Grid Computing Security: A Survey Basappa B. Kodada, Shiva Kumar K. M Dept. of CSE Canara Engineering College, Mangalore basappabk@gmail.com, shivakumarforu@rediffmail.com Abstract - This paper provides a survey of Security in the computational grid environment. A computational grid is collection of heterogeneous computers and resources spread across multiple administrative domains with the intent of providing users easy access to the resources. There may be many way to access the resources of computational grid, each with security requirements for both resource user and resource provider. There are many security issues in the Grid Computing Environment mentioned in [4]. So the main goal of this paper is to provide the information about security, security issues in the grid computing environment and also analyzes security problems existing in Grid Computing System and describes the security mechanism in Grid Computing System Key Words: Grid Security, Grid Protocols, SOAP 1. Introduction With the development of application requirements for high-performance computing, it is impossible to solve super large-scale issues using a single highperformance computer or a single computer cluster. Therefore, it is needed to connect distributed heterogeneous high-performance computer, computer cluster, large-scale database server and large-scale file server with high-speed interconnection network and integrate them into a transparent virtual highperformance computing environment. This environment is named Grid Computing System Grid Computing is a collection of cluster head nodes used for spread the resources across the multiple domains or share resources among many computers to solve large-scale problems[5-7]. Computational Grids are motivated by the desire to share processing resources among many organizations to solve large-scale problems [2, 3]. Very often, a Grid is used for executing a large number of jobs at dispersed resource sites. Each site executes not only local jobs but also jobs submitted from remote sites. Thus, job outsourcing becomes a major trend in Grid computing [1]. So while executing job or providing any service from the grid portal becomes major security issue or vulnerabilities in Grid Computing. Vulnerability is a flaw or weakness in a system's design, implementation, or operations that could be exploited to violate the system's security policy. Exploit is a way to take advantage of specific software vulnerability. Threat is a violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. Attack is an assault on system security that derives from an intelligent threat Incident is a result of successful Attack The rest of the paper is organized as follows. Section 2 contains information about Grid Computing Environment, Section 3 will explain about Security in Grid Computing Environment, Section 4 contains the Security issues in the Grid computing Environment which gives information of security holes in Grid, section 5 gives you about Xml protocol Threats/Attacks in Grid Environment while providing any services from the grid environment and finally section 6 gives the Conclusion of this paper. 2. Grid Computing Environment Grids are usually heterogeneous networks. Grid nodes, generally individual computers, consist of different hardware and software in terms of resources. This resource are used among the various objects and forms the system as the aggregation of resources for a particular task i.e. virtual organization. Grid computing uses networked clusters of CPUs connected over the Internet. The resulting network of CPUs acts as a foundation for a set of grid-enabling software tools. These tools let the grid accept a large computing job and break it down into tens, hundreds or thousands of independent tasks. The tool searches Proc. of the International Conference on Advanced Computing and Communication Technologies (ACCT 2011) Copyright 2011 RG Education Society ISBN: 978-981-08-7932-7 302
available resources; assign tasks to processors, aggregate the work and spit out one final result. Whenever user submits the job from a grid client, the cluster head gets the available resource information from one of the shared resources computer or computing node and then distributes the batch of jobs among the computing nodes which are connected to it as shown in Figure 1. The figure shows simple grid environment in which a number of CPU (cluster resources) + Data resources connected to the grid share the resources. Figure 1: Architecture of Grid Environment Grid computing consists of number of components [8] as shown in Figure 2. A brief description of these components is as follows: Portal/User Interface: A grid user should not see all of the complexities of the computing grid. From this perspective, the user sees the grid as a virtual computing resource just as the consumer of power sees as an interface to a virtual generator. Security: The grid environment provides security, including authentication, authorization, and so on. The Grid Security Infrastructure (GSI) component of the Globus Toolkit provides robust security mechanisms. The GSI includes an Open SSL implementation. It provides a single sign-on mechanism, so that once a user is authenticated, a proxy certificate is created and used when performing actions within the grid Broker: Once authenticated, the user will be launching an application. Based on the application, and possibly on other parameters provided by the user, the next step is to identify the available and appropriate resources to use within the grid. This task could be carried out by a broker function Scheduler: Once the resources have been identified, the next logical step is to schedule the individual jobs to run on them. If a set of stand-alone jobs are to be executed with no interdependencies, then a specialized scheduler may not be required. However, if you want to reserve a specific resource or ensure that different jobs within the application run concurrently, then a