A Security Architecture for e-Science Grid Computing

Abstract

E-Science Grid infrastructures are established on the collaboration of multiple and possibly otherwise independent and globally distributed organizations connected via the Internet. Thereby instantiated e-Science Grids provide the researchers of these globally distributed organizations with unified access to large-scale computing and storage services, including the access to large-scale scientific data as such. It is part of their purpose that e-Science Grids allow collaborating researchers to introduce their own data and program code in the course of their work. Beyond, via submission of Grid jobs any program code can be executed as detached computational operation within the distributed computing infrastructure. This openness of allowed introduction and usage of data and program code poses a substantial security threat. The delegation of privileges in the course of Grid jobs submissions in combination with the users’ allowance to introduce and utilize a priori untrusted program code and data is however a widely identified security challenge. The main contribution of this thesis is to propose a new framework for delegation and an according Grid security architecture in response to this challenge. Following a discussion of the goals and requirements of e-Science Grids in general, and an overview and comparison of existing and in-use e-Science Grid architectures in particular, this thesis will analyze security aspects applying to such e-Science Grid infrastructures. The thereof derived and defined security objectives concern data integrity and authenticity, system integrity, availability, non-repudiation of Grid job submission and processing as well as confidentiality and data privacy. Looking at the case of an established e-Science Grid framework, vulnerabilities and security implications of existing distributed e-Science Grids will be examined. Furthermore the widely adopted unrestricted delegation based on X.509 proxy certificates will be assessed, revealing fundamental deficiencies concerning the unverifiable correlation of assignment and delegation of privileges, which facilitates potential misuse of privileges and digital identities. In order to address these issues, this thesis will introduce “mediated definite delegation” as a new framework for delegation. The framework utilizes public-key signatures and affords verifiable integrity and authenticity of Grid data and jobs as well as transparent, dynamic and least-privileged delegation of Grid jobs via one or more brokers to an agent. Its delegation mechanism provides protection against misuse of the delegating user’s identity as well as against unnoticed alteration of the requested actions. Finally, an e-Science Grid security architecture established on this framework will be presented and specified, which is able satisfy the defined security objectives. As a proof of concept, a prototype implementation of this e-Science Grid security architecture will be presented, including a test-based evaluation of its performance.