**3.3.1 Architecture issues**

Architecture level issues concerns threats - pertaining information security (e.g., data confidentiality and integrity), authorization, and service level security - that impact the whole grid system.

**Information Security** is defined as the security properties of data transmission between hosts, that is, mainly, secure communication and authentication. These aspects involve confidentiality (i.e., the data can be accessed only by legitimate users) and integrity (i.e., the data has not been modified during transmission). These aspects are essential security requirements in all information and communication areas, but become extremely critical in distributed and heterogeneous environment like grids. The Open Grid Forum released an open standard called Open Grid Standards Architecture OGSA (2007) which is the referring point for worldwide researchers. OGSA specifies a layer called Grid Security Infrastructure GSI (2010) which aim is to undertake these matters, for further details see Section 3.3.4. The GSI is based on X.509 infrastructure and Secure Socket Layer (SSL) protocol, and uses public key cryptography and certificates for creating secure grid and application level data encryption. The X.509 certificates are used to ensure authentication: every user or service owns a certificate which contains needed information to identify and authenticate the owner.


#### **3.3.2 Infrastructure issues**

8 Will-be-set-by-IN-TECH

Grid Security Issues

Architecture Issues Infrastructure Issues Management Issues

Xen is a Virtual Machine Monitor that allows several guest operating systems to be executed on the same computer hardware concurrently. A Xen system is structured with the Xen hypervisor as the lowest and most privileged layer. Above this layer are located one or more guest operating systems, which the hypervisor schedules across the physical CPUs. Xen can work both in Para Virtualized or HVM mode; in the first the guest operating system must be modified to be executed. Through Para Virtualization, Xen can achieve very high performance. The HVM mode offers new instructions to support direct calls by a Para Virtualized guest/driver into the hypervisor, typically used for I/O or other so-called hypercalls. KVM is a Full Virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). KVM is implemented as a module within the Linux kernel. A hypervisor hosts the virtual machine images as regular Linux processes, so that each virtual machine image can use all of the features of the Linux kernel, including hardware, security, storage, and applications. KVM supports I/O Para Virtualization using

The basis idea of pooling has been always employed by humans. Its most evident and valuable advantage is cost and resource optimization, but it hides facets that may shadows its benefits. Whenever we share something we are worried since our goods may not be handle properly and may be manipulated by strangers. Moreover when we use someone else stuff

The above concept perfectly fits grid system since grid can be seen as a mechanism to pool resources to optimize system utilization. Therefore we can state that security and trust, together with resource monitoring, authentication and authorization of users, and data protection, are essential to Grid Computing. In the following we give an overview of security in Grid Computing by using the classification proposed by Chakrabarti (2007). As shown in Figure 4, he categorized grid security issues into three main categories: architecture,

Architecture level issues concerns threats - pertaining information security (e.g., data confidentiality and integrity), authorization, and service level security - that impact the whole

**Information Security** is defined as the security properties of data transmission between hosts, that is, mainly, secure communication and authentication. These aspects involve confidentiality (i.e., the data can be accessed only by legitimate users) and integrity (i.e., the data has not been modified during transmission). These aspects are essential security

the so called VIRTIO subsystem consisting of 5 kernel modules IBM (2010).

we worry about safety since objects may be dangerous, broken or compromised.

Network Host Credential

Trust Management

Management

Monitoring

Information Security Authorization Service

Fig. 4. Taxonomy of grid security issues.

**3.2.2 Xen and KVM based virtualization**

**3.3 Security overview**

**3.3.1 Architecture issues**

grid system.

infrastructure, and management related issues.

Security

Infrastructure threats regards network and host devices that form the grid infrastructure and are classified in Host level and Network level. These issues impact data protection, job protection, host availability, access control functionalities, secure routing and all the communication aspects.

