Presentation is loading. Please wait.

Presentation is loading. Please wait.

Grid Computing Security A Taxonomy Fletcher Liverance, 5 May 2009 IEEE Security & Privacy, 2007 Anirban Chakrabarti Anish Damodaran Shubhashis Sengupta.

Published byElaine Bates Modified over 8 years ago

Similar presentations

Presentation on theme: "Grid Computing Security A Taxonomy Fletcher Liverance, 5 May 2009 IEEE Security & Privacy, 2007 Anirban Chakrabarti Anish Damodaran Shubhashis Sengupta."— Presentation transcript:

1 Grid Computing Security A Taxonomy Fletcher Liverance, 5 May 2009 IEEE Security & Privacy, 2007 Anirban Chakrabarti Anish Damodaran Shubhashis Sengupta

2 Overview What is Grid Computing? Pie in the sky Host-level issues and solutions Architecture-level issues and solutions Credential-level issues

3 What is Grid Computing? “geographically distributed heterogeneous resources are virtualized as a unified whole.” Web 2.0 Scalable Link Interface (SLI) Virtualization Software as a service Folding@home Peer to peer Cluster computing Cloud computing Distributed computing

4 Computing Comparison

5 Pie in the sky IBM Roadrunner 6,480 AMD dual core 6,480 AMD dual core 12,960 IBM PowerXCell 12,960 IBM PowerXCellHewlett-Packard 300,000 employees 300,000 employees 600,000 processors 600,000 processors 600 TB of RAM 600 TB of RAM 120,000 TB of Storage 120,000 TB of Storage World wide One billion PCs One billion PCs 95 million consoles 95 million consoles Two billion cell phones Two billion cell phones

6 Host-level issues and solutions Data Protection Application-level sandboxing Application-level sandboxing Proof-carrying code Rules guaranteeing safe execution Rules guaranteeing safe execution Code producer responsible for safety Code producer responsible for safety Does not scale Does not scale Virtualization Virtualization VMware GSX/ESX/Workstation Paravirtualization Xen Xen IA-32 architecture is non-virtualizable IA-32 architecture is non-virtualizable

7 Host-level issues and solutions Data Protection User-space sandboxing User-space sandboxing TRON – Process-level discretionary access control system Simple, but requires system call reimplementation Call chaining issues Incomplete context Flexible kernels (Kernel-level sandboxing) Flexible kernels (Kernel-level sandboxing) Exokernel OS, MIT Zones, Sun Solaris 10 Application containers

8 Host-level issues and solutions Job starvation Advanced reservation techniques Advanced reservation techniques Request resources from grid scheduler Request resources from grid scheduler Non-transparent Non-transparent Requires advanced scheduling techniques Requires advanced scheduling techniques Priority-reduction techniques Priority-reduction techniques Local priority reduction Local priority reduction Sun Grid engine Sun Grid engine Ad hoc mechanism Ad hoc mechanism Unpredictable behaviour, lower QoS performance Unpredictable behaviour, lower QoS performance Example: Peer to peer Example: Peer to peer

9 Architecture-level issues and solutions Information security Grid Security Infrastructure (GSI) Grid Security Infrastructure (GSI) Secure communication Secure communication Transport level security - SSL/TLS Message level security – Web Services Security (WSS) via SOAP Authentication Authentication CA Certificates User/password over SOAP with WSS GSI-to-Kerberos gateway Single sign-on and delegation Single sign-on and delegation Timed proxy

10 Architecture-level issues and solutions Policy-mapping issues Resource level Resource level Akenti – Distributed access control mechanism Use-condition certificates Use-condition certificates Attribute certificates Attribute certificates Virtual Organization level Virtual Organization level Community Authorization Service (CAS) Role based access control DoS Preventative solutions Preventative solutions Application filtering Snort - Intrusion Detection System Reactive solutions Reactive solutions Link testing Logging

11 Credential-level issues Credential repositories Take responsibility for credential storage Take responsibility for credential storage MyProxy Online MyProxy Online Credential federation systems “Manage credentials across multiple systems, domains, and realms.” “Manage credentials across multiple systems, domains, and realms.” KX.509 KX.509 Circle of trust Circle of trust Shibboleth Shibboleth

12 Conclusions “Grid security’s ultimate goal is to make the grid infrastructure seamless and protect it against both known and unknown security attacks.” 1.Identify vulnerabilities 2.Develop threat models 3.Develop countermeasures to threat models 4.Evaluate counter measures 5.(repeat ad nauseam)

Download ppt "Grid Computing Security A Taxonomy Fletcher Liverance, 5 May 2009 IEEE Security & Privacy, 2007 Anirban Chakrabarti Anish Damodaran Shubhashis Sengupta."

Similar presentations

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Trust Management of Services in Cloud Environments:

Trust Management of Services in Cloud Environments:
Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.

Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Grids and Grid Technologies for Wide-Area Distributed Computing Mark Baker, Rajkumar Buyya and Domenico Laforenza.

Grids and Grid Technologies for Wide-Area Distributed Computing Mark Baker, Rajkumar Buyya and Domenico Laforenza.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Globus Computing Infrustructure Software Globus Toolkit 11-2.

Globus Computing Infrustructure Software Globus Toolkit 11-2.

Similar presentations

Ads by Google