1

VALLEY VIEW UNIVERSITY

INSTITUTE OF COMPUTER SCIENCE

DEPARTMENT OF INFORMATION TECHNOLOGY

TOPIC:

IMPROVING THE SECURITY MEASURES ON GRID COMPUTING

BY:

EDEM KPORHA

ID:

209IT01004697

SUPERVISOR:

MR. DOMINIC DAMOAH

2

ABSTRACT

The purpose for this paper was to come out with a theoretical

framework to standardize the solutions to the existing security

challenges in Grid computing. The principal objectives were to

contribute to ongoing research to help improve its security

measures.

The major finding derived from this study suggests that, Grid

Computing Security can have challenges in the following areas:

Authentication and Authorization of users, integration to other

exiting systems and enforcing trust policies within dynamic Grid

environment.

Based on the above mentioned challenges with Grid Computing

Security a proposed conceptual model was designed to solve these

issues.

Hypervisor security model, Host/Platform security model,

Security Communication model and Security between Guests were

developed, implemented and tested to evaluate their performance.

3

Introduction

According to (www.gridcomputingplanet.com) grid computing

is an enabling technology harnessing many computers in a network

to solve problems requiring a large number of processing cycles

and involving huge amounts of data. It is an advanced form of

distributed networking that links servers, databases, and

applications into a "single" large system via specialized

software. These networked components which may run different

operating systems on multiple hardware platforms, may be

physically located in the same building or in various locations

around the world. Security is one of the key issues that should

be considered when heterogeneous set of computers on a

distributed system share their idle resources. According to

(David Munoz Sanchez, 2010) grid security is becoming a more and

more important topic, hence a number of problems remain un-

tackled by the existing grid security solutions.

The actual problems with the current security challenges to

Grid computing are the authentication and authorization of users

and the confidentiality and integrity of data on the grid

network.

4

Literature Review

The term Grid was coined in the late 90s by (I. Foster and

C. Kesselman, 1999) to describe a set of resources distributed

over wide area networks that can support large-scale distributed

applications.

The concept of Grid computing was started by (C. Kesselman

and I. Foster, 1998) as a project to link geographically

dispersed supercomputers but now it has grown far beyond its

original intent. Due to the rapid growth of the Internet and

Web, there has been a growing interest in Web-based distributed

computing and many projects have been started and aimed at

exploiting the Web as an infrastructure for running coarse-

grained distributed and parallel applications. Grids can be

defined as being concerned with enabling coordinated resource

sharing and problem solving in dynamic, multi-institutional

virtual organizations.

In the area of Grid Computing, virtualization is gaining

more and more interest and addressing of multiple problems in

Grid systems such as coping with the heterogeneity of Grid

resources. Virtualization in Grids introduces an abstraction

layer in the hard and software stack. Within this layer

resources decompose to multiple smaller entities or aggregation

of smaller resources to a single entity. According to (I.

5

Foster, 2002) the primary focus in Grid Computing lies in

securing resource sharing in terms of access to computers,

software and data in a dynamic environment. Sharing of these

resources has to be fine grained and highly controlled.

Moreover, Foster et al. (I. Foster, 2002) proposed a three point

checklist which characterizes a Grid more in detail:

delivery of nontrivial qualities of service;

usage of standard, open, general-purpose protocols and

interfaces e.g. for inter-communication;

Coordination of resources that are not subject to

centralized control.

Virtualization platforms are software and all software has

flaws. The major virtualization platform vendors, VMware, Xen

(now Citrix) and Microsoft all have several vulnerabilities. The

following are major areas of concern for security professionals.

I. Hypervisor security - The hypervisor also called a virtual

machine manager is a program that allows multiple operating

systems to share a single hardware host. Most hypervisor

software currently only uses passwords for access control hence

easy for attackers to penetrate the software that orchestrates

the whole virtual environment (i.e. Hypervisor) and take control

6

of every virtual machine under its control and all the data

stored on them.

II. Host/Platform Security – The biggest security pitfalls with

virtualization today on Intel/AMD/Compatible server platforms

is, a VM product has to be able to

(a) Support a number of differing OSs (e.g. Windows, Linux &

UNIX) and differing OS distributions (e.g. Linux distributions),

and

(b) Interwork with a number of differing third party security

products.

III. Securing Communications - Securing of Data security

concerns is regarding the data that is being or will be

transferred from one server to the other. This data transfer is

very difficult to track and thereby to protect. If the firewalls

and anti-theft software programs are not kept in place there is

a very good chance that the servers can be hacked. Since there

is no way to detect the data transfer, the servers are

particularly vulnerable.

IV. Security between guests - One of the biggest security issues

facing the virtualized enterprise revolves around the lack of

visibility into traffic between guests.

In summary, security challenges in a Grid can be addressed

by Using Trusted Virtualization (Security & Trust for the Grids,

2005).

7

Methodology

A methodical investigation to improve the security measures on

grid computing helped to propose a conceptual model to enhance

grid security using trusted virtualization in which the

vulnerabilities found in virtualzing grid were taken care of.

Desktop research was used and conducted to discover

facts that helped proposed a conceptual model for Grid

virtualization after reviewing other grid applications and

vulnerabilities in Grid virtualization. In order to accomplish

this study, secondary data collection modes were used. Secondary

data were acquired from earlier works done through research

works, articles, journals and books.

In conclusion the Data gathered were carefully

compared and analyzed from reviews of existing systems, EBooks,

journals to propose a conceptual model to Grid Virtualization in

which vulnerability of grid virtualization was taken care of.

8

Design of Proposed Models

Hypervisor Security

Host/Platform Security

9

Securing Communications

Security between guests

10

References 1. (n.d.). Retrieved from www.gridcomputingplanet.com.

2. C. Strachey. (1959). Time sharing in large fast computers.

In Proceedings of the International Conference on

Information Processing, (pp. 336-341). UNESCO.

3. C. Kesselman and I. Foster. (1998). The Future of High

Performance Distributed Computing.

4. David Munoz Sanchez. (2010). Security solutions in Cloud

and Grid Computing.

5. I. Foster. (2002). A Three Point Checklist. In What is the

Grid?

6. I. Foster and C. Kesselman. (1999). In The Grid: Blueprint

for a New Computing Infrastructure. San Francisco, USA:

Morgan Kaufmann Publishers, Inc. .

7. Ian Foster, C. Kesselman, S. Tuecke. (2001). The Anatomy of

the Grid: Enabling Scalable Virtual Organizations.

8. Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R.,

Berger, S., Griffin, J.L., van Doorn, L. (2005). Building a

MAC-based security architecture for the Xen open-source

hypervisor. 21st Annual Computer Security Applications

Conference, IEEE Computer Society, (pp. 276–285).

9. Security & Trust for the Grids. (2005). Open Grid Forum.

Overview of the GSI.