Summary:
The goal of the grid computing paradigm is to make computer power as easy to access as an electrical power grid. Unlike the power grid, the computer grid uses remote resources located at a service provider. Malicious users can abuse the provided resources, which not only affects their own systems but also those of the provider and others.
Resources are utilized in an environment where sensitive programs and data from competitors are processed on shared resources, creating again the potential for misuse. This is one of the main security issues, since in a business environment competitors distrust each other, and the fear of industrial espionage is always present. Currently, human trust is the strategy used to deal with these threats. The relationship between grid users and resource providers ranges from highly trusted to highly untrusted. This wide trust relationship occurs because grid computing itself changed from a research topic with few users to a widely deployed product that included early commercial adoption. The traditional open research communities have very low security requirements, while in contrast, business customers often operate on sensitive data that represents intellectual property; thus, their security demands are very high. In traditional grid computing, most users share the same resources concurrently. Consequently, information regarding other users and their jobs can usually be acquired quite easily. This includes, for example, that a user can see which processes are running on another user´s system. For business users, this is unacceptable since even the meta-data of their jobs is classified. As a consequence, most commercial customers are not convinced that their intellectual property in the form of software and data is protected in the grid.
This thesis proposes a novel infrastructural security solution that advances the concept of virtualized grid computing. The work started back in 2007 and led to the development of the XGE, a virtual grid management software. The XGE itself uses operating system virtualization to provide a virtualized landscape. Users’ jobs are no longer executed in a shared manner; they are executed within special sandboxed environments. To satisfy the requirements of a traditional grid setup, the solution can be coupled with an installed scheduler and grid middleware on the grid head node. To protect the prominent grid head node, a novel dual-laned demilitarized zone is introduced to make attacks more difficult. In a traditional grid setup, the head node and the computing nodes are installed in the same network, so a successful attack could also endanger the user´s software and data. While the zone complicates attacks, it is, as all security solutions, not a perfect solution. Therefore, a network intrusion detection system is enhanced with grid specific signatures. A novel software called Fence is introduced that supports end-to-end encryption, which means that all data remains encrypted until it reaches its final destination. It transfers data securely between the user´s computer, the head node and the nodes within the shielded, internal network. A lightweight kernel rootkit detection system assures that only trusted kernel modules can be loaded. It is no longer possible to load untrusted modules such as kernel rootkits. Furthermore, a malware scanner for virtualized grids scans for signs of malware in all running virtual machines. Using virtual machine introspection, that scanner remains invisible for most types of malware and has full access to all system calls on the monitored system. To speed up detection, the load is distributed to multiple detection engines simultaneously. To enable multi-site service-oriented grid applications, the novel concept of public virtual nodes is presented. This is a virtualized grid node with a public IP address shielded by a set of dynamic firewalls. It is possible to create a set of connected, public nodes, either present on one or more remote grid sites. A special web service allows users to modify their own rule set in both directions and in a controlled manner.
The main contribution of this thesis is the presentation of solutions that convey the security of grid computing infrastructures. This includes the XGE, a software that transforms a traditional grid into a virtualized grid. Design and implementation details including experimental evaluations are given for all approaches. Nearly all parts of the software are available as open source software. A summary of the contributions and an outlook to future work conclude this thesis.
Bibliographie / References
- Fang-Yie Leu, Jia-Chun Lin, Ming-Chang Li, and Chao-Tung Yang. A Performance-Based Grid Intrusion Detection System. In Proceedings of the 29th Annual International Computer Software and Applications Con- ference -Volume 01, COMPSAC '05, pages 525–530, Washington, DC, USA, 2005. IEEE Computer Society.
- Matthew Smith, Matthias Schmidt, Niels Fallenbeck, Tim Dörnemann, Christian Schridde, and Bernd Freisleben. Secure On-Demand Grid Com- puting. Journal of Future Generation Computer Systems, pages 315–325, 2008.
- J Tan, D Abramson, and C Enticott. Bridging Organizational Network Boundaries on the Grid. Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, pages 327–332, 2005.
- Amazon Web Services LLC. Amazon Elastic Compute Cloud. http://aws.amazon.com/ec2/, 2010. [3] AMD. AMD Virtualization (AMD V) Technology. http://www.amd.com/virtualization, 2010.
- Jon Brodkin. Gartner: Seven Cloud-Computing Security Risks. http://bit.ly/eyjAtB, July 2008.
- Katarzyna Keahey, Ian Foster, Timothy Freeman, X Zhang, and D Gal- ron. Virtual Workspaces in the Grid. Lecture Notes in Computer Science, Jan 2005.
