Grid
Computing Security – Issues, Concerns and Counter-measures
Anirban Chakrabarti
Grid Computing Focus Group,
Software Engineering Technology Labs
Infosys Technologies
Phone: 91- 80- 51173900
E mail: {Anirban_Chakrabarti }@infosys.com
Relevance of the topic
Until recently, application developers could often assume a target
environment that was homogeneous, reliable, secure, and centrally managed.
However, with the advent of collaborative computing and data sharing, more and
more new modes of interaction have evolved resulting in the need and use of
distributed resources for large-scale scientific research. Work within this
community has led to the development of Grid technologies, which address
precisely these problems and which are seeing widespread and successful
adoption for scientific and enterprise computing. In grid computing,
heterogeneous resources distributed geographically are virtualized as a unified
whole. Grid computing, as a result, provides enormous opportunity in terms of
resource sharing, maximization of resource utilization and virtualization of
resources. Because of its immense potential, not only the scientific community,
but also the enterprise IT communities are excited about the prospect of grid
computing. However, researchers and developers of grid computing are worried
about the possible security issues and implication of wide-spread use of grid
computing. Since, grid computing involves running of applications in diverse
environments, different types of security issues arise.
Issues in security in the area of
grid computing can be broadly classified into System level, architectural,
and interoperability issues. System level security issues deal with
the problem of running a foreign application in one’s system. The problem of
viruses, worms, malicious codes etc. fall under this category. As part of the
tutorial, we will look at different techniques to solve system level security
issues including sandboxing which is an accepted solution. Architectural security issues deal with the development of a secure
infrastructure for the grid system. Secure infrastructure includes encryption,
authentication and authorization in a grid based environment. Global Grid Forum
(GGF) has proposed a Grid Security Infrastructure (GSI) as part of the open
source Globus project to deal with architectural
security issues. In addition, there are interoperability
issues when different entities use the grid for the sharing purposes. For
example, consider a grid system which encompasses multiple domains maintained
by different companies. In such a case there would be issues related to
managing a heterogeneous security infrastructure in terms of different security
measures like authentication, authorization etc. Efforts are being undertaken
to deal with the authorization of a community in a grid environment like the
Community Authorization Service (CAS).
Grid computing is looked upon by many experts as a technology that can
potentially change the world, like the Internet did. However, security is one
of the impediments in the possible adoption of grid as a full-fledged IT
virtualization solution. Therefore, there is a need to generate awareness in
the issues of security in grid computing, as they are critical and challenging.
The tutorial therefore is not only timely but also deals with an important and
critical issue which needs extensive research and development focus in the near
future. The tutorial will discuss in detail the different security problems and
the solutions available to tackle the problems. Also, the tutorial will brief
the audience regarding the limitations of the existing solutions and the future
research and development directions that need to be taken in this area.
Tutorial Organization
The goal of the tutorial is to present to the audience the
state-of-the-art research and development in grid security. The tutorial will
be broadly divided into five modules: (1) Introduction and context setting, (2)
System related security issues in grid, (3) Architectural issues in grid
security, and (4) Interoperability issues in grid security, (5) An interactive
problem solving exercise for architecting secure grid ecology
1. Introduction and context
setting
a.
Grid Computing in general
b.
The vulnerabilities in grid
computing
c.
Importance of security in grid
computing
d. Different security issues – system related, architectural, and interoperability issues
2. System Related Security
Issues in grid
a.
Problem and some generic
solutions
b. Sandboxing solution in detail
3. Architectural Issues in
grid security
a.
Current status of Grid Security
Infrastructure (GSI) of Globus
b. Existing problems and possible solutions
4. Interoperability Issues of
grid security
a.
The problem and generic
solution definition
b.
Description of Community
Authorization Service (CAS) of Globus
c.
Description of MyProxy and VCMan credential
manager architectures
d. Existing problems and possible future work
Reference Material
The reference material for the tutorial will be taken from the following
sources:
·
GGF and Globus materials www.globus.org
·
Ian Foster and Carl Kasselman,
“Grid 2: A Blueprint for a new Computing Infrastructure,” Morgan Kaufman publications, Nov. 2003.
·
Recent articles from Journal of Grid Computing, Grid
Today, different GGF forums, CCGrid, Grid Workshop,
SC, HiPC, International Conference on Security and
Privacy, ACM TISSEC, IEEE INFOCOM, ACM SIGCOMM etc.
Intended audience
This is a
half-day tutorial intended for both academic and industry audience. The
tutorial will expect the audience to have basic understanding of the concepts
of security and distributed computing.
Speakers’ Bio
Relevant Publications by the Presenters
·
A. Chakrabarti and G.
Manimaran, “Internet Infrastructure Security: A Taxonomy,” in IEEE Networks, vol. 16, no. 6, pp.
13-21, Nov./Dec. 2002.
·
A. Chakrabarti and G.
Manimaran, “Reliability Constrained Routing in QoS Networks,” IEEE/ACM Transactions of Networking, June
2005 (To Appear).
·
L. D. Alves, K. Mosebach, and A. Chakrabarti, “Management of Credentials in an Inter-domain Grid
Scenario,” in Proc. Trusted Internet
Workshop (TIW), Dec. 2004.
·
A. Chakrabarti, Dheepak R.A.,
and
·
Dheepak R.A., S. Ali, S. Sengupta,
and A. Chakrabarti, “Study of
Scheduling Strategies in Dynamic Data grid Environments,” in Proc.International Workshop on Distributed Computing ( IWDC), Dec.
2004.
·
A. Chakrabarti and G.
Manimaran, “An Efficient Algorithm for Malicious Update Detection &
Recovery in Distance Vector Protocol,” in Proc.
International Conference on Communications (ICC), May 2003.
List of Tutorials/Talks on similar topics
· A. Chakrabarti, “Security Issues in Grid
Computing,” a short tutorial at Advanced
Computing and Communications (ADCOM), December 2004.
· A. Chakrabarti and G. Manimaran, “Network
Security: Internet Infrastructure and Wireless Networks,” a full-day tutorial at INFOCOM 2004, March 2004.
· A.
Chakrabarti, “Reliability
Constrained Routing,” invited talk at Department
of Computer Science and Automation, Indian Institute of Science, Aug. 2004.
· A.
Chakrabarti, “Security
Issues in Routing Protocols,” invited talk at HP Labs,
· A.
Chakrabarti, “Managing
Group Dynamics in QoS and Overlay Multicasting,”
invited talk at Department of Telematics,
· A. Chakrabarti and G. Manimaran, “Internet
Infrastructure Security: Challenges and Solutions,” the tutorial was selected
for presentation at IEEE ICCCN, 2002,
but all the tutorials were cancelled due to poor registration.