Securing stateful grid servers through virtual server rotation

Authors:
Matthew Smith;Christian Schridde;Bernd Freisleben
Affiliations:
University of Marburg, Marburg, Germany;University of Marburg, Marburg, Germany;University of Marburg, Marburg, Germany
Venue:
HPDC '08 Proceedings of the 17th international symposium on High performance distributed computing
Year:
2008

Citing 8
Cited 1

Security analysis of SITAR intrusion tolerance system

Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
An intrusion tolerant architecture for dynamic content internet servers

Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
Integrating Grid with Intrusion Detection

AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 1
Closing Cluster Attack Windows Through Server Redundancy and Rotations

CCGRID '06 Proceedings of the Sixth IEEE International Symposium on Cluster Computing and the Grid
Security Issues in On-Demand Grid and Cluster Computing

CCGRID '06 Proceedings of the Sixth IEEE International Symposium on Cluster Computing and the Grid
Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques

Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Secure, Resilient Computing Clusters: Self-Cleansing Intrusion Tolerance with Hardware Enforced Security (SCIT/HES)

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Building a demilitarized zone with data encryption for grid environments

Proceedings of the first international conference on Networks for grid applications

A novel Adaptive Cluster Transformation (ACT)-based intrusion tolerant architecture for hybrid information technology

The Journal of Supercomputing

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Grid computing paradigm is aimed at providing seamless access to different kinds of resources, such as compute clusters, data, special appliances and even people. Like most complex IT systems, Grid middleware systems exhibit a number of security problems, and there will always be attacks that are unknown and can circumvent even the best security measures and intrusion detection systems. This creates the requirement that Grid environments should be equipped with intrusion tolerance mechanisms as well as with the traditional intrusion prevention and intrusion detection mechanisms. In this paper, we present a new intrusion tolerance approach which improves the security of stateful WSRF Grid servers against stealth attacks. The proposal is based on a novel server rotation strategy utilizing paravirtualization to close attack windows for stateful service-oriented Grid headnode servers. A flexible plugin based rotation manager deals with the complex issue of stateful connections to the Grid server, and a database connector is utilized to detach service state from the rotating functional components of the Grid server. A prototypical implementation based on the Globus Toolkit 4 is presented.