- Geoffroy Vallée, Thomas Naughton, Christian Engelmann, Hong Ong, and Stephen L Scott. System-Level Virtualization for High Performance Computing. Proceedings of the 16th Euromicro Conference on Paral- lel, Distributed and Network-Based Processing (PDP '08), pages 636–643, 2008.
- Glenn Wurster and P.C. van Oorschot. Self-signed Executables: Restrict- ing Replacement of Program Binaries by Malware. HOTSEC'07: Pro- ceedings of the 2nd USENIX Workshop on Hot Topics in Security, pages 1–5, Jul 2007.
- Leendert van Doorn, Van Doorn, Gerco Ballintijn, and William A. Ar- baugh. Signed Executables for Linux. Technical report, Technical Report CS-TR-4259, University of Maryland, 2001.
- Timothy Freeman and Katarzyna Keahey. Flying Low: Simple Leases with Workspace Pilot. In Euro-Par 2008 – Parallel Processing, vol- ume 5168 of Lecture Notes in Computer Science, pages 499–509. Springer Berlin / Heidelberg, 2008.
- Jon Oberheide, Evan Cooke, and Farnam Jahanian. Rethinking An- tivirus: Executable Analysis in the Network Cloud. Proceedings of the 2nd USENIX Workshop on Hot topics in Security, Jan 2007.
- David Wolinsky, Abhishek Agrawal, P Boykin, and Justin Davis. On the Design of Virtual Machine Sandboxes for Distributed Computing in Wide- area Overlays of Virtual Workstations. Proceedings of the 2nd Interna- tional Workshop on Virtualization Technology in Distributed Computing (VTDC), page 8, Jan 2006.
- Timothy Wood, Alexandre Gerber, Alexandre Gerber, Prashant Shenoy, and Jacobus Van Der Merwe. The Case for Enterprise-Ready Virtual Private Clouds. In Proceedings of the 2009 Conference on Hot Topics in Cloud Computing. USENIX, 2009.
- Michael Armbrust, Armando Fox, Rean Griffith, and Aanthony Joseph. Above the Clouds: A Berkeley View of Cloud Computing. EECS De- partment University of California Berkeley Tech Rep UCBEECS200928, 53(UCB/EECS-2009-28), Jan 2009.
- Andrew Martin and Po-Wah Yau. Grid security: Next steps. Information Security Technical Report, 12(3):113–122, 2007.
- Matthias Schmidt, Niels Fallenbeck, Matthew Smith, and Bernd Freisleben. Secure Service-Oriented Grid Computing with Public Virtual Worker Nodes. In Proceedings of 35th Euromicro Conference on Internet Technologies, Quality of Service and Applications (ITQSA), pages 555– 562. IEEE press, 2009.
- Jeffrey Wilhelm and Tzi-Cker Chiueh. A Forced Sampled Execution Ap- proach to Kernel Rootkit Identification. Lecture Notes in Computer Sci- ence, 4637:219–235, 2007.
- Jeanna Matthews, Tal Garfinkel, Christofer Hoff, and Jeff Wheeler. Vir- tual Machine Contracts for Datacenter and Cloud Computing Environ- ments. In Proceedings of the 1st Workshop on Automated Control for Datacenters and Clouds, ACDC '09, pages 25–30, New York, NY, USA, 2009. ACM.
- Ryan Riley, Xuxian Jiang, and Dongyan Xu. Guest-transparent Preven- tion of Kernel Rootkits with VMM-based Memory Shadowing. Lecture Notes in Computer Science including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, 5230 LNCS:1–20, 2008.
- Borja Sotomayor, Rubén Santiago Montero, Ignacio Martin Llorente, and I Foster. Resource Leasing and the Art of Suspending Virtual Machines. 2009 11th IEEE International Conference on High Performance Comput- ing and Communications, pages 59–68, 2009.
- Borja Sotomayor, Katarzyna Keahey, and Ian Foster. Combining Batch Execution and Leasing Using Virtual Machines. In Proceedings of the 17th International Symposium on High Performance Distributed Computing, HPDC '08, pages 87–96. ACM, 2008.
- AL Rowland, M Burns, JV Hajnal, and D.L.G. Hill. Using Grid Services From Behind A Firewall. Imperial College London, 2005.
- Joseph Kong. Designing BSD Rootkits. An Introduction to Kernel Hack- ing. No Starch Press, first edition, 2007.
- Ludmila Cherkasova and Rob Gardner. Measuring CPU Overhead for I/O Processing in the Xen Virtual Machine Monitor. In USENIX Annual Technical Conference, pages 387–390. USENIX Association, 2005.
- Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee. Ether: Malware Analysis via Hardware Virtualization Extensions. Analysis, pages 51–62, 2008.
- Diomidis Spinellis. Reflection as a Mechanism for Software Integrity Veri- fication. ACM Transactions on Information and System Security, 3(1):51– 62, 2000.
- Jyoti Batheja and Manish Parashar. Adaptive Cluster Computing using JavaSpaces. In Proceedings of the 3rd IEEE International Conference on Cluster Computing, pages 323–331, Washington, DC, USA, 2001. IEEE Computer Society.
- Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. Terra: A Virtual Machine-based Platform for Trusted Computing. ACM SIGOPS Operating Systems Review, 37(5):193–206, 2003.
- Aaron Weiss. Trusted Computing. netWorker, 10:18–25, September 2006. [169] Von Welch. Globus Toolkit Firewall Requirements. http://www.globus.org/toolkit/security/firewalls/Globus-Firewall- Requirements-9.pdf, October 2006.
- Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the Art of Virtualization. In SOSP '03: Proceedings of the 19th ACM Symposium on Operating Systems Principles, pages 164–177. ACM Press, 2003.
- Ian Foster, Carl Kesselman, C. Lee, R. Lindell, K. Nahrstedt, and A. Roy. A Distributed Resource Management Architecture that Supports Ad- vance Reservations and Co-Allocation. In Proceedings of the International Workshop on Quality of Service, 1999.
- Mauricio Tsugawa and Jose A. B. Fortes. A Virtual Network (ViNe) Architecture for Grid Computing. Proceedings 20th IEEE International Parallel Distributed Processing Symposium, pages 1–10, 2006.
- Stuart Kenny and Brian Coghlan. Towards a Grid-wide Intrusion Detec- tion System. In Peter M. A. Sloot, Alfons G. Hoekstra, Thierry Priol, Alexander Reinefeld, and Marian Bubak, editors, Advances in Grid Com- puting -EGC 2005, volume 3470 of Lecture Notes in Computer Science, pages 275–284. Springer Berlin / Heidelberg, 2005.
- Wei Yan and Erik Wu. Toward Automatic Discovery of Malware Signature for Anti-Virus Cloud Computing, volume 4, pages 724–728. Springer Berlin Heidelberg, 2009.
- John Scott Robin and Cynthia Irvine. Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor. Proceedings of the 9th Conference on USENIX Security Symposium, 9:10–10, Jan 2000.
- Nadir Kiyanclar, Gregory A. Koenig, and William Yurcik. Maestro-VC: A Paravirtualized Execution Environment for Secure On-Demand Cluster Computing. In CCGRID '06: Proceedings of the Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06), page 28. IEEE Computer Society, 2006.
- Robert Bradford, Evangelos Kotsovinos, Anja Feldmann, and Harald Schöberg. Live Wide-area Migration of Virtual Machines Including Local Persistent State. In VEE '07: Proceedings of the 3rd International Con- ference on Virtual Execution Environments, pages 169–179, New York, NY, USA, 2007. ACM.
- Matthew Smith, Thomas Friese, Michael Engel, Bernd Freisleben, G. Koenig, and W. Yurcik. Security Issues in On-Demand Grid and Cluster Computing. In Sixth IEEE International Symposium on Clus- ter Computing and the Grid Workshops (CCGRIDW'06), page 24. IEEE Press, 2006.
- Matthias Schmidt, Matthew Smith, Niels Fallenbeck, Hans-Joachim Picht, and Bernd Freisleben. Building a Demilitarized Zone with Data Encryption for Grid Environments. In Proceedings of First International Conference on Networks for Grid Applications, pages 8–16. ACM Press, 2007.
- Samuel T. King, Peter M. Chen, Yi min Wang, Chad Verbowski, Helen J. Wang, and Jacob R. Lorch. Subvirt: Implementing Malware with Virtual Machines. In In IEEE Symposium on Security and Privacy, pages 314– 327, 2006.
- Niels Fallenbeck, Matthias Schmidt, Roland Schwarzkopf, and Bernd Freisleben. Inter-Site Virtual Machine Image Transfer in Grids and Clouds. In Proceedings of the 2nd International ICST Conference on Cloud Computing (CloudComp 2010). Springer LNICST, 2010.
- Jon Oberheide, Evan Cooke, and Farnam Jahanian. CloudAV: N-Version Antivirus In The Network Cloud, pages 91–106. USENIX Association, 2008.
- Christopher Kruegel, William Robertson, and Giovanni Vigna. Detect- ing Kernel-Level Rootkits Through Binary Analysis. Computer Security Applications Conference, (6-10):91–100, Jan 2004.
