Grid computing is normally considered the province of the academic and
scientific world…. the Search for Extra-Terrestrial Intelligence
(SETI), the Earth System Grid, the European Data Grid, the TeraGrid and
other such projects have popularized the field and created a whole new
category of computing.
And the commercial sector has begun to take notice.
”Companies that rely on computationally intensive tasks, such as
rendering frames of movies, hardware verification, software building,
infrastructure testing and some financial applications, are attracted to
the same tools that scientists use for the grid,” says Ian Alderman, a
Ph.D student, who also is a member of the Condor Project, based at the
University of Wisconsin in Madison.
The SETI grid model, for example, is being harnessed by pharmaceutical
and stock brokering companies to extend their analysis applications and
utilize any spare computer power from idling office computers at night.
A more complex example is from the automotive industry, where specialized
engineering firms aid in the construction of different vehicle parts. As
these outfits are typically too small to be able to afford the necessary
computing infrastructure themselves, they are granted access to some
share of the manufacturer’s supercomputer powers.
Such scenarios, however, highlight the importance of security.
While these external firms are working for the same manufacturer, they
are often direct competitors. Resource sharing has to be managed so they
have enough access to be able to compute, but not enough to be able to
steal each other’s secrets.
”Perhaps the biggest challenge in grid computing is security,” says
Sasan Hamadi, chief security officer at Interval International Inc., a
Miami-based resort and vacation company, which is using grid technology.
Computing in Concert
Grid computing is essentially a diverse array of machines and other
resources being used in concert to rapidly process and solve problems
beyond an organization’s available capacity. Grids function by
partitioning problems into smaller tasks. Each node within the grid is
given some code and asked to solve a piece of a larger problem.
According to Hamadi, the main advantages are the resolution of
large-scale problems, reduction of time-to-market, enhancement of the
business process, and lowered cost of computing. Beyond that, though, it
could open the door to innovative goods and services, as well as
alternative methods of marketing products.
For those benefits to be realized on a grand scale, however, grid
security will have to reach maturity.
Fortunately, grids have gone relatively unmolested by the bad hats. The
biggest breach to date was an attack against a series of universities and
government agencies last year. Interestingly, this attack was not
directed towards grid software, but against a broadly adopted software
component used for remote logins to UNIX and Linux systems. Essentially,
a local privilege escalation attack was used to obtain passwords, and
those passwords were used to log in to other machines. Attackers then
repeated the process.
”Users had access to several of these systems, and the attackers used
this to quickly jump from one place to the next, creating more or less
global havoc in no time,” says Stockholm, Sweden-based Olle Mulmo,
security area director for the Global
Grid Forum and security architect for the world’s largest production
grid to date. ”The most important lesson learned from this attack is
that if one site is vulnerable, nearly all sites are. This has prompted
us to put a lot of energy into preparing for when an attack comes, not if
it will come.”
That means a heavy investment of time and effort on tools that can
quickly disable what grid computing has enabled. Though this problem is
not fully resolved, Mulmo reports that the grid community is working in
that direction.
Grid Vulnerabilities
For grid computing to become commercially viable, the potential
compromise of corporate secrets has to be addressed. That’s why most
commercial grid projects to date have been in-house. As long as you have
traditional security measures in place and can trust your developers and
vendors, there is no grid-specific threat. But when your grid extends
beyond the bounds of the corporate firewall, a whole vista of new
concerns emerges.
When you let someone use your computer cycles, for example, how do you
ensure that what is executed is not something destructive, such a Trojan
horse that steals company secrets or reads email. The answer to that is
isolation.
There are several techniques that will ”sandbox” an application,
meaning that it will permit certain functions while denying other ones.
That is a simple approach, though perhaps not the best.
”Virtual machines are a heavyweight solution to this problem but could
be made very secure,” says Alderman. ”Sandboxing is easier to implement
but probably less effective.”
Access control — or simply keeping the bad guys out — is another
important security facet. But in such a distributed problem, access
control is far from easy.
Several solutions currently exist, according to Mulmo, who also
co-founded the Globus Alliance, which
fosters the research and development of grid middleware technologies. One
solution is to ask a central service at runtime if a user is permitted to
perform a certain operation. Another approach is to have users provide
”evidence” ahead of time that they are indeed allowed to perform the
operations requested.
Both solutions have their pros and cons with regard to performance,
scalability, management and security.
”Ultimately, it’s a question of where in the system you will place the
complexity,” says Mulmo. ”Which solution you would finally choose
depends on your particular use case and your specific application
needs.”
For grid authentication to work properly, a global identification scheme
is required. Currently, the grid community is favoring a Public Key
Infrastructure (PKI) certificate format known as X.509. This is the same
technology that identifies your online banking or travel reservation
services, and provides an added assurance that you won’t send your credit
card details to the wrong person.
”Grid users need to have strong protection mechanisms to securely store
private keys, to revoke certificates and secure applications being used
within the grid,” says Hamadi.
The problem with this PKI scheme, says Mulmo, is that setting up an
X.509-based infrastructure can be expensive. More flexibility, therefore,
is needed to reduce costs while maintaining security.
And then there are the gray areas.
If a user gives a task to the grid, does that task have the full rights
of that user? If so, what if an attacker gets ahold of the task? How do
you give the tasks just the rights they need, but not more?
”Even if you are able to delegate a subset of rights, you still need to
keep those rights out of the wrong hands,” says Alderman. ”The
techniques used for digital rights management (DRM) might be effective at
providing confidentiality and integrity guarantees in a grid setting.”
But security of the grids themselves may actually prove to be less of a
stumbling point in corporate adoption than the thorny subject of
licensing security.
How do you move a software license, which is required to run your
program, from one organization to another? The grid concept is juxtaposed
against the traditional software licensing models used worldwide.
”Today, you cannot move licenses in a secure manner, or without breaking
the licensing terms,” says Mulmo. ”This problem strikes at the heart of
currently used licensing management schemes, and while it is being
investigated, it is still unresolved at this point in time.”