46 Hybrid Window at size 30 1 IDS 4 IDSs Legend

47 Number of IDSs 50 Users 200 Users Legend 350 Users

48 Number of Users 1 IDS 4 IDSs Legend 8 IDSs

49 Number of Resources 1 IDS 4 IDSs Legend 8 IDSs

50 Number of Intruders 1 IDS 4 IDSs Legend 8 IDSs

51 Agenda Introduction. The Proposed Grid Intrusion Detection Architecture (GIDA). GIDA Implementation. Testing and Results. Conclusions and Future Work. Published Work.

52 Conclusions GIDA designed compatible with the grid and proved by experiments. (IDA, IDS) The hybrid window gave the best results by managing the number of events efficiently. (Detection Duration, False Negative) Distributed systems is better that Centralized systems. (False Negative, Training Time)

53 Conclusions GIDA is scalable. (IDSs, Users) Natural increase in number of resources improved the results. (False Positive) Better understanding of the problem of intrusion detection in Grid environments.

54 Future Work Trust Relationships in Grid environment. Heterogeneous IDSs. More complicated algorithms for cooperation. Misuse detection. Testing on real Grid testbeds.

55 Agenda Introduction. The Proposed Grid Intrusion Detection Architecture (GIDA). GIDA Implementation. Testing and Results. Conclusions and Future Work. Published Work.

56 Published Work 1. M. Tolba, I. Taha, and A. Al-Shishtawy, "An Intrusion Detection Architecture for Computational Grids". First International Conference on Intelligent Computing and Information Systems, June 2002. 2. M. Tolba, M. Abdel-Wahab, I. Taha, and A. Al-Shishtawy, “ A Secure Grid Enabled Signature Verification System ”. Second International Conference on Intelligent Computing and Information Systems, Cairo, Egypt, March 2005. 3. M. Tolba, M. Abdel-Wahab, I. Taha, and A. Al-Shishtawy, "Distributed Intrusion Detection System for Computational Grids". Second International Conference on Intelligent Computing and Information Systems, Cairo, Egypt, March 2005.

57 Published Work 4. M. Tolba, M. Abdel-Wahab, I. Taha, and A. Al- Shishtawy, "GIDA: Toward Enabling Grid Intrusion Detection Systems". Cluster Computing and Grid 2005, Cardiff, UK, 9 - 12 May 2005. http://dsg.port.ac.uk/events/conferences/ccgrid05/wi p/schedule/Paper20.pdf 5. M. Tolba, M. Abdel-Wahab, I. Taha, and A. Al- Shishtawy, "Intrusion Detection System for the Grid". The 2005 International Conference on Grid Computing and Applications (GCA'05). Las Vegas, Nevada, USA, 20 - 23 June 2005.

58 The End Thank you for careful listening

Download ppt "Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab."

Similar presentations

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
1 Programa de Engenharia Elétrica - PEE/COPPE/UFRJ Universidade Federal do Rio de Janeiro A Review of Anomalies Detection Schemes for Smart Grids Andrés.

1 Programa de Engenharia Elétrica - PEE/COPPE/UFRJ Universidade Federal do Rio de Janeiro A Review of Anomalies Detection Schemes for Smart Grids Andrés.
Application of Bayesian Network in Computer Networks Raza H. Abedi.

Application of Bayesian Network in Computer Networks Raza H. Abedi.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
Grids and Grid Technologies for Wide-Area Distributed Computing Mark Baker, Rajkumar Buyya and Domenico Laforenza.

Grids and Grid Technologies for Wide-Area Distributed Computing Mark Baker, Rajkumar Buyya and Domenico Laforenza.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Similar presentations

Ads by Google