Interposition agents: transparently interposing user code at the system interface
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Safe kernel extensions without run-time checking
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
UFO: a personal global file system based on user-level extensions to the operating system
ACM Transactions on Computer Systems (TOCS)
PUNCH: An architecture for Web-enabled wide-area network-computing
Cluster Computing
PUNCH: Web Portal for Running Tools
IEEE Micro
Fine-Grain Access Control for Securing Shared Resources in Computational Grids
IPDPS '02 Proceedings of the 16th International Parallel and Distributed Processing Symposium
Enhancing the Scalability and Usability of Computational Grids via Logical User Accounts and Virtual
IPDPS '01 Proceedings of the 15th International Parallel & Distributed Processing Symposium
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Janus: an Approach for Confinement of Untrusted Applications
Janus: an Approach for Confinement of Untrusted Applications
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
IBM Journal of Research and Development
Communication and recovery issues in grid environment
InfoSecu '04 Proceedings of the 3rd international conference on Information security
Trust but verify: monitoring remotely executing programs for progress and correctness
Proceedings of the tenth ACM SIGPLAN symposium on Principles and practice of parallel programming
SVGrid: a secure virtual environment for untrusted grid applications
MGC '05 Proceedings of the 3rd international workshop on Middleware for grid computing
A self-organizing flock of Condors
Journal of Parallel and Distributed Computing
Deploying virtual machines as sandboxes for the grid
WORLDS'05 Proceedings of the 2nd conference on Real, Large Distributed Systems - Volume 2
Java, peer-to-peer, and accountability: building blocks for distributed cycle sharing
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
Security in grid computing: A review and synthesis
Decision Support Systems
End-to-end accountability in grid computing systems for coalition information sharing
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
An assessment of accountability policies for large-scale distributed computing systems
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Requirement analysis of the portal site serving distributed climate data for e-science
Proceedings of the 2007 conference on Human interface: Part II
Monitoring remotely executing shared memory programs in software DSMs
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
A scheduling algorithm based on a trust mechanism in grid
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Integrating trust into grid economic model scheduling algorithm
ODBASE'06/OTM'06 Proceedings of the 2006 Confederated international conference on On the Move to Meaningful Internet Systems: CoopIS, DOA, GADA, and ODBASE - Volume Part II
The Journal of Strategic Information Systems
An Adaptable Job Submission System Based on Moderate Price-Adjusting Policy in Market-Based Grids
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
Computational grids provide computing power by sharing resourcesacross administrative domains. This sharing, coupled with the needto execute untrusted code from arbitrary users, introduces securityhazards. Grid environments are built on top of platforms thatcontrol access to resources within a single administrative domain,at the granularity of a user. In wide-area multidomain gridenvironments, the overhead of maintaining user accounts isprohibitive, and securing access to resources via useraccountability is impractical. Typically, these issues are handledby implementing checks that guarantee the safety of applications,so that they can run in shared user accounts. This work shows thatsafety checks--language-based, compile-time, link-time orload-time--currently implemented in most grid environments areeither inadequate or limit allowed grid users and applications. Asurvey of various grid systems is presented, highlighting theproblems and limitations of current grid environments. A runtimeprocess monitoring technique is also proposed. The approach allowssetting-up an execution environment that supports the fulllegitimate use allowed by the security policy of a shared resource.For shell-based applications, performance measurements of theproposed scheme show up to 2.14 times less overheads as compared tothe case where all applications including the shell aremonitored.