Abstract
Grid applications increasingly have sophisticated functional and security requirements. Current techniques mostly protect the grid resource provider from attacks by the grid user, while leaving the user comparatively dependent on the well-behavior of the provider. We present the key components for a trustworthy grid architecture and address this trust asymmetry by using a combination of trusted computing and virtualization technologies. We propose a scalable offline attestation protocol, which allows the selection of trustworthy partners in the grid with low overhead. By providing multilateral security, i.e., security for both the grid user and the grid provider, our protocol increases the confidence that can be placed on the correctness of a grid computation and on the protection of user-provided assets.
A preliminary version of this work was presented (without publication) at the 2nd Workshop on Advances in Trusted Computing 2006 and at the 1st Benelux Workshop on Information and System Security 2006.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: Enabling scalable virtual organizations. International Journal of Supercomputer Applications 15, 200–222 (2001)
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational grids. In: Proc. 5th ACM Conference on Computer and Communications Security, pp. 83–92 (1998)
Azzedin, F., Maheswaran, M.: Towards trust-aware resource management in grid computing systems. In: Proc. 2nd IEEE International Symposium on Cluster Computing and the Grid, pp. 452–457 (2002)
Hwang, K., Kwok, Y.K., Song, S., Chen, M.C.Y., Chen, Y., Zhou, R., Lou, X.: GridSec: Trusted grid computing with security bindings and self-defense against network worms and DDoS attacks. In: Sunderam, V.S., van Albada, G.D., Sloot, P.M.A., Dongarra, J.J. (eds.) ICCS 2005. LNCS, vol. 3516, pp. 187–195. Springer, Heidelberg (2005)
Fuggetta, A., Picco, G.P., Vigna, G.: Understanding code mobility. IEEE Transactions on Software Engineering 24, 342–361 (1998)
Mao, W., Jin, H., Martin, A.: Innovations for grid security from trusted computing (2005), Available online at http://www.hpl.hp.com/personal/Wenbo_Mao/research/tcgridsec.pdf
Smith, M., Friese, T., Engel, M., Freisleben, B.: Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques. Journal of Parallel and Distributed Computing 66, 1189–1204 (2006)
Intel Trusted Execution Technology Website: Intel trusted execution technology (2006), http://www.intel.com/technology/security
AMD Virtualization Website: Introducing AMD virtualization (2006), http://www.amd.com/virtualization
Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., van Doorn, L.: Building a MAC-based security architecture for the Xen open-source hypervisor. In: Proc. 21st Annual Computer Security Applications Conference, pp. 276–285. IEEE Computer Society Press, Los Alamitos (2005)
Nabhen, R., Jamhour, E., Maziero, C.: A policy based framework for access control. In: Proc. 5th International Conference on Information and Communications Security, pp. 47–59 (2003)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proc. 19th ACM Symposium on Operating Systems Principles, pp. 193–206 (2003)
Löhr, H., Ramasamy, H.V., Sadeghi, A.R., Schulz, S., Schunter, M., Stüble, C.: Enhancing grid security using trusted virtualization (extended version) (2007), http://www.prosec.rub.de/publications.html
TCG Website: TPM Specification version 1.2. (2006), Available online at http://www.trustedcomputinggroup.org/specs/TPM
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proc. ACM Conference on Computer and Communications Security, pp. 132–145 (2004)
Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Proc 2004 New Security Paradigms Workshop, pp. 67–77 (2004)
Rutkowska, J.: Blue pill. Presented at Syscan 2006 (2006), http://theinvisiblethings.blogspot.com/
Pfitzmann, B., Riordan, J., Stüble, C., Waidner, M., Weber, A.: The PERSEUS system architecture. Technical Report RZ 3335 (#93381), IBM Research (2001)
OpenTC Website: The OpenTC project (2006), http://www.opentc.net
EMSCB Website: The EMSCB project (2006), http://www.emscb.org
Zhao, S., Lo, V., Gauthier-Dickey, C.: Result verification and trust-based scheduling in peer-to-peer grids. In: Proc. 5th IEEE International Conference on P2P Computing, pp. 31–38 (2005)
Cavalcanti, E., Assis, L., Gaudêncio, M., Cirne, W., Brasileiro, F., Novaes, R.: Sandboxing for a free-to-join grid with support for secure site-wide storage area. In: Proc. 1st International Workshop on Virtualization Technology in Distributed Computing (2006)
McCune, J.M., Jaeger, T., Berger, S., Cáceres, R., Sailer, R.: Shamon: A system for distributed mandatory access control. In: Proc. 22nd Annual Computer Security Applications Conference, pp. 23–32 (2006)
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proc. Annual USENIX Security Symposium, USENIX, pp. 223–238 (2004)
Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: Proc. 11th ACM Symposium on Access Control Models and Technologies, pp. 19–28 (2006)
Mao, W., Yan, F., Chen, C.: Daonity—grid security with behaviour conformity from trusted computing. In: Proc. 1st ACM Workshop on Scalable Trusted Computing (2006)
Cooper, A., Martin, A.: Trusted delegation for grid computing. In: Presented at: 2nd Workshop on Advances in Trusted Computing (2006)
Dinda, P.A.: Addressing the trust asymmetry problem in grid computing with encrypted computation. In: Proc. 7th Workshop on Languages, Compilers, and Run-Time Support for Scalable Systems, pp. 1–7 (2004)
Algesheimer, J., Cachin, C., Camenisch, J., Karjoth, G.: Cryptographic security for mobile code. Technical Report RZ 3302 (# 93348), IBM Research (2000)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Löhr, H., Ramasamy, H.V., Sadeghi, AR., Schulz, S., Schunter, M., Stüble, C. (2007). Enhancing Grid Security Using Trusted Virtualization. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds) Autonomic and Trusted Computing. ATC 2007. Lecture Notes in Computer Science, vol 4610. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73547-2_39
Download citation
DOI: https://doi.org/10.1007/978-3-540-73547-2_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73546-5
Online ISBN: 978-3-540-73547-2
eBook Packages: Computer ScienceComputer Science (R0)