providing security to the desktop data grid forth ics (greece)

Managed by

CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID

and Peer-to-Peer Technologies

Providing security to the Desktop Data Grid

FORTH ICS (Greece)

Jesus Luna, Michail Flouris, Manolis Marazakis and Angelos Bilas

April-2008

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 2

Outline

• Introduction• Desktop Data Grids• Methodology:

– Security Analysis– Data Security Protocol– Analytical Results

• Conclusions• Future Work


Introduction

• Desktop Grids, and in particular Volunteer Computing, are well-known for their computational power:– BOINC has approximately 316,000 volunteers,

558,000 nodes and 1,024 TeraFLOPS (24-hr average). (March-08)


Desktop Data Grids

• Nowadays the storage potential of Desktop Grids is also being considered: 7.74 PetaBytes @ 5.27 TeraBytes/sec.

• Interesting initiatives are appearing, i.e. Storage@Home [IPDPS07] and RevStor.

• However, from a data-centric point of view which are the security requirements of these novel Desktop Data Grids (DDG)?


Methodology

• Extrapolating our current security research (Data Grids) to the DDG:1. Applied a data-centric security analysis

framework.2. Adapted the contributed data security

protocol.3. Obtained some analytical results about

the stored data’s assurance.


Data Security Analysis

• Desktop Data Grid’s architecture:

Submits a Job

Data I/O

AuthN/A

uthZ

Data Staged for VSC

Requests Data

All Data I/O is initiated by the VSC


Data Security Analysis

• Security issues found with the analysis:Trusted Services

Secure Channels

HighVolatility

Stored Data may beLeaked, Changed or

Destroyed

HeterogeneousSW, HW, Admin

Static propagation of Revocation

Data


Data Security Protocol

• Based on three mechanisms to protect data stored at VSCs:

1. Symmetric cryptosystem: Provides confidentiality and integrity (hash and nonce) to the data at-rest.

2. Data fragmentation: Contrary to replication, provides data availability and confidentiality using a “m out-of n” IDA.

3. Quality of Security: Improves the IDA by distributing fragments to “secure” VSCs.


Quality of Security (QoSec)

• VSCs are heterogeneous in every way: may join or leave anytime, may be compromised, etc. Therefore they provide different levels of assurance to stored fragments.

• If this “QoSec” can be quantified to characterize each VSC, then a Client may request a minimum value to be fulfilled for storing his data.

• Analogous to QoS (communication) and LoA (Grid AuthN).

• Requirements:

– A “security policy” with provisions relevant to data assurance (i.e. availability).

– An evaluation methodology.


Evaluation Methodology: REM in-a-box

• Step 0 – Policy Definition: Set of rules modeling the VSC’s behavior.• Step 1- Policy Formalization

Px=“RAID Level”Px={No RAID, RAID-0, RAID-1, RAID-5}

Card(Px)=4• Step 2a – Security Matrix per-VSC

P(vsc)=“PC with RAID-1”P(vsc)=(1,1,1,0) - vector per-provision

P(RAID-0) < P(RAID-1) < P(RAID-5) - Ordered relationshipM(vsc) is a matrix built from a set of P(vsc) - Security Policy

• Step 2b - Evaluation technique: uses a metric criteria (i.e. Euclidean Distance) to compute a numeric QoSec relative to a reference Matrix (i.e. a Zero-matrix)


QoSec: Analytical Results

• As a proof of concept, we analyzed the relationship among QoSec and Data Assurance:– A first approach for the VSC’s security policy

considered a subset of rules from a Certificate Policy (CP).

– CPs from HellasGrid, CERN and IRISGrid were evaluated with REM.

– Analyzed the distribution assurance for a dispersal algorithm μ [Mei03], but considering the introduced QoSec:


QoSec: Analytical Results

• QoSec(HellasGrid) = 4.47

• QoSec(CERN) = 6.00

• QoSec(IRISGrid) = 5.48

• QoSec(EUGridPMA) = 4.24

N=100n=15

High QoSec= Better Data Assurance with smaller number of fragments

Low QoSec= requires more fragments to achieve higher Data Assurance


Conclusions

• Desktop Grids offer an interesting option for storing data, however security implications of using untrusted clients need to be studied (among other factors!).

• Based on our current work for the Data Grid, we analyzed the security of DDGs and proposed a protocol that if implemented at the Project Server, then may minimize key compromise while avoiding extra processing at the VSCs.

• An analytical model has shown the relationship QoSec -> data assurance.


Future work

• Definition of a comprehensive Security Policy, mostly focused on the VSC’s availability.

• Client executing code directly on the data stored at the VSC.

• Begin contact with EDGeS (Enabling Desktop Grids for eScience) http://www.edges-grid.eu/


Thank you for your attention!

Questions?

Jesus Luna

[email protected]@cs.ucy.ac.cy

providing security to the desktop data grid forth ics (greece)

Documents

data assurance

data availability

security matrix

data fragmentation

security requirements

security policystep

vscs security policy

desktop data gridsnowadays