GRID COMPUTING AND ITS TAXANOMY

B.AJAY

IV B.E, COMPUTER SCIENCE ENGINEERING

BITS-PILANI,GOA.

ABSTRACT: Grid computing is an emerging branch of computing with applications in many

fields. Its features like Decentralization, Diversity and Dynamism, Distributed job management
and Scheduling provide flexibility to the users. The paper gives a brief introduction about grid
computing. Various features, design considerations, variations and a few applications have been
covered.

Grid security taxonomy can be divided into architecture related issues,

management related issues and infrastructure related issues. Architecture related
issues include information security, authorization and service security which
includes QOS violation and DOS issues. Infrastructure issues include host and
network issues. Management related issues include management of credentials,
management of trust and resource monitoring which is a very important issue.

Keywords: QOS, DOS, single sign on and delegation, job starvation, credential
management, trust management

1. INTRODUCTION
Grid computing (or the use of a computational grid) is applying the resources of many computers
in a network to a single problem at the same time - usually to a scientific or technical problem
that requires a great number of computer processing cycles or access to large amounts of data

Grid computing requires the use of software that can divide and farm out pieces of a program to
as many as several thousand computers. Grid computing can be thought of as distributed and
large-scale cluster computing and as a form of network-distributed parallel processing. It can be
confined to the network of computer workstations within a corporation or it can be a public
collaboration. This technology has been applied to computationally-intensive scientific,
mathematical, and academic problems through volunteer computing, and it is used in commercial
enterprises for such diverse applications as drug discovery, economic forecasting, seismic
analysis, and back-office data processing in support of e-commerce and web services.
Grid computing appears to be a promising trend for three reasons: (1) its ability to make more
cost-effective use of a given amount of computer resources, (2) as a way to solve problems that
can't be approached without an enormous amount of computing power, and (3) because it
suggests that the resources of many computers can be cooperatively and perhaps synergistically
harnessed and managed as a collaboration toward a common objective.

Characteristics of Grid Computing

Loosely coupled (Decentralization)

Diversity and Dynamism

Distributed job management and scheduling

1.1. Design considerations and variations

One feature of distributed grids is that they can be formed from computing resources belonging
to multiple individuals or organizations (known as multiple administrative domains). This can
facilitate commercial transactions, as in utility computing, or make it easier to assemble
volunteer computing networks.

One disadvantage of this feature is that the computers which are actually performing the
calculations might not be entirely trustworthy. The designers of the system must thus introduce
measures to prevent malfunctions or malicious participants from producing false, misleading, or
erroneous results, and from using the system as an attack vector. This often involves assigning
work randomly to different nodes (presumably with different owners) and checking that at least
two different nodes report the same answer for a given work unit. Discrepancies would identify
malfunctioning and malicious nodes.

Due to the lack of central control over the hardware, there is no way to guarantee that nodes will
not drop out of the network at random times. Some nodes (like laptops or dialup Internet
customers) may also be available for computation but not network communications for
unpredictable periods. These variations can be accommodated by assigning large work units
(thus reducing the need for continuous network connectivity) and reassigning work units when a
given node fails to report its results as expected.

The impacts of trust and availability on performance and development difficulty can influence
the choice of whether to deploy onto a dedicated computer cluster, to idle machines internal to
the developing organization, or to an open external network of volunteers or contractors.

In many cases, the participating nodes must trust the central system not to abuse the access that is
being granted, by interfering with the operation of other programs, mangling stored information,
transmitting private data, or creating new security holes. Other systems employ measures to
reduce the amount of trust "client" nodes must place in the central system such as placing
applications in virtual machines.
1.2. Current projects and applications
Areas of Grid Computing and it's applications for modeling and computing
1.Predictive Modeling and Simulations
2.Engineering Design and Automation
3.Energy Resources Exploration
4.Medical, Military and Basic Research

The NASA Advanced Supercomputing facility (NAS) has run genetic algorithms using the
Condor cycle scavenger running on about 350 Sun and SGI workstations.

Until April 27, 2007, United Devices operated the United Devices Cancer Research Project
based on its Grid MP product, which cycle scavenges on volunteer PCs connected to the Internet.
As of June 2005, the Grid MP ran on about 3,100,000 machines.

