Security analysis of SITAR intrusion tolerance system
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
An intrusion tolerant architecture for dynamic content internet servers
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
Integrating Grid with Intrusion Detection
AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 1
Closing Cluster Attack Windows Through Server Redundancy and Rotations
CCGRID '06 Proceedings of the Sixth IEEE International Symposium on Cluster Computing and the Grid
Security Issues in On-Demand Grid and Cluster Computing
CCGRID '06 Proceedings of the Sixth IEEE International Symposium on Cluster Computing and the Grid
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Building a demilitarized zone with data encryption for grid environments
Proceedings of the first international conference on Networks for grid applications
The Journal of Supercomputing
Hi-index | 0.00 |
The Grid computing paradigm is aimed at providing seamless access to different kinds of resources, such as compute clusters, data, special appliances and even people. Like most complex IT systems, Grid middleware systems exhibit a number of security problems, and there will always be attacks that are unknown and can circumvent even the best security measures and intrusion detection systems. This creates the requirement that Grid environments should be equipped with intrusion tolerance mechanisms as well as with the traditional intrusion prevention and intrusion detection mechanisms. In this paper, we present a new intrusion tolerance approach which improves the security of stateful WSRF Grid servers against stealth attacks. The proposal is based on a novel server rotation strategy utilizing paravirtualization to close attack windows for stateful service-oriented Grid headnode servers. A flexible plugin based rotation manager deals with the complex issue of stateful connections to the Grid server, and a database connector is utilized to detach service state from the rotating functional components of the Grid server. A prototypical implementation based on the Globus Toolkit 4 is presented.