Security issues in on-demand grid and cluster computing
- 1 January 2006
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- Vol. 2, 14 pp.-24
- https://doi.org/10.1109/ccgrid.2006.1630919
Abstract
In this paper, security issues in on-demand grid and cluster computing are analyzed, a corresponding threat model is presented and the challenges with respect to authentication, authorization, delegation and single sign-on, secure communication, auditing, safety, and confidentiality are discussed. Three different levels of on-demand computing are identified, based on the number of resource providers, solution producers and users, and the trust relationships between them. It is argued that the threats associated with the first two levels can be handled by employing operating system virtualization technologies based on Xen, whereas the threats of the third level require the use of hardware security modules proposed in the context of the Trusted Computing Platform Alliance (TCPA). The presented security mechanisms increase the resilience of the service hosting environment against both malicious attacks and erroneous code. Thus, our proposal paves the way for large scale hosting of grid or Web services in commercial scenariosKeywords
This publication has 14 references indexed in Scilit:
- The entropia virtual machine for desktop gridsPublished by Association for Computing Machinery (ACM) ,2005
- PDSPublished by Association for Computing Machinery (ACM) ,2005
- Trade-Offs in Protecting Storage: A Meta-Data Comparison of Cryptographic, Backup/Versioning, Immutable/Tamper-Proof, and Redundant Storage SolutionsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- From Sandbox to Playground: Dynamic Virtual Environments in the GridPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Clusters and security: distributed security for distributed systemsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- A first step toward detecting SSH identity theft in HPC cluster environments: discriminating masqueraders based on command behaviorPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- VOMS, an Authorization System for Virtual OrganizationsPublished by Springer Nature ,2004
- A community authorization service for group collaborationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Role-based access control with X.509 attribute certificatesIEEE Internet Computing, 2003
- An online credential repository for the Grid: MyProxyPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002