**Host Security** impacts data protection and job starvation. The former regards the protection of data already stored in the host, in fact the host submitting the job may be untrusted and the job code may be malicious. The latter is a scenario in which resources assigned to a job are denied to the original job and assigned to a different (malicious) job. The most effective countermeasures to limit data threats are: (1) application level sandboxing, (2) virtualization, and (3) sandboxing. The first approach uses proof carrying code (PCC), the compiler creates proofs of code-safeness and embed those in the executable binary. The second solution is based on the creation of Virtual Machines upon the physical host, this technique ensures strong isolation between different VMs and the host system. The third method confines system calls and sandboxes (isolates) the applications to avoid data and memory access not allowed. The solution adopted to avoid job starvation are based on

addresses exactly this issue, it defines security requirements and provides a framework to provide security in Virtual Organization based grid systems. GSI has been provided by the Global Grid Forum (GGF) that is a forum of researchers and practitioners with the aim to exchange information and to define standards for Grid Computing. One of the most important aspects of GSI is that it is not only a theoretical definition, but it is implemented and used worldwide thanks to Globus Toolkit Globus (2010). GSI handles different security requirements, that can be summarized in: authentication, integrity, confidentiality, and delegation. The most prevalent mechanisms of authentication in a GSI based on grid is the certificate based on authentication (X.509) mechanism where a public key infrastructure (PKI) is assumed to exist which allows the trusted authority to sign information to be used for authentication purposes, by using these mechanisms it is also possible to ensure integrity. In addition to certificate based mechanism, it supports password based authentication, and research efforts are underway to integrate One Time Password (OTP) and Kerberos

Grid Infrastructure for Domain Decomposition Methods in Computational ElectroMagnetics 257

Confidentiality are supported through transport level security using SSL/TLS protocols, and message level security using Web services standards. It is worth notice that Globus Toolkit is one of the few implementations where message level security is used for grid confidentiality

Delegation is especially important in case of grid because of the possibility of multiple resources involved in grid based transactions. It may be unnecessary or very expensive to authenticate each and every time a resource is accessed. On the other hand, if the user issues a certificate allowing the resource to act on its behalf then the process will become a lot simpler. This type of certificate issued by the user to be used by some other entity is called a proxy certificate. A proxy is made up of a new certificate containing two parts, a new public and a new private key. The proxy certificate has the owner's identity, with a slight change to show that it is a proxy certificate. The certificate owner will sign the proxy certificate. As part of the proxy certificate there is an entry with a timestamp, which indicates at what time the proxy

A complete discussion about the EM modeling and the mathematical aspects of the formulation goes beyond the scope of this paper; only a short summary of the problem will be presented in the following. In order to simplify the mathematical model, in the following the analysis of the electromagnetic behavior of Perfectly Electric Conducting (PEC) objects in a free space environment will be briefly introduced. Nevertheless, the authors would like to point out that the described approach is not limited to PEC objects in free space, in fact it is applicable to different formulations as well (dielectric objects or layered media problems for instance): in other terms it is a kernel free method. Besides, the focus of this chapter will be on a Grid Computing approach applied to computationally demanding electromagnetic problems: rather than considering more complicate approaches, that would divert the attention from the subject of this chapter, we prefer to introduce and apply the method to PEC objects in a homogeneous background, but we stress that it can be applied to other formulations as well. The Electric Field Integral Equation (EFIE) is a very versatile approach to the full-wave analysis of complex electromagnetic problems: for PEC objects the EFIE can be written by enforcing the boundary condition on the surface of the object, i.e. the

authentication with GSI.

purposes.

certificate expires.

**3.4 Computational ElectroMagnetics description**

resource booking or priority reduction for long running jobs, in order to reduce starvation likelyhood.

**Network Security** is a core requirement in grid scenario due to high speed needs and host heterogeneity. Access control and isolation are fundamental to the grid networks. Solutions for Grid Computing may not work effectively with existing firewalls and virtual private networks (VPN), for this reason researcher developed solutions like Adaptive Grid Firewalls (AGF) and Hose. Moreover routing attacks can be very dangerous for grid working, countermeasures to these threats came from the traditional networking research and foresee the deploy of secure routing protocol.

#### **3.3.3 Management issues**

Management issues are very delicate as the grid is an heterogeneous environment composed of several entities, users, domains, and policies. The management problem can be seen as three distinct, but correlated, points: (1) credential management, (2) trust management, and (3) monitoring.


