G-PASS: Security Infrastructure
for Grid Travelers
Tianchi Ma, Lin Chen, Cho-Li Wang, Francis C.M. Lau
The University of Hong Kong
Outline




Problems & Methodology
Introduction to G-PASS
Application – G-JavaMPI
Experiment Results
Grid Travelers


A Grid Traveler is a process that can
move itself across the boundary of
organizations during the runtime.
Two types of Grid travelers



Mobile agent
Migrate-able process
Organization = Policy space


Security policy (identity, access control)
Other policies
Security Issues for Grid Travelers

Protect Grid travelers from malicious
hosts



Protect hosts from malicious travelers




Eavesdropping
Integrity compromising
Illegal resource accessing
Deliver fake information
DoS attack (replay)
Protect from network eavesdropping

Use security transfer
Under a Grid Scenario (1)


Complex authorization relationship
Multiple policy spaces concerned



Identity mapping
Reputation system
Most of existing mechanisms are
less general purpose
Under a Grid Scenario (2)
An example scenario of a Grid traveler who wants to
access resources in other organization. Please note
this example will be the simplest one in Grid
Policy
space
Organization
! Exception
Warranted
Reputation
Dispatcher
Warrantor
Identity
mapping
Organization
Problems




How to carry and proof the
authorizations and warrants?
How to record and track the history
events?
How to do the identity mapping?
How to propagate the security
exception and reputation?
Grid Fashion

Infrastructure



General purpose (not application
specific)
Providing fundamental information and
control mechanisms
Weak defense



Monitoring instead of preventing
Stable information
Reputation system
Relative Information

Distributed Trust Model




Authorization
Delegation
Warrant
Events



Migration
Resource consuming / job submission
Exceptions
GSI – Not Enough for Grid Traveler

Providing fundamental establishment derived
from conventional distributed trust




Job service



Delegation
Proxy
The X.509 delegation is unsuitable for Grid
traveler



PKI
X.509
Global DN -> Local user
Scalability – will form a certificate chain
Delegation abusing in full delegation protocol
Cannot deal with a complex identity mapping
Traveler in Reality
The example shows how a traveler can be permitted to visit
an unacquainted country and do some critical operations
Passport
Name: XXX
Date of
Birth: XXXX-XXXX
Nationality:
P.R.China
C
u
s
t
o
m
Visa
Oct.21
Leave
Oct.21
Arrive
Hong Kong
S.A.R.
HSBC
G-passport


G-passport is a list of certificates
and proved security information
Records and proofs





Transit
Privilege betaken
Security exception
Contracts
Double linked traceable list
G-passport Example
A Grid traveler’s recorded history:
Birth -> Initiation -> Migration -> Warranted -> …
Initiating
Gpassport
Introduction
Page1
G-dispatch
Contents of
Authorization
Signature
of
Dispatcher
Migrating
from HostA to
HostB
Page2
G-event
Migration
A->B
Signature
of HostA
Page3
G-warrant
Contents of
Authorization
Signature
of HostB
..
.
Signature
of
Warrantor
Instance-Oriented Delegation

Security transaction


Security instance



Separation of responsibility
Binding transaction with its valid
specification
Issuer sign on it
Different with capability

Representing delegation but not direct
authorizations on resource
Across the Organization Boundary



Global identity cannot be recognized by local
resources
Mapping: G-passport -> Local privilege table
Role-based: RBAC3
Role Table
Role
Identity
Role
Identity
Role
Identity
Identity
Identity
Identity
+
Credential
Carrier
Dispatcher Instance
Instance
Warrantor
Approval
Approval
Approval
Privilege Table
Instance
Role
Role
Instance
Role
Role
Instance
Role
Instance
Role
Role
Role
Position of G-PASS
• Under the application layer
• Can access resource layer
• Based on GSI
Agent
Application
Agent
Regular Routines
Agent Platform
Agent
Grid
Middleware
Resource Layer
Connectivity Layer
G-PASS
GSI
Fabric
Application: G-JavaMPI



Grid based Java MPI
Support for process migration
Four reasons of migration




Availability
Searching better resource
Load balancing
Optimizing program by removing the
bottleneck caused by communication
JmpiBLAST

A BLAST program
on G-JavaMPI



Four universities
sharing CPU cycles
and local biodatabases
Funded by two
organizations
MPI VO
coordinates their
resources together
U1
A
B
Data
Data
MPI VO
Data
Data
C
U2
D
HKU Gideon 300 Cluster











Pentium 4 2.0 GHz w/ 512
Kbytes L2 cache
512 Mbytes (PC2100) DDR
SDRAM
Fast-Ethernet adaptors x 2
40 GB IDE hard disk
Linux OS (RedHat 7.3/8.0)
High-performance network (for interprocess communication)
Foundry Networks' Fast-Ethernet switch with 312 ports
Hierarchical management network (for I/O access and
cluster management)
24-port Gigabit-Ethernet switch x 1
24-port Fast-Ethernet switch (with Gigabit-Ethernet
uplink) x 13
UTP network cables x 620
HKGrid provides a platform for
its members to experiment
with various research
prototypes and pilot
applications
Institutions
City University of HK
HK Baptist University
HK University of Science and
Technology
The HK Polytechnic University
The HK Institute of HPC
HKU – Computer Centre
HKU – Department of CSIS
Hong Kong Grid
Environment Setting

JmpiBLAST setting




Application: Blastp
Database: nr (687MBytes)
Segment: 1MBytes (687 segs)
Experiment setting





Three Blastp programs, total 18 processes
(8,6,4 respectively)
Global scheduling: GA vs. Min-Min
Original nodes: 5
Event 1: 2 nodes join in
Event 2: 2 nodes quit
Data Reports
•In task 1 & 2, the GA is
better than Min-Min
•In task 3, Min-Min
generates a better result
•Scheduling by GA in task 1
has fully utilized the additional 2 nodes, and has
provided maximal throughput during the fixed time
interval between event 1
and event 2.
Security Overhead
G-PASS
overhead
Results from HKGrid
Under all circumstances, the security overhead
will be less than 50%
Thank You!
Q&A?
Web site: http://www.cs.hku.hk/~tcma/GPASS
http://www.cs.hku.hk/~lchen2/research/GJavaMPI/doc/readme.html