Communications of the ACM
Implementing remote procedure calls
ACM Transactions on Computer Systems (TOCS)
Understanding the Linux Kernel
Understanding the Linux Kernel
MPICH/Madeleine: a True Multi-Protocol MPI for High Performance Networks
IPDPS '01 Proceedings of the 15th International Parallel & Distributed Processing Symposium
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Grid-computing portals and security issues
Journal of Parallel and Distributed Computing - Scalable web services and architecture
GridBox: securing hosts from malicious and greedy applications
MGC '04 Proceedings of the 2nd workshop on Middleware for grid computing
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Sandboxing for a free-to-join grid with support for secure site-wide storage area
VTDC '06 Proceedings of the 2nd International Workshop on Virtualization Technology in Distributed Computing
Secure Sharing of an ICT Infrastructure through Vinci
AIMS '08 Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services
Managing critical infrastructures through virtual network communities
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
| Hi-index | 0.00 |
Most grid security researches focus on user authentication and secure communication, the protection of grid computers is left to the underlying operating system. Unfortunately, most OS level protection mechanisms can be turned off after an attacker manages to exploit a vulnerability to gain privileged access.This paper proposes SVGrid, a Secure Virtual Grid computing environment, to protect grid computers' filesystem and network from malicious grid applications. SVGrid works by isolating grid applications in one or more grid virtual machines whose filesystem and network service are moved into a dedicated monitor virtual machine. All file and network access requests are then forced to go through the monitor virtual machine, where security policies can be enforced. The resource compartment guarantees that appropriate security policy enforcement cannot be bypassed or disabled, even if a grid virtual machine is compromised. We tested SVGrid against attacks on grid virtual machine using rootkit and internet worm, SVGrid was able to prevent both of them from maliciously accessing filesystem and network. We also evaluated the performance of SVGrid system and only found that performance cost was reasonable considering the security benefits of SVGrid.