- Sechang Son, Bill Allcock, and Miron Livny. CODO: Firewall Traversal by Cooperative On-Demand Opening. In Proceedings of the Fourteenth IEEE Symposium on High Performance Distributed Computing, pages 233–242, Jul 2005.
- Björn Könning, Christian Engelmann, Stephen L Scott, and G Al Geist. Virtualized Environments for the Harness High Performance Computing Workbench. Proceedings of the 16th Euromicro Conference on Paral- lel, Distributed and Network-Based Processing (PDP '08), pages 133–140, 2008.
- Christian Engelmann, Stephen L Scott, Hong Ong, Geoffroy Vallée, and Thomas Naughton. Configurable Virtualized System Environments for High Performance Computing. In Proceedings of the 1st Workshop on System-level Virtualization for High Performance Computing (HPCVirt) 2007, in conjunction with the 2nd ACM SIGOPS European Conference on Computer Systems (EuroSys), 2007.
- Ivan Krsul, Arijit Ganguly, Jian Zhang, Jose A. B. Fortes, and Renato J. Figueiredo. VMPlants: Providing and Managing Virtual Machine Ex- ecution Environments for Grid Computing. In Proceedings of the 2004 ACM/IEEE Conference on Supercomputing, page 7. IEEE Computer So- ciety, 2004.
- Bryan Clark, Todd Deshane, Eli Dow, Stephen Evanchik, Matthew Fin- layson, Jason Herne, and Jeanna Neefe Matthews. Xen and the Art of Repeated Research. In USENIX Annual Technical Conference, FREENIX Track, pages 135–144, 2004.
- Niels Fallenbeck, Hans-Joachim Picht, Matthew Smith, and Bernd Freisleben. Xen and the Art of Cluster Scheduling. In Proceedings of the 2006 ACM/IEEE Conference on Supercomputing, Virtualization Work- shop, pages 237–244. ACM Press, 2006.
- Nick L. Petroni, Timothy Fraser, Jesus Molina, and William A. Arbaugh. Copilot -A Coprocessor-based Kernel Runtime Integrity Monitor. In Proceedings of the 13th Conference on USENIX Security Symposium, vol- ume 13 of SSYM'04, pages 13–13, Berkeley, CA, USA, 2004. USENIX Association.
- Ian Foster. The Anatomy of the Grid: Enabling Scalable Virtual Orga- nizations. First IEEE/ACM International Symposium on Cluster Com- puting and the Grid, 2001, Jan 2001.
- Lamia Youseff, Richard Wolski, Brent Gorda, and Chandra Krintz. Par- avirtualization for HPC Systems. ISPA Workshops, pages 474–486, 2006.
- Xiaolan Zhang, Leendert van Doorn, Trent Jaeger, Ronald Perez, and Reiner Sailer. Secure Coprocessor-based Intrusion Detection. In Proceed- ings of the 10th Workshop on ACM SIGOPS European Workshop, EW 10, pages 239–242, New York, NY, USA, 2002. ACM.
- Katarzyna Keahey, Karl Doering, and Ian Foster. From Sandbox to Play- ground: Dynamic Virtual Environments in the Grid. GRID '04: Proceed- ings of the Fifth IEEE/ACM International Workshop on Grid Computing (GRID'04), pages 34–42, 2004.
- Luigi Catuogno and Ivan Visconti. An Architecture for Kernel-Level Ver- ification of Executables at Run Time. Computer Journal, 47(5):511–526, 2004.
- Mike Surridge and Colin Upstill. Grid Security: Lessons for Peer-to-Peer Systems. In P2P '03: Proceedings of the 3rd International Conference on Peer-to-Peer Computing, pages 2–6, Washington, DC, USA, 2003. IEEE Computer Society.
- Mark Baker, Hong Ong, and Garry Smith. A Report on Experiences Operating the Globus Toolkit through a Firewall. Technical report, Dis- tributed Systems Group, University of Portsmouth, September 2001.
- EGEE Project. gLite – Lightweight Middleware for Grid Computing. http://glite.cern.ch/, 2010.
- Kay Dörnemann, Tim Dörnemann, Bernd Freisleben, Tobias M. Schnei- der, and Bruno Eckhardt. A Hybrid Peer-to-Peer and Grid Job Scheduling System for Teaming Up Desktop Resources with Computer Clusters to Perform Turbulence Simulations. In Proceedings of 4th IEEE Interna- tional Conference on e-Science, pages 418–419. IEEE Press, 2008.
