Advertisement

GridSec: Trusted Grid Computing with Security Binding and Self-defense Against Network Worms and DDoS Attacks

  • Kai Hwang
  • Yu-Kwong Kwok
  • Shanshan Song
  • Min Cai Yu Chen
  • Ying Chen
  • Runfang Zhou
  • Xiaosong Lou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3516)

Abstract

The USC GridSec project develops distributed security infrastructure and self-defense capabilities to secure wide-area networked resource sites participating in a Grid application. We report new developments in trust modeling, security-binding methodology, and defense architecture against intrusions, worms, and flooding attacks. We propose a novel architectural design of Grid security infrastructure, security binding for enhanced Grid efficiency, distributed collaborative IDS and alert correlation, DHT-based overlay networks for worm containment, and pushback of DDoS attacks. Specifically, we present a new pushback scheme for tracking attack-transit routers and for cutting malicious flows carrying DDoS attacks. We discuss challenging research issues to achieve secure Grid computing effectively in an open Internet environment.

References

  1. 1.
    Cai, M., Hwang, K., Kwok, Y.-K., Chen, Y., Song, S.: Fast Conatinment of Internet Worms for Epidemic Defense using Distributed-Hashing Overlays. In: IEEE Security and Privacy. Submitted July 2004 and revised March 6, November/December (2005) (to appear)Google Scholar
  2. 2.
    Cai, M., Kwok, Y.-K., Hwang, K.: Inferring Network Anomalies from Mices: A Low-Complexity Traffic Monitoring Approach. Preparation for submission to ACM SIGCOMM Workshop on Mining Network Data (2005)Google Scholar
  3. 3.
    Chen, Y., Kwok, Y.-K., Hwang, K.: MAFIC: Adaptive Packet Dropping for Cutting Malicious Flows to Pushback DDoS Attacks. In: Proc. Int’l Workshop on Security in Distributed Systems (SDCS-2005), in conjunction with ICDCS 2005, Columbus, Ohio, USA (June 2005)Google Scholar
  4. 4.
    Cuppens, F., Miege, A.: Alert Correlation in a Cooperative Intrusion Detection Framework. In: IEEE Symposium on Security and Privacy, pp. 187–200 (2002)Google Scholar
  5. 5.
    Durand, M., Flajolet, P.: LogLog Counting of Large Cardinalities. In: Proc. European Symp. on Algorithms (2003)Google Scholar
  6. 6.
    Hwang, K., Chen, Y., Liu, H.: Protecting Network-Centric Computing System from Intrusive and Anomalous Attacks. In: Proc. IEEE Workshop on Security in Systems and Networks (SSN 2005), in conjunction with IPDPS 2005, April 8 (2005)Google Scholar
  7. 7.
    Kamvar, S., Schlosser, M., Garcia-Molina, H.: The EigenTrust Algorithm for Reputation Management in P2P Networks. In: Proc. of WWW (2003)Google Scholar
  8. 8.
    Kim, H.A., Karp, B.: Autograph: Toward Automated Distributed Worm Signature Detection. In: Proc. USENIX Security Symposium (2004)Google Scholar
  9. 9.
    Kodialam, M., Lakshman, T.V., Lau, W.C.: High-speed Traffic Measurement and Analysis Methodologies and Protocols. Bell Labs Technical Memo (August 2004)Google Scholar
  10. 10.
    Nagaratnam, N., Janson, P., Dayka, J., Nadalin, A., Siebenlist, F., Welch, V., Tuecke, S., Foster, I.: Security Architecture for Open Grid Services, http://www.ggf.org/ogsa-sec-wg
  11. 11.
    Singh, S., Estan, C., Varghese, G., Savage, S.: Automated Worm Fingerprinting. In: Proc. of the USENIX Symp.on Operating System Design and Implementation, S.F. (December 2004)Google Scholar
  12. 12.
    Song, S., Hwang, K., Kwok, Y.-K.: Security Binding for Trusted Job Outsourcing in Open Computational Grids. IEEE Trans. Parallel and Dist. Systems (revised December 2004)Google Scholar
  13. 13.
    Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: A P2P Lookup Protocol for Internet Applications. In: Proc. ACM SIGCOMM (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Kai Hwang
    • 1
  • Yu-Kwong Kwok
    • 1
  • Shanshan Song
    • 1
  • Min Cai Yu Chen
    • 1
  • Ying Chen
    • 1
  • Runfang Zhou
    • 1
  • Xiaosong Lou
    • 1
  1. 1.Internet and Grid Computing LaboratoryUniversity of Southern CaliforniaLos AngelesUSA

Personalised recommendations