Another well-known project is the World Community Grid. The World Community Grid's
mission is to create the largest public computing grid benefiting humanity

2. GRID SECURITY TAXANOMY:

The grid security issues can be categorized into three main categories architecture related issues,
infrastructure related issues and management related issues

Architecture related issues: These issues address concerns pertaining to the architecture of the
grid. There is a requirement to protect data confidentiality, message integrity as well as user
authentication. These requirements come under information security. Similarly resource level
authorization is a critical issue. Finally the users of the grid can be denied service or quality of
service can be violated. These fall under the purview of service level security issues.

Infrastructure related issues: These issues relate to network and the host components which
contain the host infrastructure. Host level security issues are those that make a host apprehensive
of affiliating itself to the grid. The host can apprehensive about a part of the system that contains
important data. The host can also be apprehensive about the external job it is running which can
be virus or it can reduce the priority of the local jobs leading to job starvation. There should be
mechanisms attached to the host to prevent the host from going down resulting in denial of
service to the users attached to the host if it is a server.

Management related issues: management related issues include management of trust,

management of credentials and resource monitoring. Managing credentials is very important
because of the heterogeneous nature of the grid. Most of the information collected by resource
monitoring is fed back to higher systems like intrusion detection system and scheduling systems.
2.1. Architecture related issues:
It consists of information security, authorization and service security.

Information security: We can define information security as the security related to the
information exchanged between hosts or between hosts and users. The issues related to the
information security can be broadly categorized into issues pertaining to secure communication,
authentication and issues related to single sign on and delegation. These include confidentiality
and integrity issues. It also includes authentication. These issues are very important in all fields
of computing and become exceedingly important in the case of grid systems because of the
heterogeneity of the hosts and entities involved. In single sign on the authentication is done once.
Researchers and practitioners in grid computing area have come together to form Global grid
forum now called Open grid forum. They have released open standard called Open grid
standards architecture.

Solutions to information security issues: The Grid Security Infrastructure (GSI) developed
independently and later integrated as a part of the OGSA standards addresses all the standard
architectural concerns. GSI is based on proven standards such as public key encryption, X509
certificates and SSL and enables secure communication and authentication.

• Secure communication: The GSI uses public key cryptography as the basis for creating
secure grids and SSL/TLS for data encryption.
• Authentication: the central concept of GSI is a certificate. Every user and service on the
grid is identified by means of certificate.
• Single sign on and Delegation: This reduces the number of times the user has to enter his
pass phrase to one which is very common in grid scenarios sharing multiple resources.
This is done by creating a proxy, a certificate with a new public and private key in it.
This is not signed by the CA but instead signed by the owner. It also contains the time
duration during which the certificate is valid.

Authorization: Grid system requires resource specific and system specific authorization. The
authorization systems can be divided into VO level authorization and resource level
authorization. VO level authorization provides credentials for the users to access resources.
It is a centralized system. Resource level authorization allows the users to access the
resources based on credentials provided by them.

Service security: With grid computing poised for a huge growth in the in the next few years, this
area should be looked upon with utmost concern by the security experts. Service level security
issues can be broadly divided into Denial of service (DOS) issues and Quality of service (QOS)
violation issues. The first issue is related to denting access to a certain issue. The second issue is
done by an adversary through congestion, delaying or dropping of packets or through resource
hacking.
Solutions to service attacks:

• DOS solutions: The solutions can be categorized into preventive and

reactive solutions. Preventive solutions try to prevent the attack while the
reactive solutions try to find the cause of the attack like tracking the source.
Some examples of preventive solutions are filtering, throttling, location
hiding and intrusion detection. Some examples of reactive solutions are
logging, packet marking and link testing amongst others.
• QOS solutions: The solutions depend on some amount of monitoring and
metering systems try to detect the QOS levels of the system and then raise
alarms. Watchers project is an example of such a system

2.2. Infrastructure related issues:

Host security issues: Two aspects of host security issues are Data protection and Job starvation.
Here are few solutions to Host security issues.

• Data protection: the first solution is through the use of is through the use of Proof
carrying code (PCC) where the code generators generate the safeness of application and
embed those in compiled code. The second solution would be the use of virtual machines
(VM). The third type of solution or the sand boxing solutions trap system calls and
sandboxes the application to prevent them from accessing memory and data based on
certain policies.
• Job starvation: The solutions can be categorized into advanced reservations and priority
reduction techniques. Under advanced reservations a user can request for system
resources such as memory, CPU, disc space and so on in advance for a specific period of
time. These techniques require schedulers to work hand in hand with the users and RPs.
Priority reduction solutions require reducing the priority of long running jobs. But
solutions of this type are problem specific.