- Aravind Menon, Jose Renato Santos, Yoshio Turner, G. (John) Janakira- man, and Willy Zwaenepoel. Diagnosing Performance Overheads in the Xen Virtual Machine Environment. In VEE '05: Proceedings of the 1st ACM/USENIX International Conference on Virtual Execution Environ- ments, pages 13–23, New York, NY, USA, 2005. ACM Press.
- Rafal Wojtczuk and Joanna Rutkowska. Attack- ing SMM Memory via Intel CPU Cache Poisoning. http://invisiblethingslab.com/resources/misc09/smm cache fun.pdf, March 2009.
- Libvirt Developers. Libvirt -The Virtualization API. http://libvirt.org/, 2010. [30] The OpenSSH developers. OpenSSH -Secure Shell Login. http://www.openssh.org, 2011.
- [16] CERT Advisory CA-1998-01.
- Renato Figueiredo, Peter Dinda, and Jose Fortes. A Case for Grid Com- puting on Virtual Machines. 23rd International Conference on Distributed Computing Systems, 0:550, Jan 2003.
- Laura Pearlman, Von Welch, Ian Foster, Carl Kesselman, and Steven Tuecke. A Community Authorization Service for Group Collaboration. In Proceedings of the Third International Workshop on Policies for Dis- tributed Systems and Networks, pages 50–59. Published by the IEEE Com- puter Society, 2002.
- Eduardo Huedo, Rubén Santiago Montero, and Ignacio Martín Llorente. A Modular Meta-Scheduling Architecture for Interfacing with Pre-WS and WS Grid Resource Management Services. Future Generation Com- puting Systems, 23(3):252–261, 2007.
- Ian Foster, Carl Kesselman, Gene Tsudik, and Steven Tueckee. A Security Architecture for Computational Grids. In Proceedings of the 5th ACM Conference on Computer and Communications Security CCS 98, pages 83–92. ACM Press, 1998.
- Tal Garfinkel and Mendel Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In In Proceedings of the Net- work and Distributed Systems Security Symposium, pages 191–206, 2003.
- Dimiter Velev and Plamena Zlateva. Cloud Infrastructure Security. In Open Research Problems in Network Security, volume 6555 of Lecture Notes in Computer Science, pages 140–148. Springer LNICST, 2011.
- Paulo F. Silva, Carlos B. Westphall, Carla M. Westphall, and Marcos D. Assunção. Composition of a DIDS by Integrating Heterogeneous IDSs on Grids. In Proceedings of the 4th International Workshop on Middleware for Grid Computing, MCG '06, pages 12–18, New York, NY, USA, 2006. ACM.
- Matthew Smith, Thomas Friese, Michael Engel, and Bernd Freisleben. Countering Security Threats in Service-Oriented On-Demand Grid Com- puting Using Sandboxing and Trusted Computing Techniques. Journal of Parallel and Distributed Computing, 66(9):1189–1204, 2006.
- Axelle Apvrille, David Gordon, Serge Hallyn, Makan Pourzandi, and Vin- cent Roy. Digsig: Run-time Authentication of Binaries at Kernel Level. Proceedings of the 18th USENIX Conference on System Administration: LISA, pages 59–66, Jan 2004.
- Gian Luca Volpato and Christian Grimm. Dynamic Firewalls and Service Deployment Models for Grid Environments. In In Proceedings of the Cracow Grid Workshop, 2006.
- Ananth I Sundararaj, Ashish Gupta, and Peter A Dinda. Dynamic Topol- ogy Adaptation of Virtual Networks of Virtual Machines. Proceedings of the 7th Workshop on Languages, Compilers and Runtime Support for Scalable Systems LCR 04, pages 1–8, 2004.
- Matthias Schmidt, Niels Fallenbeck, Matthew Smith, and Bernd Freisleben. Efficient Distribution of Virtual Machines for Cloud Com- puting. In Proceedings of the 18th Euromicro Conference on Parallel, Distributed and Network-based Processing (PDP), pages 567–574. IEEE Press, 2010.
- Borja Sotomayor, Kate Keahey, Ian Foster, and Tim Freeman. Enabling Cost-Effective Resource Leases with Virtual Machines. Hot Topics ses- sion in ACM/IEEE International Symposium on High Performance Dis- tributed Computing, pages 16–18, 2007.
- Abhishek Kumar, Vern Paxson, and Nicholas Weaver. Exploiting Un- derlying Structure for Detailed Reconstruction of an Internet-scale Event, page 1. ACM Press, 2005.