job scheduler should be used to coordinate the execution of the jobs. The Globus Toolkit does not include such a scheduler, but there are several schedulers available that have been tested with and can be used in a Globus grid environment like OpenPBS (Portable Batch System), Torque, SGE (Sun Grid Engine). Data Management: If any data including application modules must be moved or made accessible to the nodes where an application's jobs will execute, then there needs to be a secure and reliable method for moving files and data to various nodes within the grid. The Globus Toolkit contains a data management component, Grid Access to Secondary Storage (GASS) (facilities like Grid FTP). Job and Resource Management: The Grid Resource Allocation Manager (GRAM) provides the services to launch a job on the particular resources, check its status, and retrieve its results when it is complete. Figure 2: Grid component architecture (GRAM) 3. Security in Grid Computing System Grid provides the security like authentication and authorization, delegation services, GSI (Grid security 303
Proc. of the International Conference on Advanced Computing and Communication Technologies (ACCT 2011) infrastructure) and so on. Internet Security provides two kinds of security services: access control service, which protects various resources being used by violate user and prevents resources abused from authorized user; Secure communication service, which provides mutual authentication, and message protection as well, such as message integrity and confidentiality. Based on the analysis of GSI, [9, 10] has presented five-layered security architecture as shown in Figure 3. This security architecture is a good schema for Grid research because of its good scalability and its ability of adapting to the dynamic system environment Figure 3: Security architecture of the Grid computing system In the Figure 3, the extra grid security layers are Grid Security Basic Layer and Grid Security Protocol Layer. Grid Security Basic Layer[10] provides user and resource mapping policy, including general mapping rules. In this layer, the Grid Computing System is abstracted to the elements as Objects, Subjects, Security Policies, Trust Domains, Operations, Authorization, etc. The security of Grid Computing System can be regarded as the relationships among the basic elements, which gives an effective way to realize user s restrictive authorization. Grid Security Protocol Layer[10] defines the seven protocols based on the Grid Computing Resource Management. These protocols are listed in table 1. Name User Proxy Creation Protocol Representation User how to create user proxy Resource Proxy Creation Protocol System how to create resource proxy User Proxy s Resource Application Protocol User proxy how to apply for resources Process s Resource Process how to apply for Application Protocol resources Process s Signature How to sign the process s Application Protocol certificate Broker Creation Protocol System how to create broker Broker Service Protocol Broker how to allot resources coordinately Table 1: Protocol at Grid Security Protocol Layer WS authentication and authorization: Globus Toolkit 4 enables message-level security and transport-level security for SOAP (Simple Object Access Protocol) communication of Web services. Also, it provides an Authorization Framework for container-level authorization Pre-WS authentication and authorization Pre-W authentication and authorization consists of APIs and tools for authentication, authorization, and certificate management. Community Authorization Service (CAS): CAS provides access control to virtual organizations. The CAS server grants fine-grained permissions on subsets of resources to members of the community.cas authorization is currently not available for Web services, but it supports the GridFTP server Delegation service: The Delegation service enables delegation of credentials between various services in one host. The Delegation service allows a single delegated credential to be used by many services. Also, this service has a credential renewal interface, and this service is capable of extending the valid date of credentials. SimpleCA: SimpleCA is a simplified Certificate Authority. This package has fully functioning CA features for a PKI environment. My Proxy: My Proxy is responsible for storing X.509 proxy credentials, protecting them by pass phrase, and enabling an interface for retrieving the proxy credential. My Proxy acts as a repository of credentials, and is often used by Web portal applications. GSI-OpenSSH: GSI-OpenSSH is a modified version of the OpenSSH client and server that adds support 304
for GSI authentication. GSI-OpenSSH can be used to remotely create a shell on a remote system to run shell scripts or to interactively issue shell commands, and it also permits the transfer of files between systems without being prompted for a password and a user ID. Nevertheless, a valid proxy must be created by using the grid-proxy-init command. 4. Grid Security Issues The grid security issues can be divided into three main categories: architecture related issues, infrastructure related issues, and management related issues. Architecture Related Issues: These issues address concerns about the architecture of the grid. Users of the grid are concerned about the data processed by the grid and hence there is a requirement to protect the data confidentiality and integrity, as well as user authentication. We categorize these requirements under information security. Similarly, resource level authorization is a critical requirement for grid systems. Finally, there are issues where users of the grid system may be denied the service of the grid or the Quality-of-Service (QoS) is violated. Infrastructure Related Issues: These issues related to the network and host components which constitute the grid infrastructure. Host level security issues are those issues that make a host apprehensive about affiliating itself