Network security issues: In the context of grid computing due to heterogeneity and high speed
requirement of many applications network security issues have assumed importance. Access
control and isolation are important to control traffic in grid scenario. Integration of grid
technologies with VPN and firewall technologies has assumed importance. Grid network security
issues include access control and isolation, secure routing, secure multicasting, sensor grids and
high-speed networks
2.3. Management related issues:
The different issues covered are management of credentials, management of trust and resource
monitoring.

Credential management: credential management is very important because there are multiple
systems that require different credentials to access them. Credential management systems store
and manage the credentials for a variety of systems and users can access them according to their
needs. This mandates for specific requirement for credential management systems. Credential
management systems should be able to obtain the initial credentials. There should be mechanism
for safe storage of the credentials. In addition there should be a mechanism for retrieving the
credentials whenever required. Based on the above requirements credential management is done
by credential repositories or credential storage systems and credential federation and credential
share systems

Managing trust: It is an important management issue which needs to be addressed. Trust is a

multi-dimensional which depends on a host of different components like reputation of an entity,
policies and opinion about the entity. It is very important in dynamic grid scenario where hosts
and users join and leave the system. The trust cycle is composed of trust creation phase, trust
negotiation phase and trust management phase. Trust creation is done generally before any trust
group is formed which includes mechanisms to develop trust functions and trust policies. Trust
negotiation is done when an untrusted members joins a group. Trust management includes
recalculating trust based on trust policies, functions, transaction information, distribution or
exchange of trust related information, updating or storing trust related information in a
centralized or distributed manner.

Trust management solutions: The main characteristic of trust management is scalability,

reliability and security. It should scale in terms of message overhead, should be reliable in terms
of failures and should be secure against attacks. The different trust management systems can be
broadly categorized into

• Reputation based: Trust is derived from local and global reputation. ex: peer trust
• Policy based: in the policy based system different entities or components containing
the system exchange and manage credentials to derive trust based on certain policies
and trust functions. It a scheme in which access is granted or denied based on
credential and certain predefined policies.

Monitoring: Monitoring is one of the most critical management issues that need to be tackled in
grid scenario. Monitoring is important for two reasons. Firstly the organizations can be charged
based on their usage. Also the information can be logged for auditing or compilation purpose.
The different stages of monitoring are

• Data collection: It is a phase which involves collection of data through sensors located at
different places. The data collected can be either static like network configuration,
topology or dynamic in nature like the availability of memory, CPU or disk space.
• Data processing: The data collected is processed and filtered in this phase.
 • Data transmission: It involves transmitting the data collected and processed to entities
interested. Transmission involves sending information in a format understood by entities.
• Data storage: It involves storing the collected and processed data for future reference.
• Data presentation: It is the final stage and involves presenting the information in a format
understood to the interested entities.

Different monitoring systems: It can be broadly classified into system base, cluster based and
grid based monitoring.

• System Level: The system level monitors collect and communicate information about
stand alone systems or networks. SNMP can be used to monitor network devices.
Examples of open source tools for monitoring systems are Orca, Mon, Aide, Tripwire etc.
• Cluster Level: The monitoring systems are generally homogenous in nature and require
deployment across a cluster or a group of clusters. Ex: Ganglia and Hawkeye
• Grid level: The grid level monitoring systems are much more flexible and can be
deployed on top of other monitoring systems. Many of the grid level monitoring systems
provide interfaces for interfacing, querying and displaying information in standard
format. Ex: Globus monitoring and discovery system.

3. SCOPE OF STUDY IN FUTURE:

Grid computing is an area in which there is a lot of scope for development in future. A few areas
of research is grid computing can be

• Development of a foolproof method for data protection in the host

• Devising a protocol or algorithm to manage resources efficiently and prevent job
starvation in the host
• Many of the web and grid technologies cannot work efficiently with the current firewall
and virtual private network. Developing suitable firewalls
• Most of the routing protocols use digital signatures which do not solve advanced
problems like source misbehavior. Developing suitable protocols
• Developing a mechanism for the safe storage of credentials.
• Solutions to problems like DOS and QOS violation attacks
REFERENCES:

Grid computing security by Anirban Chakraborthy

www.GridRepublic.org

en.wikipedia.org/wiki/Grid_computing

searchdatacenter.techtarget.com/.../0,,sid80_gci773157,00.html