- Björn Hof, Jerry Westerweel, Tobias M Schneider, and Bruno Eckhardt. Finite Lifetime of Turbulence in Shear Flows. Nature, 443:60–64, 2006.
- Mark Green, Steven Gallo, and Russ Miller. Grid-enabled Virtual Organi- zation Based Dynamic Firewall. Fifth IEEEACM International Workshop on Grid Computing, pages 208–216, 2004.
- Fang-Yie Leu, Jia-Chun Lin, Ming-Chang Li, Chao-Tung Yang, and Po- Chi Shih. Integrating Grid with Intrusion Detection. In Proceedings of the 19th International Conference on Advanced Information Networking and Applications, pages 304–309, 2005.
- Michael Kozuch and M. Satyanarayanan. Internet Suspend/Resume. In Proceedings Fourth IEEE Workshop on Mobile Computing Systems and Applications, pages 40–46, Jan 2002.
- Joanna Rutkowska. Introducing Blue Pill. http://theinvisiblethings.blogspot.com/2006/06/introducing-blue- pill.html, June 2006.
- Marcos Laureano, Carlos Maziero, and Edgard Jamhour. Intrusion De- tection In Virtual Machine Environments. Proceedings 30th Euromicro Conference 2004, pages 520–525, 2004.
- Matthias Schmidt, Lars Baumgärtner, Pablo Graubner, David Böck, and Bernd Freisleben. Malware Detection and Kernel Rootkit Prevention in Cloud Computing Environments. In Proceedings of the 19th Euromicro Conference on Parallel, Distributed and Network-based Processing (PDP), pages 603–610. IEEE press, 2011.
- Access e.V. Materials, Processes, Casts. http://www.access.rwth- aachen.de/, 2010.
- Roland Schwarzkopf, Matthias Schmidt, Niels Fallenbeck, and Bernd Freisleben. Multi-Layered Virtual Machines for Security Updates in Grid Environments. In Proceedings of 35th Euromicro Conference on Internet Technologies, Quality of Service and Applications (ITQSA), pages 563– 570. IEEE Press, 2009.
- Constantine P Sapuntzakis, Ramesh Chandra, Ben Pfaff, Jim Chow, Monica S Lam, and Mendel Rosenblum. Optimizing the Migration of Virtual Computers. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation, pages 377–390, 2002.
- W E Johnston, K R Jackson, and S Talwar. Overview of Security Con- siderations for Computational and Data Grids. Proceedings 10th IEEE Bibliography International Symposium on High Performance Distributed Computing, pages 439–440, 2001.
- Vinay Bansal. Policy Based Firewall for GRID Security. Technical report, Dept. of Computer Science, Duke University, 2004.
- Michael R. Hines, Umesh Deshpande, and Kartik Gopalan. Post-copy Live Migration of Virtual Machines. SIGOPS Operating Systems Review, 43(3):14–26, 2009.
- Ala Rezmerita, Tangui Morlier, Vincent Neri, and Franck Cappello. Pri- vate Virtual Cluster: Infrastructure and Protocol for Instant Grids. In Euro-Par 2006 Parallel Processing, volume 4128 of Lecture Notes in Com- puter Science, pages 393–404. Springer Berlin / Heidelberg, 2006.
- Wolfgang Mauerer. Professional Linux Kernel Architecture. Wiley Pub- lishing, Inc., Indianapolis, Indiana, 2008.
- William von Hagen. Professional Xen Virtualization. Wrox Press Ltd., Birmingham, UK, UK, 2008.
- Gian Luca Volpato and Christian Grimm. Recommendations for Static Firewall Configuration in D-Grid. Technical Report Version 1.4, D-Grid Integrationsprojekt (DGI), Januar 2007.
- Bryan D Payne, Martim D P De A Carbone, and Wenke Lee. Secure and Flexible Monitoring of Virtual Machines. In 23rd Annual Computer Security Applications Conference ACSAC, pages 385–397. IEEE Press, 2007.
- M Humphrey, M R Thompson, and K R Jackson. Security for Grids. Proceedings of the IEEE, 93(3):644–652, 2005.
- Matthew Smith. Security for Service-Oriented On-Demand Grid Com- puting. PhD thesis, Philipps University of Marburg, 2008.
- Greg Kroah-Hartman. Signed Kernel Modules. Linux Journal, pages 301–308, Jan 2004.
- David Chisnall. The definitive Guide to the Xen Hypervisor. Prentice Hall Press, Upper Saddle River, NJ, USA, 2007.
- Marshall McKusick and Geroge Neville-Neil. The Design and Implemen- tation of the FreeBSD Operating System. Addison-Wesley Publishing Company, Reading, MA, April 2005.
