1
VALLEY VIEW UNIVERSITY
INSTITUTE OF COMPUTER SCIENCE
DEPARTMENT OF INFORMATION TECHNOLOGY
TOPIC:
IMPROVING THE SECURITY MEASURES ON GRID COMPUTING
BY:
EDEM KPORHA
ID:
209IT01004697
SUPERVISOR:
MR. DOMINIC DAMOAH
2
ABSTRACT
The purpose for this paper was to come out with a theoretical
framework to standardize the solutions to the existing security
challenges in Grid computing. The principal objectives were to
contribute to ongoing research to help improve its security
measures.
The major finding derived from this study suggests that, Grid
Computing Security can have challenges in the following areas:
Authentication and Authorization of users, integration to other
exiting systems and enforcing trust policies within dynamic Grid
environment.
Based on the above mentioned challenges with Grid Computing
Security a proposed conceptual model was designed to solve these
issues.
Hypervisor security model, Host/Platform security model,
Security Communication model and Security between Guests were
developed, implemented and tested to evaluate their performance.
3
Introduction
According to (www.gridcomputingplanet.com) grid computing
is an enabling technology harnessing many computers in a network
to solve problems requiring a large number of processing cycles
and involving huge amounts of data. It is an advanced form of
distributed networking that links servers, databases, and
applications into a "single" large system via specialized
software. These networked components which may run different
operating systems on multiple hardware platforms, may be
physically located in the same building or in various locations
around the world. Security is one of the key issues that should
be considered when heterogeneous set of computers on a
distributed system share their idle resources. According to
(David Munoz Sanchez, 2010) grid security is becoming a more and
more important topic, hence a number of problems remain un-
tackled by the existing grid security solutions.
The actual problems with the current security challenges to
Grid computing are the authentication and authorization of users
and the confidentiality and integrity of data on the grid
network.
4
Literature Review
The term Grid was coined in the late 90s by (I. Foster and
C. Kesselman, 1999) to describe a set of resources distributed
over wide area networks that can support large-scale distributed
applications.
The concept of Grid computing was started by (C. Kesselman
and I. Foster, 1998) as a project to link geographically
dispersed supercomputers but now it has grown far beyond its
original intent. Due to the rapid growth of the Internet and
Web, there has been a growing interest in Web-based distributed
computing and many projects have been started and aimed at
exploiting the Web as an infrastructure for running coarse-
grained distributed and parallel applications. Grids can be
defined as being concerned with enabling coordinated resource
sharing and problem solving in dynamic, multi-institutional
virtual organizations.
In the area of Grid Computing, virtualization is gaining
more and more interest and addressing of multiple problems in
Grid systems such as coping with the heterogeneity of Grid
resources. Virtualization in Grids introduces an abstraction
layer in the hard and software stack. Within this layer
resources decompose to multiple smaller entities or aggregation
of smaller resources to a single entity. According to (I.
5
Foster, 2002) the primary focus in Grid Computing lies in
securing resource sharing in terms of access to computers,
software and data in a dynamic environment. Sharing of these
resources has to be fine grained and highly controlled.
Moreover, Foster et al. (I. Foster, 2002) proposed a three point
checklist which characterizes a Grid more in detail:
delivery of nontrivial qualities of service;
usage of standard, open, general-purpose protocols and
interfaces e.g. for inter-communication;
Coordination of resources that are not subject to
centralized control.
Virtualization platforms are software and all software has
flaws. The major virtualization platform vendors, VMware, Xen
(now Citrix) and Microsoft all have several vulnerabilities. The
following are major areas of concern for security professionals.
I. Hypervisor security - The hypervisor also called a virtual
machine manager is a program that allows multiple operating
systems to share a single hardware host. Most hypervisor
software currently only uses passwords for access control hence
easy for attackers to penetrate the software that orchestrates
the whole virtual environment (i.e. Hypervisor) and take control
6
of every virtual machine under its control and all the data
stored on them.
II. Host/Platform Security – The biggest security pitfalls with
virtualization today on Intel/AMD/Compatible server platforms
is, a VM product has to be able to
(a) Support a number of differing OSs (e.g. Windows, Linux &
UNIX) and differing OS distributions (e.g. Linux distributions),
and
(b) Interwork with a number of differing third party security
products.
III. Securing Communications - Securing of Data security
concerns is regarding the data that is being or will be
transferred from one server to the other. This data transfer is
very difficult to track and thereby to protect. If the firewalls
and anti-theft software programs are not kept in place there is
a very good chance that the servers can be hacked. Since there
is no way to detect the data transfer, the servers are
particularly vulnerable.
IV. Security between guests - One of the biggest security issues
facing the virtualized enterprise revolves around the lack of
visibility into traffic between guests.
In summary, security challenges in a Grid can be addressed
by Using Trusted Virtualization (Security & Trust for the Grids,
2005).
7
Methodology
A methodical investigation to improve the security measures on
grid computing helped to propose a conceptual model to enhance
grid security using trusted virtualization in which the
vulnerabilities found in virtualzing grid were taken care of.
Desktop research was used and conducted to discover
facts that helped proposed a conceptual model for Grid
virtualization after reviewing other grid applications and
vulnerabilities in Grid virtualization. In order to accomplish
this study, secondary data collection modes were used. Secondary
data were acquired from earlier works done through research
works, articles, journals and books.
In conclusion the Data gathered were carefully
compared and analyzed from reviews of existing systems, EBooks,
journals to propose a conceptual model to Grid Virtualization in
which vulnerability of grid virtualization was taken care of.
10
References 1. (n.d.). Retrieved from www.gridcomputingplanet.com.
2. C. Strachey. (1959). Time sharing in large fast computers.
In Proceedings of the International Conference on
Information Processing, (pp. 336-341). UNESCO.
3. C. Kesselman and I. Foster. (1998). The Future of High
Performance Distributed Computing.
4. David Munoz Sanchez. (2010). Security solutions in Cloud
and Grid Computing.
5. I. Foster. (2002). A Three Point Checklist. In What is the
Grid?
6. I. Foster and C. Kesselman. (1999). In The Grid: Blueprint
for a New Computing Infrastructure. San Francisco, USA:
Morgan Kaufmann Publishers, Inc. .
7. Ian Foster, C. Kesselman, S. Tuecke. (2001). The Anatomy of
the Grid: Enabling Scalable Virtual Organizations.
8. Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R.,
Berger, S., Griffin, J.L., van Doorn, L. (2005). Building a
MAC-based security architecture for the Xen open-source
hypervisor. 21st Annual Computer Security Applications
Conference, IEEE Computer Society, (pp. 276–285).
9. Security & Trust for the Grids. (2005). Open Grid Forum.
Overview of the GSI.