Journal of Grid Computing

, Volume 3, Issue 1–2, pp 53–73 | Cite as

Trusted Grid Computing with Security Binding and Trust Integration

Article

Abstract

Trusted Grid computing demands robust resource allocation with security assurance at all resource sites. Large-scale Grid applications are being hindered by lack of security assurance from remote resource sites. We developed a security-binding scheme through site reputation assessment and trust integration across Grid sites. We do not treat the trust factor deterministically. Instead, we apply fuzzy theory to handle the fuzziness or uncertainties behind all trust attributes. The binding is achieved by periodic exchange of site security information and matchmaking to satisfy user job demands.

PKI-based trust model supports Grids in multi-site authentication and single sign-on operations. However, cross certificates are inadequate to assess local security conditions at Grid sites. We propose a new fuzzy-logic trust model for distributed trust aggregation through fuzzification and integration of security attributes. We introduce the trust index of a Grid site, which is determined by site reputation from its track record and self-defense capability attributed to the risk conditions and hardware and software defenses deployed at a Grid site.

A Secure Grid Outsourcing (SeGO) system is designed for secure scheduling a large number of autonomous and indivisible jobs to Grid sites. Significant performance gains are observed after trust aggregation, which is evaluated by running scalable NAS and PSA workloads over simulated Grids. Our security-binding scheme scales well with increasing user jobs and Grid sites. The new scheme can guide the security upgrade of Grid sites and predict the Grid performance of large workloads under risky conditions.

