Infrastructural Security for Virtualized Grid Computing [Elektronische Ressource] / Matthias Schmidt. Betreuer: Bernd Freisleben

philipps-universitat_marburg

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

235 pages

English

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

Sujets

Informatik

Informations

Publié par	philipps-universitat_marburg
Publié le	01 janvier 2011
Nombre de lectures	30
Langue	English
Poids de l'ouvrage	4 Mo

Extrait

Infrastructural Security
for Virtualized Grid
Computing
Dissertation
zur Erlangung des Doktorgrades der Naturwissenschaften
(Dr. rer. nat.)
dem Fachbereich Mathematik und Informatik
der Philipps-Universit at Marburg
vorgelegt von
Matthias Schmidt
aus Lich
Marburg, im Juni 2011Vom Fachbereich Mathematik und Informatik der
Philipps-Universit at Marburg als Dissertation am
8. Juni 2011
angenommen.
1. Gutachter: Prof. Dr. Bernd Freisleben, Philipps-Universit at Marburg
2.hter: Prof. Dr. Matthew Smith, Leibniz Universit at Hannover
Tag der mundlic hen Prufung am 26. September 2011.Acknowledgments
At rst, I want to express my sincere and utmost gratitude to my wife, Angela.
Without you, I would not be where I’m now. Your continuous love and your
support made it possible for me to nish this thesis. Furthermore, I have to
thank my parents. Without their everlasting support and encouragement, it
would not be possible for me to study computer science.
At the University of Marburg I would like to thank my advisor, Prof. Dr.
Bernd Freisleben for supervising this thesis, his invaluable guidance and our
good discussions.
Furthermore, I would like to thank my colleagues and students past and present
at the Distributed Systems Group who were invaluable in the realization of
the projects in this thesis. In alphabetical order I would like to thank Lars
Baumg artner, David B ock, Kay D ornemann, Tim D ornemann, Sascha Fahl,
Niels Fallenbeck, Pablo Graubner, Rene Greuel, Marian Harbach, Katharina
Haselhorst, Ernst Juhnke, Matthias Leinweber, Christian Schridde, Roland
Schwarzkopf and last, but not least, Mechthild Kessler. I’m especially grateful
to my two o ce mates, Niels and Roland, for creating an enjoyable work envi-
ronment. Prof. Dr. Matthew Smith deserves special thanks, as he was the one
who guided me in my rst years and showed me the ropes in research.
Doing research and writing a thesis without the proper environment is impossi-
ble { special thanks to Dr. Thomas Gebhardt from the local computing center
for his valuable support and his patience when I managed to crash a grid node,
again.
Finally, I would like to thank Justin C. Sherrill and Annie McWhertor for
proofreading (parts of) this thesis.
During writing my thesis, I was supported by the German Ministry of Research
and Education (bmbf) as part of the D-Grid and hpc projects.
{iii{Abstract
The goal of the grid computing paradigm is to make computer power as easy
to access as an electrical power grid. Unlike the power grid, the computer grid
uses remote resources located at a service provider. Malicious users can abuse
the provided resources, which not only a ects their own systems but also those
of the provider and others.
Resources are utilized in an environment where sensitive programs and data
from competitors are processed on shared resources, creating again the poten-
tial for misuse. This is one of the main security issues, since in a business
environment competitors distrust each other, and the fear of industrial espi-
onage is always present. Currently, human trust is the strategy used to deal
with these threats. The relationship between grid users and resource providers
ranges from highly trusted to highly untrusted [125]. This wide trust rela-
tionship occurs because grid computing itself changed from a research topic
with few users to a widely deployed product that included early commercial
adoption. The traditional open research communities have very low security
requirements, while in contrast, business customers often operate on sensitive
data that represents intellectual property; thus, their security demands are very
high. In traditional grid computing, most users share the same resources con-
currently. Consequently, information regarding other users and their jobs can
usually be acquired quite easily. This includes, for example, that a user can see
which processes are running on another users system. For business users, this is
unacceptable since even the meta-data of their jobs is classi ed [124]. As a con-
sequence, most commercial customers are not convinced that their intellectual
property in the form of software and data is protected in the grid.
This thesis proposes a novel infrastructural security solution that advances the
concept of virtualized grid computing. The work started back in 2007 and led to
the development of thexge, a virtual grid management software. Thexge itself