#### **3.3.4 Grid Security Infrastructure (GSI)**

The definition and implementation of a robust infrastructure is one of the main issue when the problem of securing grid is investigated. The Grid Security Infrastructure GSI (2010) 10 Will-be-set-by-IN-TECH

**Network Security** is a core requirement in grid scenario due to high speed needs and host heterogeneity. Access control and isolation are fundamental to the grid networks. Solutions for Grid Computing may not work effectively with existing firewalls and virtual private networks (VPN), for this reason researcher developed solutions like Adaptive Grid Firewalls (AGF) and Hose. Moreover routing attacks can be very dangerous for grid working, countermeasures to these threats came from the traditional networking research

Management issues are very delicate as the grid is an heterogeneous environment composed of several entities, users, domains, and policies. The management problem can be seen as three distinct, but correlated, points: (1) credential management, (2) trust management, and

**Credential Management** is a complex and delicate task due to the distributed and numerous components that form the grid. Each of these requires rights to access resources that need to be trusted and non compromised. This aim is achieved by using credential management mechanisms that securely store, grant, revoke, and renew credentials for user and system. Some solutions move the burden to store credential from the user to the system, e.g., by using smart cards. Other approaches resort to the federated identity paradigm to manage credentials, across different systems, domains, and frameworks. Implementation example of the first family is MyProxy, while KX.509 (a protocol which enables interoperability between X.509 and Kerberos), Liberty Framework and Shibboleth are examples of the

**Trust Management** is a critical aspect in grid since nodes and users continuously join and leave the system. Therefore a mechanism to manage trust levels of users, nodes and the grid itself is mandatory. Different trust management solutions have been developed, their key features are scalability, reliability, and security and can be grouped into two main categories: reputation based and policy-based systems. The formers are based on trust metrics taken from local and global reputation of a resource or an host. In the latter approach, the different units that compose the system, exchange and manage credentials

**Monitoring** of resources is necessary in grid due to two main reasons. Firstly, organizations can be charged according to grid utilization, and, secondly, resource information can be logged for auditing, debugging, testing and security purposes. Different monitoring system are available in literature and can be grouped into three categories: (1) system level, (2) cluster level, and (3) grid level. The first systems collect and transmit data related to standalone systems or networks. The second ones require deployment across clusters and gather information upon the cluster itself. The thirds are more flexible than the formers because they can be deployed on top of other monitoring systems and may

The definition and implementation of a robust infrastructure is one of the main issue when the problem of securing grid is investigated. The Grid Security Infrastructure GSI (2010)

provide interfaces for querying, and displaying data in standard formats.

and foresee the deploy of secure routing protocol.

to create trust connections given a set policies.

**3.3.4 Grid Security Infrastructure (GSI)**

likelyhood.

**3.3.3 Management issues**

(3) monitoring.

second one.

resource booking or priority reduction for long running jobs, in order to reduce starvation

addresses exactly this issue, it defines security requirements and provides a framework to provide security in Virtual Organization based grid systems. GSI has been provided by the Global Grid Forum (GGF) that is a forum of researchers and practitioners with the aim to exchange information and to define standards for Grid Computing. One of the most important aspects of GSI is that it is not only a theoretical definition, but it is implemented and used worldwide thanks to Globus Toolkit Globus (2010). GSI handles different security requirements, that can be summarized in: authentication, integrity, confidentiality, and delegation. The most prevalent mechanisms of authentication in a GSI based on grid is the certificate based on authentication (X.509) mechanism where a public key infrastructure (PKI) is assumed to exist which allows the trusted authority to sign information to be used for authentication purposes, by using these mechanisms it is also possible to ensure integrity. In addition to certificate based mechanism, it supports password based authentication, and research efforts are underway to integrate One Time Password (OTP) and Kerberos authentication with GSI.

Confidentiality are supported through transport level security using SSL/TLS protocols, and message level security using Web services standards. It is worth notice that Globus Toolkit is one of the few implementations where message level security is used for grid confidentiality purposes.

Delegation is especially important in case of grid because of the possibility of multiple resources involved in grid based transactions. It may be unnecessary or very expensive to authenticate each and every time a resource is accessed. On the other hand, if the user issues a certificate allowing the resource to act on its behalf then the process will become a lot simpler. This type of certificate issued by the user to be used by some other entity is called a proxy certificate. A proxy is made up of a new certificate containing two parts, a new public and a new private key. The proxy certificate has the owner's identity, with a slight change to show that it is a proxy certificate. The certificate owner will sign the proxy certificate. As part of the proxy certificate there is an entry with a timestamp, which indicates at what time the proxy certificate expires.