- Terrence V. Lillard, Clint P. Garrison, Craig A. Schiller, and James Steele. The Future of Cloud Computing. In Digital Forensics for Network, In- ternet, and Cloud Computing, pages 319 – 339. Syngress, Boston, 2010.
- The Globus Project. The Globus Toolkit 4, 2010. http://www. globus.org/toolkit/.
- The Grid Security Vulnerability Group. Critical Vulnerability: OpenPBS/Torque. http://security.fnal.gov/CriticalVuln/openpbs-10-23- 2006.html, October 2006.
- Andrew Tridgell and Paul Mackerras. The rsync Algorithm. Imagine, (TR-CS-96-05), 1996.
- T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol -Version 1.2. Proposed Standard of the IETF, August 2008.
- TIS Committee. Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification, May 1995. Version 1.2.
- Nguyen Anh Quynh and Yoshiyasu Takefuji. Towards a Tamper-resistant Kernel Rootkit Detector. Symposium on Applied Computing, pages 276– 283, 2007.
- Alexandre Schulter, Fabio Navarro, Fernando Koch, and Carlos Becker Westphall. Towards Grid-based Intrusion Detection. In 10th IEEE/IFIP Network Operations and Management Symposium, pages 1–4, 2006.
- Eugen Volk, Jochen Buchholz, Stefan Wesner, Daniela Koudela, Matthias Schmidt, Niels Fallenbeck, Roland Schwarzkopf, Bernd Freisleben, Götz Isenmann, Jürgen Schwitalla, Marc Lohrer, Erich Focht, and Andreas Jeutter. Towards Intelligent Management of Very Large Computing Sys- tems. In Proceedings of Competence in High Performance Computing CiHPC. Springer, 2010.
- Tobias M. Schneider, Filippo De Lillo, Jürgen Bührle, Bruno Eckhardt, Tim Dörnemann, Kay Dörnemann, and Bernd Freisleben. Transient Tur- bulence in Plane Couette Flow. Physical Review E, pages 15301–15305, 2010.
- Matthias Schmidt, Sascha Fahl, Roland Schwarzkopf, and Bernd Freisleben. TrustBox: A Security Architecture for Preventing Data Breaches. In Proceedings of the 19th Euromicro Conference on Parallel, Distributed and Network-based Processing (PDP), pages 635–639. IEEE press, 2011.
- Trusted Computing Group. TPM Main Part 1 Design Principles Specifi- cation. Technical Report Version 1.2, March 2006.
- Borja Sotomayor, Rubén S Montero, Ignacio M Llorente, and Ian Foster. Virtual Infrastructure Management in Private and Hybrid Clouds. IEEE Internet Computing, 13(5):14–22, 2009.
- European DataGrid Project. Virtual Organization Mem- bership Service (VOMS). http://edg-wp2.web.cern.ch/edg- wp2/security/voms/voms.html, 2003.
- Renzo Davoli and Michael Goldweber. Virtual Square (V2) in Computer Science Education. In Proceedings of the 10th Annual SIGCSE Confer- ence on Innovation and Technology in Computer Science Education, pages 301–305, 2005.
- Katarzyna Keahey. Virtual Workspaces: Achieving Quality of Service and Quality of Life in the Grid. Scientific Programming, Jan 2005.
- Bin Lin and Peter A. Dinda. VSched: Mixing Batch And Interactive Virtual Machines Using Periodic Real-time Scheduling. In Proceedings of the 2005 ACM/IEEE Conference on Supercomputing, page 8. IEEE Computer Society, 2005.
- Ian Foster. What is the Grid? A Three Point Checklist. GRID Today, 1(6):32–36, July 2002.
- Yingwei Luo, Binbin Zhang, Xiaolin Wang, Zhenlin Wang, Yifeng Sun, and Haogang Chen. Live and Incremental Whole-system Migration of Virtual Machines Using Block-Bitmap. In 2008 IEEE International Con- ference on Cluster Computing, pages 99–106, 2008.
- Softpanorama -Open Source Software Educational Society. NFS Perfor- mance Tuning. http://softpanorama.org/Net/Application layer/NFS/ nfs performance tuning.shtml, August 2009.
- S Kent and R Atkinson. RFC 2401: Security Architecture for the Internet Protocol. http://tools.ietf.org/html/rfc2401, 1998.
- Globus Security Team. Globus security advisory 2007-02: Gsi-openssh vulnerability. http://www-unix.globus.org/mail archive/security- announce/2007/04/msg00000.html, March 2007. [148] Globus Security Team. Globus security advisory 2007-03: Nexus vulnerability. http://www.globus.org/mail archive/security- announce/2007/05/msg00000.html, May 2007.