uses operating system virtualization to provide a virtualized landscape. Users
jobs are no longer executed in a shared manner; they are executed within special
sandboxed environments. To satisfy the requirements of a traditional grid setup,
the solution can be coupled with an installed scheduler and grid middleware on
the grid head node. To protect the prominent grid head node, a novel dual-
laned demilitarized zone is introduced to make attacks more di cult. In a
traditional grid setup, the head node and the computing nodes are installed in
the same network, so a successful attack could also endanger the user’s software
{v{and data. While the zone complicates attacks, it is, as all security solutions, not
a perfect solution. Therefore, a network intrusion detection system is enhanced
with grid speci c signatures. A novel software called Fence is introduced that
supports end-to-end encryption, which means that all data remains encrypted
until it reaches its nal destination. It transfers data securely between the user’s
computer, the head node and the nodes within the shielded, internal network.
A lightweight kernel rootkit detection system assures that only trusted kernel
modules can be loaded. It is no longer possible to load untrusted modules such
as kernel rootkits. Furthermore, a malware scanner for virtualized grids scans
for signs of malware in all running virtual machines. Using virtual machine
introspection, that scanner remains invisible for most types of malware and has
full access to all system calls on the monitored system. To speed up detection,
the load is distributed to multiple detection engines simultaneously. To enable
multi-site service-oriented grid applications, the novel concept of public virtual
nodes is presented. This is a virtualized grid node with a public ip address
shielded by a set of dynamic rewalls. It is possible to create a set of connected,
public nodes, either present on one or more remote grid sites. A special web
service allows users to modify their own rule set in both directions and in a
controlled manner.
The main contribution of this thesis is the presentation of solutions that con-
vey the security of grid computing infrastructures. This includes the xge, a
software that transforms a traditional grid into a virtualized grid. Design and
implementation details including experimental evaluations are given for all ap-
proaches. Nearly all parts of the software are available as open source software.
A summary of the contributions and an outlook to future work conclude this
thesis.
viZusammenfassung
Ein Grid soll einem Benutzer Ressourcen so einfach zu Verfung stellen, wie
das Stromnetz: Ein Ger at wird an die Steckdose angeschlossen und sofort
danach mit Strom versorgt. Im Gegensatz zu einer Steckdose nutzt Grid Com-
puting allerdings entfernte Ressourcen, die bei einem Provider installiert sind.
Diese k onnen durch b oswillige Nutzer missbraucht werden, die damit nicht nur
ihre eigenen Installationen sondern auch die von anderen Benutzern und dem
Provider gef ahrden.
Ressourcen im Grid Computing werden gemeinsam benutzt, d.h. Daten und
Programme von konkurrierenden Nutzern oder Unternehmen sind auf der sel-
ben physischen Ressource gespeichert. Diese gemeinsame Nutzung stellt eines
der Hauptprobleme dar, da Unternehmen sich im Allgemeinen gegenseitig mis-
strauen und die Gefahr durch Industriespionage omnipr asent ist. Die aktuelle
Strategie, um mit diesen Problemen umzugehen, basiert auf dem Vertrauen des
Nutzers gegenub er anderen Nutzern und dem Administrator. Diese Entwick-
lung resultiert aus der Tatsache, dass sich das Grid von einer rein akademischen
Spielwiese hin zu einem anerkannten Produkt mit ersten kommerziellen Anwen-
dern entwickelt hat [125]. Im Gegensatz zu kommerziellen Anwendern haben
akademische Nutzer meist niedrigere Sicherheitsanforderungen, da Quelldaten
und Ergebnisse frei zur Verfugung stehen. Kommerzielle Daten und Anwendun-
gen beinhalten in der Regel geistiges Eigentum, das besonderem Schutz bedarf.
In der gemeinsamen Nutzung von Ressourcen im traditionellen Grid Comput-
ing liegt also eines der Hauptprobleme, welches die kommerzielle Verbreitung
erschwert. Informationen ub er andere Benutzer und deren Jobs k onnen auf
solchen Systemen einfach erlangt werden. In den einfachsten F allen stellt die
blo e Kenntnis, dass ein Konkurrent auf demselben System rechnet, einen In-
formationsvorsprung dar, der nicht akzeptabel ist, da sogenannte Meta-Daten
meist vertraulich sind [124]. Es kann konstatiert werden, dass ein wirksamer
Schutz von sensitiven Inhalten im Grid nicht ausreichend vorhanden ist.
Diese Arbeit stellt neue Infrastruktur-Mechanismen vor, die das Konzept von
virtuellen Grids weiter voran bringen. Die Arbeiten dafur begannen 2007 und
haben zur Entwicklung der xge gefuhrt. Diexge ist eine Software zum Erzeu-
gen