Security for Service-Oriented On-Demand Grid Computing

The Grid computing paradigm is becoming a well established method for high performance computing. While the first generation of Grid computing solutions implemented their own proprietary interfaces, the introduction of the service-oriented computing paradigm and the corresponding web service standards into the field of Grid computing through the Open Grid Services Architecture (OGSA) increased the interoperability of the Grid. This paved the way for a number of national and international Grid projects, which now host a large number of academic and a growing number of business applications requiring on-demand provisioning and use of Grid resources. In an on-demand Grid environment, Grid users and applications change frequently, and the value of software and data is much higher than in traditional Grid environments with academic open source applications. To facilitate on-demand Grid computing, it is essential that users are able to install and use their applications autonomously in a timely and secure fashion, even though the software may contain third party components and requires root privileges to install. This would also enable the Grid to act as a base technology for the new Cloud computing paradigm, in which similar on-demand business constraints are present. Consequently, there are much higher demands for both administrative measures and security mechanisms to enable on-demand Grid computing. Like most complex IT systems, Grid middlewares exhibit a number of security problems which are further compounded by the new on-demand Grid usage scenario. Not only do these security problems expose the heterogeneous Grid resources to a homogeneous attack vector, but they also threaten existing cluster resources and their users, who up till now have worked in a local and secure environment. Furthermore, in an on-demand Grid scenario, cluster administrators are exposed to a large number of unknown users with a great variety of usage patterns. This makes the detection of malicious behavior an extremely complex task. As a consequence, Grids are increasingly becoming an attractive target for attackers, since they offer standardised access to a large number of machines storing potentially valuable data which can be misused in various ways. For example, the considerable computing power of clusters exposed via the Grid could be misused to break passwords, and their large storage capacity could be misappropriated to store and share illegal software and data. The generous bandwidth of the Internet connection can be used for launching Denial-of-Service (DoS) attacks or for hosting file-sharing services. However, far more critical than these resource attacks are attacks against customer data: crash test model data of a new prototype car, a custom fluid simulation suite or customer billing data all represent intellectual property of considerable monetary value and need to be protected. If a Grid resource provider cannot ensure the end-to-end integrity and safety of customer software and data, an industrial adoption of Grid technology will not be possible. However, at the same time, easy to use administration capabilities must exist to enable on-demand installation and usage of custom applications. These are usually diametrically opposite requirements, and careful balancing is required to satisfy both requirements. This thesis presents novel security and usability approaches for service-oriented on-demand Grid computing. They enable users to install and use custom software autonomously (both service-oriented and traditional) on shared computer systems on demand, while at the same time they protect software, data and business process information from other Grid users and external attackers. The core solution proposed in this thesis is based on operating system virtualisation to offer dynamic virtual image creation and deployment in a secure environment. An automated dynamic firewall mechanism provides a user based network security setup and creates secure user network regions on demand. In addition, the Grid environment is separated into several zones to protect local cluster resources from illegal access of Grid users. The Grid headnode and the image creation station are both confined to separate compartments in a Grid demilitarised zone. To enable the secure integration of this Grid environment into existing business workflows, an extension to the Business Process Execution Language (BPEL) and workflow execution engine is presented which allows the execution of secure Grid services in combination with existing business web services. The workflow engine handles the issues of proxy certificate creation transparently and, in the case of long running applications, certificate renewal. The approach allows both fine-grained service-oriented applications and legacy Grid applications to run in the same environment by integrating the Grid sandboxing system into existing cluster scheduling solutions. Furthermore, a novel server rotation mechanism is introduced to protect the Grid headnode from unknown stealth attacks by refreshing the headnode transparently using virtualised images. This reduces the time an attacker can operate in the system to no more than a few minutes. In addition to these attack prevention mechanisms, a novel intrusion detection system using a streaming database system is presented to detect attacks, which could not be prevented. Since developing service-oriented applications for a Grid environment is a complex and error prone task, the final contribution of this thesis is a design for an automated, model driven development process for secure Grid services. An implementation of the new Grid environment based on the Globus Toolkit 4, the Sun Grid Engine and the ActiveBPEL Engine is presented. The model driven development concepts are implemented in Eclipse for the Globus Tookit 4. Experimental results and an evaluation of the critical components of the new Grid setup are presented. The proposed security mechanisms are intended to promote the next phase in the evolution of Grid computing and to enable the Grid to act as a secure basis for the business-oriented Cloud computing endeavor.