Keywords

computational Grids fuzzy logic NAS and PSA benchmarks performance evaluation resource allocation scalability analysis trust models 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    S. Abe and M. Lan, ???Fuzzy Rules Extraction Directly from Numerical Data for Function Approximation???, IEEE Trans. on SMC, Vol. 25, pp. 119???129, 1995. MathSciNetGoogle Scholar
  2. 2.
    F. Azzedin and M. Maheswaran, ???A Trust Brokering System and Its Application to Resource Management in Public-Resource Grids???, in Proceedings of IPDPS 2004. Google Scholar
  3. 3.
    F. Berman, G. Fox and T. Hey (eds.), Grid Computing: Making the Global Infrastructure a Reality. Wiley, 2003. Google Scholar
  4. 4.
    F. Berman, R. Wolski, H. Casanova, W. Cirne, H. Dail, M. Faerman, S. Figueira, J. Hayes, G. Obertelli, J. Schopf, G. Shao, S. Smallen, N. Spring, A. Su and D. Zagorodnov, ???Adaptive Computing on the Grid Using AppLeS???, IEEE Trans. on Parallel and Distributed Systems, Vol. 14, April 2003. Google Scholar
  5. 5.
    A. Butt, S. Adabala, N. Kapadia, R. Figueiredo and J. Fortes, ???Fine-Grain Access Control for Securing Shared Resources in Computational Grids???, in Proceedings of IPDPS 2002, April 2002. Google Scholar
  6. 6.
    R. Buyya, M. Murshed and D. Abramson, ???A Deadline and Budge Constrained Cost-Time Optimization Algorithm for Scheduling Task Farming Applications on Global Grids???, in The Internat. Conf. on Parallel and Distributed Processing Techniques and Applications, 2002. Google Scholar
  7. 7.
    M. Cai, Y. Chen, Y.K. Kwok and K. Hwang, ???Fast Containment of Internet Worm Outbreaks and Flood Attacks with Distributed-Hashing Security Overlays???, IEEE Security and Privacy, submitted July 2004 and revised February 2005. Google Scholar
  8. 8.
    H. Casanova, A. Legrand, D. Zagorodnov and F. Berman, ???Heuristics for Scheduling Parameter Sweep Applications in Grid Environments???, in Proceedings of HCW 2000. Google Scholar
  9. 9.
    M. Cosnard and A. Merzky, ???Meta- and Grid-Computing???, in Proceedings of the 8th International Euro-Par Conference, August 2002, pp. 861???862. Google Scholar
  10. 10.
    K. Czajkowski, I. Foster and C. Kesselman, ???Resource Co-Allocation in Computational Grids???, in Proceedings of the 8th IEEE Int'l Symposium on High Performance of Distributed Computing (HPDC-8), 1999. Google Scholar
  11. 11.
    E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati and F. Violante, ???A Reputation-Based Approach for Choosing Reliable Resources in Peer-to-Peer Networks???, in Proceedings of ACM CCS 2002. Google Scholar
  12. 12.
    D.G. Feitelson and B. Nitzberg, ???Job Characteristics of a Production Parallel Scientific Workload on the NASA Ames iPSC/860???, Research report RC 19790 (87657), IBM T.J. Watson Research Center, October 1994. Google Scholar
  13. 13.
    I. Foster, C. Kesselman and G. Tsudik, ???The Security Architecture for Open Grid Services???, in The 5th ACM Conference on Computer and Communications Security Conference, 1998, pp. 83???92. Google Scholar
  14. 14.
    R. Guha, R. Kumar, P. Raghavan and A. Tomkins, ???Propagation of Trust and Distrust???, in Proceedings of ACM WWW 2004. Google Scholar
  15. 15.
    M. Gupta, P. Judge and M. Ammar, ???A Reputation System for Peer-to-Peer Networks???, in Proceedings of ACM NOSSDAV 2003. Google Scholar
  16. 16.
    X. He, X.H. Sun and G. Laszewski, ???A QoS Guided Scheduling Algorithm for the Computational Grid???, in GCC02, Hainan, China, December 2002. Google Scholar
  17. 17.
    M. Humphrey and M.R. Thompson, ???Security Implications of Typical Grid Computing Usage Scenarios???, in Proceedings of HPDC, August 2001. Google Scholar
  18. 18.
    S. Hwang and C. Kesselman, ???A Flexible Framework for Fault Tolerance in the Grid???, J. Grid Computing, Vol. 1, No. 3, pp. 251???272, 2003. CrossRefMATHGoogle Scholar
  19. 19.
    K. Hwang, Y. Kwok, S. Song, M. Cai, R. Zhou, Yu Chen, Ying Chen and X. Lou, ???GridSec: Trusted Grid Computing with Security Binding and Self-Defense against Network Worms and DDoS Attacks???, in International Workshop on Grid Computing Security and Resource Management (GSRM'05), in conjunction with ICCS 2005, Atlanta, May 22???25, 2005. Google Scholar
  20. 20.
    K. Hwang and Z. Xu, Scalable Parallel Computing. McGraw-Hill: San Franscisco, 1998. MATHGoogle Scholar
  21. 21.
    M. Humphrey, M. Thompson and K. Jackson, ???Security for Grids???, Proceedings of the IEEE, Vol. 93, No. 3, pp. 644???652, 2005. CrossRefGoogle Scholar
  22. 22.
    J. In, P. Avery, R. Cavanaygh and S. Ranka, ???Policy-Based Scheduling for Simple Quality of Service in Grid Computing???, in Proceedings of IPDPS 2004, April 2004. Google Scholar
