Security issues in on-demand grid and cluster computing

• Published in: Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06) Vol. 2; pp. 14 pp. - 24
• Main Authors: Smith, M., Engel, M., Friese, T., Freisleben, B., Koenig, G.A., Yurcik, W.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 2006
• Subjects: Authentication; Authorization; Grid computing; Hardware; Operating systems; Platform virtualization; Proposals; Resilience; Safety; Security
• ISBN: 9780769525853; 0769525857
• DOI: 10.1109/CCGRID.2006.1630919

In this paper, security issues in on-demand grid and cluster computing are analyzed, a corresponding threat model is presented and the challenges with respect to authentication, authorization, delegation and single sign-on, secure communication, auditing, safety, and confidentiality are discussed. Three different levels of on-demand computing are identified, based on the number of resource providers, solution producers and users, and the trust relationships between them. It is argued that the threats associated with the first two levels can be handled by employing operating system virtualization technologies based on Xen, whereas the threats of the third level require the use of hardware security modules proposed in the context of the Trusted Computing Platform Alliance (TCPA). The presented security mechanisms increase the resilience of the service hosting environment against both malicious attacks and erroneous code. Thus, our proposal paves the way for large scale hosting of grid or Web services in commercial scenarios.