to the grid system. The main sub issues here are: data protection, job starvation, and host availability. A grid involves running alien code in the host system. Therefore, the host can be apprehensive about the part of the system which contains important data. Similarly, a host can also be concerned about the jobs that is running locally. The external jobs should not reduce the priority of the local jobs, and hence lead to job starvation. Similarly, if the host is a server, it can be concerned about its own availability. There should be mechanisms to prevent the system from going down resulting in denial of service to the clients attached to the host. Management Related Issues: The third set of issues to the management of the grid. Managing credentials is more important in grid systems because of the heterogeneous nature of the grid infrastructure and applications. Like any distributed system, managing trust is also critical and comes under the management related issues. Grid systems require some amount of resource monitoring for auditing purposes. Much of the information obtained from the monitoring systems is fed back to higher level systems like intrusion detection and scheduling systems. 5. Xml Protocol Threats/Attacks In Grid Environment SOAP (Simple Object Access Protocol) messaging infrastructure operates on top of network transport protocols, uses similar services for delivering and routing SOAP messages, and therefore can be susceptible to typical network/infrastructure based attacks like Denial of Service (DoS), replay or manin-the-middle attacks[4]. SOAP Flooding Attack (DoS): A hacker can issue repetitive SOAP message requests in an attempt to overload a Web service. This type of network activity will not be detected as a network intrusion because the source IP is valid, the network packet behavior is valid and the HTTP request is well formed. However, the business behavior is not legitimate and constitutes an XML-based intrusion. In the replay variant of this kind of attack, a completely valid XML payload can be used to issue a denial of service attack. Replay Attacks: Replay technique may be used for both DoS attacks and a kind of man-in-the-middle attacks. Replay technique can also be to manipulate AuthN/AuthZ security tokens, to fraud accounting system and bypass credit limits. Routing Detours: In a distributed Web Services environment SOAP messages may pass multiple intermediate systems and may be actively routed depending resource availability at specific location. The WS-Routing specification provides a way to direct XML traffic through a complex environment. It operates by allowing an interim station to assign routing instructions to a SOAP message/document. If one of intermediate stations is compromised, it may be used for a man-in-the-middle attack by inserting bogus routing instructions to point a confidential document to a malicious location. From that location, then, it may be possible to forward on the document, after stripping out the malicious instructions, to its original destination. 305
Proc. of the International Conference on Advanced Computing and Communication Technologies (ACCT 2011) Message Eavesdropping: Eavesdropping is possible in network which is not completely secure. Eavesdropping can gather wide spectrum of sensitive information that may be used later for launching an attack. Even if the SOAP messages content is encrypted, a lot of information can be obtained by analyzing SOAP Headers, WSDL ports, Certificate chain or CA trust relations, service names and addresses, etc. Man-in-the-middle attack: One particular case of eavesdropping based attack is the man-in-themiddle attack that may target any subsystem of the target system. One specific type of attack that may be ultimately based on man-in-the- middle method is an attack on cryptographic system or related security services, for example, private key compromise, credentials theft or compromise, AuthN/AuthZ tokens tampering, etc. [8]. By Joshy Joseph, Craig Fellenstein. Grid Computing, Prentice Hall PTR, December 30, 2003. [9]. Ian Foster, Carl Kesselman, Gene Tsudik, and Steven Tuecke. A Security Architecture for Computational Grids, Proc. 5th ACM Conference on Computer and Communications Security Conference, 1998. [10]. FANG Xiangming YANG Shoubao GUO Leitao ZHANG Lei, Research on Security Architecture and Protocols of Grid Computing System, National 863 High-Tech Program of China under Grant No. 2002AA104560 6. Conclusion This paper analyzes Security mechanism present in the Grid Computing Environment and also security issues/problems existing in Grid Computing Environment. Several protocols are defined at Grid Security Protocol Layer based on GSI security architecture model. This paper also provides the xml protocol threat/attacks in the Grid Environment. References [1].Shanshan Song, Kai Hwang and Yu-Kwong Kwok, "Trusted Grid Computing with Security Binding and Trust Integration", Internet and Grid Computing Laboratory, University of Southern California, EEB-212, 3740 McClintock Avenue, Journal of Grid Computing (2005) 3: 5373 [2]. F. Berman, G. Fox and T. Hey (eds.), Grid Computing: Making the Global Infrastructure a Reality. Wiley, 2003 [3]. M. Cosnard and A. Merzky, "Meta- and Grid-Computing" in Proceedings of the 8 th International Euro-Par Confrence,August 2002, PP. 861-862 [4]. Yuri Demchenko, White collar Attacks on Web Services and Grids Grid Security threats analysis and Grid Security Incident data model definition Draft Version 0.2, August 12, 2004 [5]. Ian Foster and Carl Kesselman, The Grid: Blueprint for a New Computing Infrastructure, Morgan Kaufmann Publishers, Inc., San Francisco, California, 1999. [6]. Ian Foster, Carl Kesselman, and Steven Tuecke. The Anatomy of the Grid: Enabling Scalable Virtual Organizations, International Journal of Supercomputer Applications, 2001. [7]. Ian Foster, Internet Computing and the Emerging,http://www.nature.com/nature/webmatters/grid/grid.ht ml 306