- [10] BitTorrent Development Team. BitTorrent Website. http://www.bittorrent.com/, 2011.
- Smurf IP Denial-of-Service Attacks. http://www.cert.org/advisories/CA-1998-01.html, 2008.
- Clam AntiVirus Team. Clam AntiVirus. http://www.clamav.net, 2010.
- Christopher Clark, Keir Fraser, Steven Hand, Jacob Gorm Hansen, Eric Jul, Christian Limpach, Ian Pratt, and Andrew Warfield. Live Migration of Virtual Machines. In NSDI'05: Proceedings of the 2nd Symposium on Networked Systems Design & Implementation, pages 273–286, Berkeley, CA, USA, 2005. USENIX Association. [22] Cluster Resources, Inc. TORQUE Resource Manager. http://www.clusterresources.com/pages/ products/torque-resource-manager.php, September 2010. Bibliography
- LINBIT HA-Solutions GmbH. DRBD -Software Development for High Availability Clusters. http://www.drbd.org/, 2011.
- Unionfs Developers. Unionfs: A Stackable Unification File System. http://www.filesystems.org/project-unionfs.html, June 2008.
- [150] The GridSphere Project. The GridSphere Portal Framework. http://www.gridsphere.org, August 2010. [151] The NetBSD Guide. NetBSD Veriexec Subsystem. http://www.netbsd.org/docs/guide/en/chap-veriexec.html, 2010.
- Sven Graupner and Carsten Reimann. Globus Grid and Fire- walls: Issues and Solutions in a Utility Data Center Environ- ment. http://www.hpl.hp.com/techreports/2002/HPL-2002-278.pdf, Oc- tober 2002.
- InGrid Project. InGrid Website. http://www.ingrid-info.de, 2010. [61] International Standard Organization (ISO/OSI). ISO/IEC 27000:2009 Information technology – Security techniques – Information se- curity management systems -Fundamentals and vocabulary. http://www.iso27001security.com/, May 2009.
- [62] International Standard Organization (ISO/OSI). ISO/IEC 27004:2009 Information technology — Security techniques Information security man- agement — Measurement. http://www.iso27001security.com/, May 2009.
- The London eScience Centre. Sun Grid Engine Integration with Globus Toolkit 4. http://www.lesc.ic.ac.uk/pro jects/SGE-GT4.html, February 2007.
- Stephen Hemminger. Linux Iproute2 Utilities. http://www.linuxfoundation.org/collaborate/ workgroups/networking/iproute2, 2011.
- Oracle. MySQL: The World's most popular Open Source Database. http://www.mysql.com/, 2011.
- Michael Nelson, Beng-Hong Lim, and Greg Hutchins. Fast Transpar- ent Migration for Virtual Machines. Proceedings of the USENIX Annual Technical Conference 2005, pages 391–394, Jan 2005. [94] Nimbus Developers. Nimbus Open Source Toolkit. http://www.nimbusproject.org/, 2010.
- OpenSSL Project. OpenSSL: The Open Source Toolkit for SSL/TLS. http://www.openssl.org/, 2011.
- The Openwall Project. Linux Kernel Patch From The Openwall Project. http://www.openwall.com/linux/, August 2010.
- PostgreSQL Global Development Group. PostgresSQL: The World's most advanced Open Source Database. http://www.postgresql.org/, 2011.
- Python Software Foundation. Python Programming Language – Official Website. http://www.python.org, 2011.
- Matthew Smith, Matthias Schmidt, Niels Fallenbeck, Christian Schridde, and Bernd Freisleben. Optimising Security Configurations with Service Level Agreements. In Proceedings of the 7th International Conference on Optimization: Techniques and Applications (ICOTA7), pages 367–368. ICOTA, 2007. [128] Snort Development Team. Snort Network Intrusion Detection. http://www.snort.org, August 2010.
- Ralf Ewerth, Markus Mühling, and Bernd Freisleben. Self-Supervised Learning of Face Appearances in TV Casts and Movies. In Interna- tional Journal on Semantic Computing (IJSC), Special Issue on ISM 2006, pages 185–204. World Scientific, 2007.
- Internet Security Systems. Unicore client keystore information disclosure. http://xforce.iss.net/xforce/xfdb/30157, November 2006.
- Bibliography [1] W. Allcock, J. Bester, J. Bresnahan, S. Meder, P. Plaszczak, and S. Tuecke. GridFTP: Protocol Extensions to FTP for the Grid. April 2003.