Skip to main content
SpringerLink
Log in

Enhancing Grid Security Using Trusted Virtualization

  • Conference paper
Autonomic and Trusted Computing (ATC 2007)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4610))

Included in the following conference series:

Abstract

Grid applications increasingly have sophisticated functional and security requirements. Current techniques mostly protect the grid resource provider from attacks by the grid user, while leaving the user comparatively dependent on the well-behavior of the provider. We present the key components for a trustworthy grid architecture and address this trust asymmetry by using a combination of trusted computing and virtualization technologies. We propose a scalable offline attestation protocol, which allows the selection of trustworthy partners in the grid with low overhead. By providing multilateral security, i.e., security for both the grid user and the grid provider, our protocol increases the confidence that can be placed on the correctness of a grid computation and on the protection of user-provided assets.

A preliminary version of this work was presented (without publication) at the 2nd Workshop on Advances in Trusted Computing 2006 and at the 1st Benelux Workshop on Information and System Security 2006.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: Enabling scalable virtual organizations. International Journal of Supercomputer Applications 15, 200–222 (2001)

    Article  Google Scholar 

  2. Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational grids. In: Proc. 5th ACM Conference on Computer and Communications Security, pp. 83–92 (1998)

    Google Scholar 

  3. Azzedin, F., Maheswaran, M.: Towards trust-aware resource management in grid computing systems. In: Proc. 2nd IEEE International Symposium on Cluster Computing and the Grid, pp. 452–457 (2002)

    Google Scholar 

  4. Hwang, K., Kwok, Y.K., Song, S., Chen, M.C.Y., Chen, Y., Zhou, R., Lou, X.: GridSec: Trusted grid computing with security bindings and self-defense against network worms and DDoS attacks. In: Sunderam, V.S., van Albada, G.D., Sloot, P.M.A., Dongarra, J.J. (eds.) ICCS 2005. LNCS, vol. 3516, pp. 187–195. Springer, Heidelberg (2005)

    Google Scholar 

  5. Fuggetta, A., Picco, G.P., Vigna, G.: Understanding code mobility. IEEE Transactions on Software Engineering 24, 342–361 (1998)

    Article  Google Scholar 

  6. Mao, W., Jin, H., Martin, A.: Innovations for grid security from trusted computing (2005), Available online at http://www.hpl.hp.com/personal/Wenbo_Mao/research/tcgridsec.pdf

  7. Smith, M., Friese, T., Engel, M., Freisleben, B.: Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques. Journal of Parallel and Distributed Computing 66, 1189–1204 (2006)

    Article  MATH  Google Scholar 

  8. Intel Trusted Execution Technology Website: Intel trusted execution technology (2006), http://www.intel.com/technology/security

  9. AMD Virtualization Website: Introducing AMD virtualization (2006), http://www.amd.com/virtualization

  10. Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., van Doorn, L.: Building a MAC-based security architecture for the Xen open-source hypervisor. In: Proc. 21st Annual Computer Security Applications Conference, pp. 276–285. IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  11. Nabhen, R., Jamhour, E., Maziero, C.: A policy based framework for access control. In: Proc. 5th International Conference on Information and Communications Security, pp. 47–59 (2003)

    Google Scholar 

  12. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proc. 19th ACM Symposium on Operating Systems Principles, pp. 193–206 (2003)

    Google Scholar 

  13. Löhr, H., Ramasamy, H.V., Sadeghi, A.R., Schulz, S., Schunter, M., Stüble, C.: Enhancing grid security using trusted virtualization (extended version) (2007), http://www.prosec.rub.de/publications.html

  14. TCG Website: TPM Specification version 1.2. (2006), Available online at http://www.trustedcomputinggroup.org/specs/TPM

  15. Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proc. ACM Conference on Computer and Communications Security, pp. 132–145 (2004)

    Google Scholar 

  16. Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Proc 2004 New Security Paradigms Workshop, pp. 67–77 (2004)

    Google Scholar 

  17. Rutkowska, J.: Blue pill. Presented at Syscan 2006 (2006), http://theinvisiblethings.blogspot.com/

  18. Pfitzmann, B., Riordan, J., Stüble, C., Waidner, M., Weber, A.: The PERSEUS system architecture. Technical Report RZ 3335 (#93381), IBM Research (2001)

    Google Scholar 

  19. OpenTC Website: The OpenTC project (2006), http://www.opentc.net

  20. EMSCB Website: The EMSCB project (2006), http://www.emscb.org

  21. Zhao, S., Lo, V., Gauthier-Dickey, C.: Result verification and trust-based scheduling in peer-to-peer grids. In: Proc. 5th IEEE International Conference on P2P Computing, pp. 31–38 (2005)

    Google Scholar 

  22. Cavalcanti, E., Assis, L., Gaudêncio, M., Cirne, W., Brasileiro, F., Novaes, R.: Sandboxing for a free-to-join grid with support for secure site-wide storage area. In: Proc. 1st International Workshop on Virtualization Technology in Distributed Computing (2006)

    Google Scholar 

  23. McCune, J.M., Jaeger, T., Berger, S., Cáceres, R., Sailer, R.: Shamon: A system for distributed mandatory access control. In: Proc. 22nd Annual Computer Security Applications Conference, pp. 23–32 (2006)

    Google Scholar 

  24. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proc. Annual USENIX Security Symposium, USENIX, pp. 223–238 (2004)

    Google Scholar 

  25. Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: Proc. 11th ACM Symposium on Access Control Models and Technologies, pp. 19–28 (2006)

    Google Scholar 

  26. Mao, W., Yan, F., Chen, C.: Daonity—grid security with behaviour conformity from trusted computing. In: Proc. 1st ACM Workshop on Scalable Trusted Computing (2006)

    Google Scholar 

  27. Cooper, A., Martin, A.: Trusted delegation for grid computing. In: Presented at: 2nd Workshop on Advances in Trusted Computing (2006)

    Google Scholar 

  28. Dinda, P.A.: Addressing the trust asymmetry problem in grid computing with encrypted computation. In: Proc. 7th Workshop on Languages, Compilers, and Run-Time Support for Scalable Systems, pp. 1–7 (2004)

    Google Scholar 

  29. Algesheimer, J., Cachin, C., Camenisch, J., Karjoth, G.: Cryptographic security for mobile code. Technical Report RZ 3302 (# 93348), IBM Research (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst-Görtz-Institute for IT-Security, Ruhr-University Bochum, Germany

    Hans Löhr, Ahmad-Reza Sadeghi & Christian Stüble

  2. IBM Zurich Research Laboratory Rüschlikon, Switzerland

    HariGovind V. Ramasamy & Matthias Schunter

  3. Max-Planck Institut für Eisenforschung, Germany

    Stefan Schulz

Authors
  1. Hans Löhr
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. HariGovind V. Ramasamy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stefan Schulz
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Matthias Schunter
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Christian Stüble
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Bin Xiao Laurence T. Yang Jianhua Ma Christian Muller-Schloer Yu Hua

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Löhr, H., Ramasamy, H.V., Sadeghi, AR., Schulz, S., Schunter, M., Stüble, C. (2007). Enhancing Grid Security Using Trusted Virtualization. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds) Autonomic and Trusted Computing. ATC 2007. Lecture Notes in Computer Science, vol 4610. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73547-2_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-73547-2_39

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-73546-5

  • Online ISBN: 978-3-540-73547-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation