Security in Grid Computing

Security in Grid Computing ABSTRACT Unlike other computer systems, the grid computation stands for systematically interrelated heterogeneous computers and computing resources under a multiple management and administrative domains. Such varyingly varying computational resources in the name of grid computing only aim at providing the users easy access to the resources. One can utilize number of ways to get access to those resources and developers can utilize different architecture to build the grids. While the constructional architecture of these grid computers are by large different in terms of their implications, objectivity and usage; researchers found grid computing security to be a major field to study and experiment. Contemporary research efforts should that the objectivity variance and implicational architectural variation among different grid computing architecture are right to be perceived as the key reason of security concerns. More explorative study of these architectures and further research on grid computing security revealed that researchers can in many instances overcome the architectural differences in security variations but they cannot completely ensure protection. This paper studies Legion, Globus, CRISIS architecture of grid computing to explore what else is impacting the grid computing security performance. Is it users usage of the grid computing that is causing security vulnerability of the system? What aspects of users usage of grid computing are actually impacting the grid computers security performance? Is there any way to overcome the situation? This paper systematically attempts to find all the answers. Keywords: grid, globus, CRISIS, Legion  Introduction This paper is developed on the topic “Security in Grid Computing”. For this reason it proceeded with defining the grid computing system followed by explaining how the grid computing works so that its security issues become visible and well understood. Then the paper proceeded with describing the architecture of the grid computing where three prominent models Legion, Globus and CRISIS are discussed. A comparison is also drawn about their functional suitability in terms of grid’s security and visual depiction has been made to deliver clearer ideas on the architectural variations in each model. Upon reviewing and discussing them further it was revealed that grid computing’s security issues are not only related with how they are formed and constructed. How a user will use the grid network itself will also have numbers of security implications for the grid computing. Then a list of functional areas of the grid computing and its functioning were included. This primarily covered data management, fabric, use of middle ware, execution, scheduling, workload management and other related topics. Each of them were then further discussed with practices ways of resolving the security threats to grid computing. Grid Computing Author Bhatia (2013), defined grid computing to be an integrated computer network where resources are shared and the shareable resources include computing processing power, the memory capacity, the storage limits and such. According to her, the advantages of grid computing lies in its capabilities to not only integrate or coordinate the resources but also in using standard protocol based interface systems that delivers more quality service. Thus the inception of grid computing can be interpreted to be a more desired outcome. However, issues are lately identified with the grid computing and they concern the security system of grid computing. Functioning of Grid Computers Author Wu (2013), explained that whenever users use large network their requests transmits through the entire system. Unless based on the requests nature and key characteristics those requests are modified, they will continue using the network at its entirety. This shows the viability of the grid’s integrity, privacy and access control issues. At the same time, we feel the need for isolation, privilege and accountability. More organized interpretation on the security requirements for grid computing are presented in the work of Maheswari, Yadav, and Mishra, (2014). According to the authors the security requirements are primarily in areas of access control, authentication, integrity, privacy and nonrepudiation. Grid computing needs to be developed on such an architecture that meets the single sign on, credentials protection, local security solutions interoperability, exportability, support for multiple implementation and secured communication. (Shah, 2014) Security in Architecture On the architecture of high performance computer network system there are three types, namely Legion, Globus and CRISIS are widely in use in case of grid computing, said Ferrari, Knabe, Humphrey, Grimshaw, and Chapin (1999). According to them architecturally Legion is more flexible while Globus is extendable but CRISIS is fixed. For authentication and authorization Legion uses the logical ONU identity system while Globus uses the user, the resources proxy settings and single mechanism for sign on while the CRISIS utilizes service process and single sign on, security manager. Legion uses object based ACL but the remaining two use the local machine based ACL by checking with the local resources proxy. Seemingly the users maintain the authentication session in Legion but in CRISIS uses public key’s session timeout system while Globus can use longer session by making use of either the user or the resources proxy explained Nandakumar (2014). Globus does not offer isolation, privilege and accountability. Only CRISIS allow accountability and Legion makes use of hosted vault objects as dedicated for local account as isolation and can comply with privilege requirements. Certification authentication, online agent, user or kernel level system are more utilized in the CRISIS types of grid computing architecture. According to author Foster, Kesselman, & Tsudik, (1998) in Legion grid computing system the computers remain connected as independently administered machines so the resources remain distributed across the grid and each machine remains accessible from that local host only. For Rubab, Hassan, Mahmood and Shah (2015) in Globus the grid remains usually larger than the Legion and it is more dynamic in the sense that its functions standards are much higher and uses numerous trusted domain in contrary to the Legion. Then the CRISIS is planned to become a part of the WebOS where there will be network but operation system will be sole connectivity and it is better in specific instances. The developmental pattern for grid computers are thus different and each has some benefits over the other but they do not fully complete the requirements. CRISIS widens the security concerns over redundancy, privilege, accountability and local autonomy while Globuses security concerns include integrity, privacy, nonrepudiation, access control and authentication. Below is the depiction of all the three architecture for grid computing as well as their security concerns. The Legion (Source: Wu, 2013) The Globus (Source: Wu, 2013) The CRISIS (Source: Wu, 2013) Thompson and Humphrey (2001), said it is important for the study of security in grid computing to understand these architectural variations deeply. The single sign on which remained a key criteria for differentiating the three is vital since it indicates the reduction of user overhead for login into service providers system. Case to case the variation with the single sign on can be different. Then for ACL’s local administration made these architectures more flexible with the controls. According to Gupta and Gupta (2014), time session also fostered the way for authentication and authorization while CA or OLA hierarchical trust system delivered high level of network reliance on every nodes the grid formed. Thus there are indeed various benefits in terms of security considerations that came in light with the emergence and use of different architectural models for the grid computing in order to evade the security concerns. Functional Security Aspects of Grid Computing Apart from the individual architectural differences more vulnerabilities are identified when the purpose of generalization among the heterogeneity is concerned. Basic middleware, workload management and scheduling, data management, fabric management, information system etc appear to be other security concerns in grid computing. The basic middleware provides the abstraction layer which will in turn stay integrated with the system so that whenever one is developing an API and another is using applications in the grid, it will function properly. So, there is two side; developmental role of the grid at the same time serving user requests. Then author Qin and Xie (2005), referred that the virtualization is now a reality which in grid computing also generates some vulnerability in terms of authentication, users authorization and process access. Author Vijaya, Mohamed and Iswarya (2015), for workload management and scheduling we face different type of security challenge as it relates to the distribution along with prioritization. Whenever users use the system for scheduling or manage the workloads the prioritization of jobs and requiring process are intelligent functions that will make the use of data storage system and their controlled manipulation. The security concerns with the grid computing continues when management of fabric is concerned. Users will be using tools for installing applications on the grid that requires to be managed and need to support the resources mobilization, monitoring as well as their configurations. Then for information system these are also inter-related and linked with all the functions mentioned in above like authentication, authorization, workload management, scheduling, data and fabric management. Users need to know the availability of resources, their status, schedule the requests, prioritize the requests, monitor the progress of active jobs and serve the user as well as the businesses at the same time. Unless these are attended users are prone to be manipulated, misused, denied service, hijack processes and information stealing and such kind of problems which are all related with security. Developers need to understand the spectrum that when individual machines are connected through the grid system it is expected to meet the service requirements of group of users and the businesses without compromising on the quality of security. The attack on grid computers with time have received sophistication and new to newer forms and formats are being introduced to infiltrate network system including the very recently introduced Logjam which is forward secrecy. So, there is realistically no end on the emergence of security vulnerability for grid computing and it will continue to do. Therefore, the flaw with the systems for developing computer grids, their process variance as well as security vulnerabilities emerging from the functional, management and operational ones should all be considered with great importance. So, now we are going to focus on the each type of the most widely discussed security issues in grid computing. 5.1 Authentication and Authorization For Welch, Tuecke, and Novotny (2001), authentication and authorization the initial development of security concerns centered around the usage concept of public key infrastructure system but when businesses tend to tailor their services to more personalized and performance oriented manner, the single sign on approach and the use X.509 certification found to be of great important. Though they are being the standard in cases of Globus or even for gLite, the public key infrastructure was more based on trust the service provider and the receiver share within them. Grids on single sign on checks the users certification and at the same time let the user’s certification verify the grid itself. A proxy approach is used for this purpose that delegates the user credentials to the system. It also facilitates other processes like data processing etc to complete. Then the session for the user credentials are also limited and usually stands for 12 hours or so. Thus local user accounts that requests information, data and processes use the grid wide gridmap files. Globus and gLite both can thus limit user access. 5.2 Scheduling and Workload Management Whether it is data intensive or the data itself is confidential in nature, grid computing puts scheduling and the workload management to function to serve the user requests. Such requests handling usage the grid’s resources of data storage and processing capacities and also utilizes the connection bandwidth. When the sensitivity is managed through distributed schedule the results can improve but due to grid structure inflexibility and resources limitation it often falls short to deliver expected outcome. Security concern emerges at this point and is resolves through generation of system portability where workloads are distributed in the system based on specific logic framework to avoid discrepancy. Users expectation and receiving of security levels from the grid thus remains key concerns in workload management and scheduling. (Sengupta & Chakrabarti, 2008) Using only the basic layer like in the cases of Globus and gLite’s GSI can help to overcome the condition by meeting the resources as default and integrating the processes and the users. Another approach to scheduling and workload management security issues in grid computers are managed through high throughput grid system where users can decide the resources and the processes. Thus for scheduling and workload management there are only two ways for now to manage the security issues. 5.3 Execution For execution of requests of users it is already explained earlier that it can pose security concerns for the grid computers. However, here we are discussing the ways how the problem can be overcome. According to author Livny, Arpachi, and Elango (2005), there are various techniques through which the executional risks are mitigated. These include user sandboxing, application sandboxing, session sandboxing, flexible kernels and virtualization. The implication of executional security risks is that a developer can develop his own API using the system and let it run to generate the results and the system will remain intact as referred by Adbelwahab and Abraham (2015). Sandboxing on virtualized framework is still subject to the public key infrastructure system and BOINC grids do not allow them. It uses signed codes – allowed codes to be executed in the system. Though it has benefit as the developers of any malicious application can be tracked for it but are not in wide usage. Contrary sandboxing for accounts, session, users etc are found more reliable solution to execution related security concerns. 5.4 Data Access and Management For data access and management the security concern arises from the distribution and parallel computation technique as the environment itself it heterogenous and replication is a vital way of functioning. Previous works showed that using transportation protocols based on FTP and GSI, the transportation layer security system are found to be effective. Securing files through a webservices system of reliable file transfer, file imaging output transferred to remote file input or output protocol system, with and without secure versions, the dCache access protocol, etc come as arrays to manage the problem. But here too the sandboxing of data, access etc come as more promising according to the University of Edinburgh, (2008). Seemingly authors Bai, Zheng, and Wang (2014), there are more issues related with data access and management like storage encryption, distribution, encryption to decryption, addition of server layer or generation of several server keys etc still remain point of concerns for the most. Using plaintext architecture is urged in response to these concerns but that is not a solution to all situation. Furthermore, the concern deepen when grid specific data access interface is developed. It is later on recommended that the web services based access will suit only web services based authentication. 5.5 Fabric Management Next according to Humphrey, Hazlewood, and Vecchio, (2006) the fabric management for the grid is a vital part as the grids are based on different administrative units involving installed and configured services and installed and configured management. A foreign approach to fabric management is in practice for gLite’s EGEE where fabric update, configuration and even the monitoring is customized through specific tool. Through this way it is possible to manage a guided way of managing the fabric for the grid and it is also possible ensure that all the grid nodes remain well managed. 5.6 Information Service and Management Apart from the ones mentioned in above, the security in grid computing still involve the information itself and its monitoring. How information would be collected, collated, compiled, processed and reused, regenerated etc remain strong security concerns for grid operators as the information and its related monitoring uses middleware tools. Users can use elements for their purposes using the BOINC grid system but when they require access into the backend of the grid resources it may not function or serve the purpose. Access, credentials, monitoring etc are all deeply interlinked when grid computing’s security is concerned and there are numbers of ways through which the security vulnerability can be overcome except if there is not a single grid computing solution as of yet. (Jarmolkowicz, 2007) Conclusion Upon completing the whole paper it is clear that the attackers of network security are dynamic enough to impact any computer grid and therefore, to keep the grids safe from such attacks it is very important to understand and know how these grids are formed, how they function and who use them and how do they use the grids. Several academic research publications are used to prepare the paper and graphical data are also used in preparing the paper. It has been realized from the review, analysis and discussion presented in above that the security of grid computing follows some norms which include development of grid environment with multiple trust domains where each of these trust domains operations are subject to local security policy though these can work both in global and local levels. It was also understood that the operational entities can stay or live in both of these levels and they require mutual authentication system for these trust domains to interact for transactions. When foreign authentication occurs the local trust domain accepts it to be local security requirement compliant and thus generates access decision on localized periphery. Even when a program is deployed for user rights and credentials accreditation, the access authentication can become even more controlled. But the advent and continuous development of more prolific infiltration and security violations are still prominent. For example, Logjam is a very recent revelation that showed how forward secrecy works. So, to conclude, grid computing has many security vulnerabilities which should be solved immediately and should stay under complete monitoring. Sandboxing, addition of security layers, encryption etc have proved to be good intervention in this case but they can be further improved. Acknowledgement In preparing this report I would like to thank my course instructor for assigning me the topic of security in grid computing as being a computer science student I feel it is very important for me to understand the security implications of grid computer environment. Doing the assignment have greatly helped me to correct my realizations and understandings. I would also like to thank my fellow course mates and the librarian. Without their help and support this paper would be incomplete. Lastly, I express my deep gratitude to all those scholars who have studied the subject and allowed us to know ins and outs of grid computational security. Works Cited Adbelwahab, S., & Abraham, A. (2015). Risk Assessment for Grid Computing Using Meta Learning Ensembles. Pattern Analysis, Intelligent Security and the Internet of Things Advances in Intelligent Systems and Computing, 251-260. Bai, Q. H., Zheng, Y., & Wang, H. Q. (2014, March). Research on Identity-Based Encryption Scheme for Grid Computing System. Applied Mechanics and Materials, pp. 3156-3159. Bhatia, R. (2013). Grid Computing and Security Issues. International Journal of Scientific and Research Publications, 1-5. Ferrari, A., Knabe, F., Humphrey, M., Grimshaw, A., & Chapin, S. (1999). A Flexible Security System for Metacomputing Environments. 7th International Conference, HPCN Europe (pp. 370-380). Amsterdam: Springer. Foster, I., Kesselman, C., & Tsudik, G. (1998). A security architecture for computational grids. Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing (pp. 83-92). Washington, DC: IEEE Computer Society. Gupta, M., & Gupta, G. (2014). Security Requirements For Increasing Reliability in Grid Computing. Blue Ocean Research Journal. Humphrey, M., Hazlewood, V., & Vecchio, D. D. (2006). Evaluating grid portal security. Supercomputing, 114. Jarmolkowicz, M. W. (2007). A grid aware intrusion detection system. Odense: Technical University of Denmark. Livny, M., Arpachi, A. D., & Elango, P. (2005). Deploying virtual machines as sandboxes for the grid. Proceedings of the 2nd conference on Real, Large Distributed Systems (pp. 1-20). Berkeley: USENIX Association. Maheswari, S., Yadav, R., & Mishra, N. (2014). Security Issues In Grid Computing. International Journal on Computational Sciences and Applications, 179-187. Nandakumar, V. (2014). A novel shared key for security in grid computing. Smart Structures and Systems (ICSSS) 2014 International Conference on (pp. 28-30). Chennai: IEEE. Qin, X., & Xie, T. (2005). Enhancing security of real time applications on grids through dynamic scheduling. Lecture Notes in Computer Science, 219-237. Rubab, S., Hassan, F., Mahmood, A. K., & Shah, N. M. (2015). Grid computing in Light of Resources Management Systems: A Review. Journal of Basic and Applied Scientific Research, 33-43. Sengupta, S., & Chakrabarti, A. (2008). Grid computing security. IEEE Security and Privacy, 44-51. Shah, Y. K. (2014). Formation and Design Considerations of Grid Architecture. International Journal of Computer Science & Emerging Technologies, 169-177. Thompson, M., & Humphrey, M. (2001). Security Implications of Typical Grid Computing Usage Scenarios. Calgary: Calgary University. University of Edinburgh. (2008). Security Best Practices. Edinburgh: University of Edinburgh. Vijaya, N., Mohamed, M., & Iswarya, N. D. (2015). Cognitive Science Based Scheduling in Grid Environment. Progress in Systems Engineering, Advances in Intelligent Systems and Computing, 199-203. Welch, V., Tuecke, S., & Novotny, J. (2001). An online credential repository for the grid: my proxy. Wu, T.-L. (2013). Security in Grid Computing. Bloomington: Indiana University. Security in Grid Computing 1