  23. 23.
    S.D. Kamvar, M.T. Schlosser and H. Garcia-Molina, ???The Eigentrust Algorithm for Reputation Management in P2P Networks???, in Proceedings of ACM WWW 2003. Google Scholar
  24. 24.
    B. Kosko, Fuzzy Engineering. Prentice Hall, 1997. Google Scholar
  25. 25.
    Y.-K. Kwok, S. Song and K. Hwang, ???Selfish Grid Computing: Game-Theoretic Modeling and NAS Performance Results???, in Proceedings of CCGrid 2005, Cardiff, UK, May 2005. Google Scholar
  26. 26.
    C. Lin, V. Varadharajan, Y. Wang and V. Pruthi, ???Enhancing Grid Security with Trust Management???, in Proceedings of Services Computing 2004 (SCC 2004). Google Scholar
  27. 27.
    C. Liu, L. Yang, I. Foster and D. Angulo, ???Design and Evaluation of a Resource Selection Framework for Grid Applications???, in Proceedings of HPDC-11, 2002. Google Scholar
  28. 28.
    M. Maheswaran, S. Ali and H.J. Sigel, ???Dynamic Mapping and Scheduling of Independent Tasks onto Heterogeneous Computing Systems???, JPDC, pp. 107???131, 1999. Google Scholar
  29. 29.
    S. Marti and H. Garcia-Molina, ???Limited Reputation Sharing in P2P Systems???, in Proceedings of ACM EC 2004. Google Scholar
  30. 30.
    J. Novotny, S. Tuecke and V. Welch, ???An Online Credential Repository for the Grid: MyProxy???, in The 10th IEEE International Symposium on High Performance Distributed Computing (HPDC-10'01), San Francisco, CA, August 07???09, 2001. Google Scholar
  31. 31.
    R. Perlman, ???An Overview of PKI Trust Models???, IEEE Network, December 1999, pp. 38???43. Google Scholar
  32. 32.
    T.B. Quillinan, B.C. Clayton and S.N. Foley, ???GridAdmin: Decentralising Grid administration Using Trust Management???, in Proceedings of the ISPDC/HeteroPar'04, pp. 184???192. Google Scholar
  33. 33.
    R. Raman, M. Livny and M. Solomon, ???Matchmaking: Distributed Resource Management for High Throughput Computing???, in Proceedings of the 7th IEEE International Symposium on High Performance Distributed Computing, Chicago, IL, July 28???31, 1998. Google Scholar
  34. 34.
    J.M. Schopf, ???A General Architecture for Scheduling on the Grid???, Special Issue on Grid Computing, J. Parallel and Distributed Computing, April 2002. Google Scholar
  35. 35.
    S. Song, K. Hwang and M. Macwan, ???Fuzzy Trust Integration for Security Enforcement in Grid Computing???, in Proceedings of IFIP International Conf. on Network and Parallel Computing, (NPC-2004), Wuhan, China, October 18???20, 2004, pp. 9???21. Google Scholar
  36. 36.
    S. Song, Y.-K. Kwok and K. Hwang, ???Security-Driven Heuristics and a Fast Genetic Algorithm for Trusted Grid Computing???, in Proceedings of IPDPS 2005, Denver, Colorado, April 4???8, 2005. Google Scholar
  37. 37.
    I. Stoica, R. Morris, D. Liben-Nowell, D.R. Karger, M.F. Kaashoek, F. Dabek and H. Balakrishnan, ???A Scalable Peer-to-Peer Lookup Protocol for Internet Applications???, IEEE/ACM Trans. on Networking, Vol. 11, No. 1, pp. 17???32, 2003. CrossRefGoogle Scholar
  38. 38.
    M. Surridge and C. Upstill, ???Grid Security: Lessons for Peer-to-Peer Systems???, in Proceedings of the 3rd International Conference on Peer-to-Peer Computing (P2P 2003), September 1???3, 2003. Google Scholar
  39. 39.
    S. Tuecke, ???Grid Security Infrastructure (GSI) Roadmap???, Internet Draft, October 2000, http://www.gridforum.org/security/ggf1_2001-03/drafts/draft-ggf-gsi-roadmap-02.pdf.
  40. 40.
    S. Vadhiyar and J. Dongarra, ???A Metascheduler for the Grid???, in The 11th IEEE International Symposium on High Performance Distributed Computing (HPDC'02), Edinburgh, Scotland, July 24???26, 2002. Google Scholar
  41. 41.
    V. Welch, F. Siebenlist, I. Foster, J. Bresnahan, K. Czajkowski, J. Gawor, C. Kesselman, S. Meder, L. Pearlman and S. Tuecke, ???Security for Grid Services???, in Proceedings of the HPDC-12, 2003. Google Scholar
  42. 42.
    R. Wolski, J. Brevik, J. Plank and T. Bryan, ???Grid Resource Allocation and Control Using Computational Economies???, Chapter 32 in F. Berman, G. Fox and A. Hey (eds.), Grid Computing: Making the Global Infrastructure a Reality, Wiley, 2003. Google Scholar
  43. 43.
    M. Wu and X. Sun, ???A General Self-adaptive Task Scheduling System for Non-dedicated Heterogeneous Computing???, in IEEE Int'l Conf. on Cluster Computing, December 2003. Google Scholar
  44. 44.
    L. Xiong and L. Liu, ???PeerTrust: Supporting Reputation-based Trust to P2P E-Communities???, IEEE Trans. Knowledge and Data Engineering, July 2004, pp. 843???857. Google Scholar

Copyright information

© Springer 2005

Authors and Affiliations

  1. 1.Internet and Grid Computing LaboratoryUniversity of Southern CaliforniaLos AngelesUSA

Personalised recommendations